This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Cannot capture 802.11 data frames

Hello! I'm a noob student who studying networking.

I want to eavesdrop every packets in my network, but I cannot capture 802.11 data frames...

I have total 4 devices -- 2 Macbook Airs, iMac, Desktop with Ubuntu 16.04. Every Mac has bcm43xx network adapter and Desktop has ath93xx network adapter.

I tried to capture every 802.11 frames in the air with using monitor mode, but I failed. Then, I turned every security stuff off and tried but it also failed too!

iMac and one-Macbook can capture 802.11 QoS Data frames but another Macbook and Ubuntu machine capture only CTS-RTS frames.

I want to know why my Ubuntu machine cannot capture any 802.11 data frames. And, as I wrote above, I have 3 Mac with same network adapter but just one Macbook cannot capture any data frames.

Summary : I have 4 devices :

Macbook #1 --> can capture 802.11 data frames -
Macbook #2 --> cannot capture 802.11 data frames
iMac --> can capture 802.11 data frames
Desktop (Ubuntu 16.04) --> cannot capture 802.11 data frames

mac 802.11 frame monitor-mode ubuntu

asked 19 Mar '17, 09:49

jayheo
6●3●3●5
accept rate: 0%

edited 19 Mar '17, 09:49

Have you searched this site for the many related questions and answers to the same or similar topic?

Here is a good link:

https://wiki.wireshark.org/CaptureSetup/WLAN

(19 Mar '17, 12:04) Bob Jones

Thanks for your reply.

I've read the document already and seen several article about this undetected unicast data packet problem. For instances, downgrading WiFi version from ac to n, disabling network encryption(WPA2), and using aircrack-ng suite. But nothing worked for me.

Additionally, I have a question about my Macbook. I'm using two identical Macbook devices running vanilla Wireshark. But only one Macbook can capture unicast data packets and another Macbook can only capture RTS/CTS frame which are sent broadcast...

What I should do to capture unicast frames?

(19 Mar '17, 21:47) jayheo

@jayheo = can you configure your WiFi network to "legacy" mode, in which 11n is also disabled (that would be 11a only for 5GHz and 11b/g for 2.4GHz)?

There are still some parameters within 11n that could lead to certain WiFi adapters not being able to decode WiFi data traffic.

(20 Mar '17, 06:50) Amato_C

One Answer:

0	For the difference between the Mac's... compare the WiFi driver versions on those two machines. For Ubuntu, ensure you have the proper WiFi interface setup and detectable in WireShark. Cheers, answered 20 Mar '17, 23:31 wbenton 29●2●2●7 accept rate: 0%