I want to capture HTTP traffic of WPA/WPA2 secured network through Alfa adapter, put in a monitor mode, Since, without any capture filter, file size grows quite fast, I want to save only HTTP and EAPOL handshakes to be able to decrypt HTTP packets. I suppose, the filter option should be
tshark -i wlan0mon -f "ether proto 0x888e or tcp port 80" -w tshark.pcap
But tcp port 80
filter works well only in open wifi. In WPA2, it filters out all packets. What options do I have? Or rather what filters might I use to capture as little irrelevant packets (not HTTP or not EAPOL) as possible in WPA network?