Hi All,
My goal is to capture and analyse the WiFi traffic between my access point and my 'WiFi speaker'. It is a Google Cast system. I have achieved this at 2.4GHz, but am failing at 5.2GHz (apart from one time that it did work and I captured some data, but I cannot repeat it)
I have my mobile phone 'casting' music to my WiFi speaker via my TP-Link Archer C50 access point. The access point is locked to Channel 36 and with all security turned off.
I can see most of the packet transfer around my wireless LAN depending on what filtering I use, but I just cannot find the actual data. And it is the data that I need to analyse!
I have a Linux Mint (kernel 5.4.0-53) Laptop with either built in WiFi (Intel 7260) or external USB WiFi adapter (Alfa AWUS036ACH). Both WiFi adapters behave in the same way.
I am using Wireshark 3.2.3
I have tried two approaches for putting the network adapter into monitor mode (both methods start with airmon-ng check kill):
- airmon-ng start wlan0
or
- ip link set wlan0 down, iw dev wlan0 set type monitor, ip link set wlan0 up, iw dev wlan0 set channel 36 and then fire up Wireshark.
Either way gives the same result - I can see most of the packets, but not the data packets.
I have uploaded a single reference packet to: http://www.red-horizon.co.uk/uploads/Reference-packet.pcapng
I have also uploaded a short capture where there is no data: http://www.red-horizon.co.uk/uploads/NoData.pcapng
I would really value somebody who knows telling me why I cannot capture the data. It must be there as the music is playing!
Thankyou.
Chris.
