I'm sniffing a 5Ghz wifi link with tshark on a macmini, and I'm coming across an odd problem -- when I send data over the link, I can only see the acks, no matter the protocol I use. For ICMP and SSH, I only see a bunch of packets like these:
42 1.143265 → AP_MAC (AP_MAC) (RA) 802.11 39 Acknowledgement, Flags=........C
43 1.145447 → STA_MAC (STA_MAC) (RA) 802.11 39 Acknowledgement, Flags=........C
When I try using iperf, I get something slightly different but still don't see the actual data:
1648 3.261866 → STA_MAC (STA_MAC) (RA) 802.11 39 Clear-to-send, Flags=........C
1649 3.261936 AP_MAC (AP_MAC) (TA) → STA_MAC (STA_MAC) (RA) 802.11 57 802.11 Block Ack, Flags=........C
1650 3.262047 → STA_MAC (STA_MAC) (RA) 802.11 39 Acknowledgement, Flags=........C
1643 3.256366 STA_MAC (STA_MAC) (TA) → AP_MAC (AP_MAC) (RA) 802.11 57 802.11 Block Ack, Flags=........C
All the lower-level protocols show up fine -- I see beacons, etc, perfectly clearly. I'm not using any capture filters (my command is tshark -Ii en1). What's going on here?
