This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Inbound IP traffic of WLAN client not being detected by Wireshark/airmon-ng

0

Hi all

I want to debug SIP registration issues with a VoIP client app on my smartphone. If I use this VoIP service via the Twinkle VoIP client on my Linux Mint notebook, it works just fine. So there must be something funny going on in the depths of SIP handshaking on my smartphone.

I have initially installed Wireshark 1.6.7 on the notebook; I could sniff the local SIP handshaking with success, seeing both directions of the handshake.

To debug SIP handshaking on my smartphone, I additionally installed aircrack-ng to sniff my WLAN. I am using airmon-ng as root, which gives me mon0 port on Wireshark. WLAN traffic is successfully decrypted by Wireshark.

I see now all SIP REGISTER messages from my smartphone to the Internet, but no SIP answers from the registrar server. If I check other IP traffic, it's the same story, I see all packets with origin 192.168.1.x, but not the other way round.

How come I can only sniff outbound, but no inbound IP traffic?

Many thanks in advance for your advice!

asked 01 Sep '15, 09:13

Yoyo's gravatar image

Yoyo
6112
accept rate: 0%

Do you have any capture or display filters active in Wireshark?

(01 Sep '15, 10:07) Amato_C

No, all filters are deactivated. When I scanned the notebook's own WLAN port, the settings were the same like for the scan of the smartphone/AP WLAN traffic.

(01 Sep '15, 11:46) Yoyo