I have a network, which has 2 nodes (a phone, a MacBook) both are connected to same wireless network, I know the SSID and password for the wireless network:
- password: mypassword
- ssid: myssid
- security: WPA2 Personal
My Capture Interface Settings: (Wi-Fi: en0)
- default buffer size
2 MB
- link layer header type: 802.11 plus radiotap header
- monitor mode: checked
- promiscuous mode: checked
My Wireshark - Preferences (Under Protocols > IEEE 802.11)
- Reassemble fragmented 802.11 datagram packets: checked
- ignore vendor specific HT elements: unchecked
- call subredisetor for retransmitted 802.11 frames: checked
- assume packets have FCS: unchecked
- Ignore the protection bit: Yes with IV
- Enable WPA Key MIC Length Overrride: unchecked
- WPA Key MIC Length override: 0
- Enable decryption: checked
- decryption keys:
- key type: wpa-pwd
- key: mypassword:myssid
I start capture mode, but unlike this post: https://osqa-ask.wireshark.org/questions/40138/mac-capture-monitor-mode I'm not able to get any packets! If I make a call to http://foobar.com from my macbook, nothing gets listed. I would expect Wireshark to be able to pick that up.
I've also tried to:
turn my phone and turn back on to reconnect to the network
make an HTTP request to foobar.com
But this didn't log anything either
I have no filters present. I've also checked out https://wiki.wireshark.org/CaptureSetup/WLAN and https://wiki.wireshark.org/HowToDecrypt802.11, but I must be missing something.
Any thoughts on what could be going wrong? Is there any more information that I can provide?