Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Decoding Request-to-send packets

I'm experimenting with a Pi 3 running Wireshark on Kali Linux. I set up a monitoring interface (mon0) and started capturing the data on channel 1 from my phone by turning WiFi on and making a request to a HTTP website. I noticed some normal stuff (authentication - 4-way handshake), but also loads of "Request-to-send" packets. After decryption using the PSK I found only 1 TCP packet, originating from an IP that seems to belong to Google. The rest are still Request-to-send packets. After Googling I understand that these are likely to originate from interference and the network card trying to squeeze the data through small steps. I noticed that I have two WiFi networks available on Channel 1, one original and the other from a signal extender. I was connected to the extender.

I tried turning off the extender, and connecting to the main WiFi. I sent a similar HTTP request as before from my phone and decrypted it in Wireshark. This time it worked, I can clearly see HTTP traffic in Wireshark.

So, am I getting this right? Apparently these RTS (request-to-send) packets need to be decoded by Wireshark. So my question is, how to do it?