Wireshark shows only 802.11 packets
First things first. My setup:
Host:
- Operating system: Windows 10
- Virtualization software: VirtualBox 7.0
Guest:
- Operating system: Ubuntu 22.04
- Kernel: 6.2.0-39-generic
USB WiFi adapter:
- Model: TP-Link Archer T9UH AC1900
- Chipset: RTL8814AU
- Driver: morrownr's driver for 8814au
Description of the issue:
Screenshot of a capture: https://imgur.com/a/F2Itmfu
My Ubuntu guest system has the USB network adapter enabled and running in monitor mode. From the guest system I'm trying to sniff the HTTP traffic of my own WiFi network, to which my TV, my smartphone and my host laptop are connected. However, I'm only getting packets labeled as 802.11 in the "Protocol" column. Browsing Web pages on any of the mentioned devices has apparently no effect on the output.
Notes:
- The network adapter supports monitor mode in Linux. I enabled it from the terminal, having previously killed all network processes that could interfere with the interface.
- Promiscuous mode is enabled in Wireshark for all interfaces, including the one corresponding to my USB adapter.
- The host machine that I'm using to create HTTP traffic (and its attached USB adapter) is only three meters away from the router.
- The capture should be decrypted, since I set my network's ESSID and password in Wireshark as decryption keys (both in wpa-pwd and wpa-psk formats).
Maybe not related, but worth mentioning:
- My connection is associated to channel 11, but Wireshark only allows me to capture on channel 1. Whenever I choose a different option in the dropdown from Wireless Toolbar, it immediately switches back to 1.
- Handshakes are generally not detected, no matter how many times I disconnect and reconnect.
- After some time capturing traffic, a red dot appears at the bottom left corner of the Wireshark window. When clicked, its description reads: "Remaining data does not include the tag length".
Question:
I've read dozens of topics describing this issue but found no definitive answer. So far, the most convincing explanation was this: https://ask.wireshark.org/question/20865/80211-only-partially-decrypted/. Apparently, the network's modulation is too high for my adapter. May this be the case? If so, is it something I could solve by buying a more expensive WiFi adapter? If not, can you provide me another clue?