This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Missing Packets?

1

I am trying to observe downstream wireless data packets from an AP to a laptop. I see the downstream RTS and upstream CTS followed by an upstream Block ACK. The packet capture appears to be missing the downstream data packets. The streaming video to the laptop is working fine, so I know that a large amount of data should be flowing to it. Has anyone seen this before?

asked 21 Dec '11, 18:35

S_P's gravatar image

S_P
21669
accept rate: 0%


One Answer:

3

Yup - this happens usually when you capture your own traffic with the same wireless card with which you are connected to the AP. Your NIC has to choose either to send data or recieve data, so you won't get all the packets due to your card having to send out ACKs while capturing.

Try sniffing from another machine if my guess about your setup was correct

answered 22 Dec '11, 02:40

Landi's gravatar image

Landi
2.3k51442
accept rate: 28%

Thank you!!! Your suggestion worked. I am still confused, but now less so. I was indeed streaming to the same laptop on which I was capturing. However, I was connecting to the AP using the laptop's on-board WiFi while using an AirPcap Nx USB device for passive packet capture. Could this still cause a NIC conflict? Obviously, there is a conflict somewhere. Anyway, primary problem solved. HUGELY appreciate your help!

(22 Dec '11, 13:45) S_P

The scenario you describe should NOT cause a NIC conflict - the NIC conflict Landi describes is a conflict between two uses of the same NIC, but if you're connecting with the on-board Wi-Fi NIC and sniffing with a separate AirPcap device, that's two separate devices, and the AirPcap device should, as long as it can see the radio signal from your onboard NIC, be able to see its packets just as it can see packets from NICs on other machines.

(22 Dec '11, 15:09) Guy Harris ♦♦

Thanks, Guy. At least I now feel better about still being a bit confused! This might be the same problem or not, but now I am seeing the RTS and CTS packets, followed by 3-5 QoS Data packets, followed by a proper Block ACK. The way I read the standard, however, I should be seeing a BlockAckReq packet, following the QoS data packets, to trigger the Block ACK. This BlockAckReq packet is missing from multiple tests, involving different respective laptops. Is the BlockAckReq packet simply optional and not used or should I be seeing it?

(22 Dec '11, 15:53) S_P