| 2022-01-03 00:25:42 +0000 | marked best answer | Cannot capture or decrypt some protocols in monitor mode with wireshark First off I put my network adapter into monitor mode and captured a handshake. From edit>preferences>protocols>IEEE 802.11, I added my decryption keys properly and started sniffing the traffic. The problem is that I can decrypt ARP and some UDP traffic along with some other protocols I'm not familiar with. But I dont see any DNS, HTTP or TCP packets when I apply the necessary filters. I googled around a bit on that and found that it might be possible that I'm not even able to capture TCP and DNS packets at all. The problem is either I cant decrypt the tcp packets (which I dont think is the case since I can decrypt other protocols), or I cant even receive any tcp traffic. Does anyone have an idea as to how to solve this issue. If it's that I cant even capture these packets, how can I fix it? Thank you in advance. |
| 2022-01-03 00:25:42 +0000 | received badge | ● Scholar (source) |
| 2022-01-03 00:25:40 +0000 | commented answer | Cannot capture or decrypt some protocols in monitor mode with wireshark Thank you so much. That explains it really well. I guess I need to buy another card that supports 802.11ac right? |
| 2022-01-02 23:01:22 +0000 | asked a question | Cannot capture or decrypt some protocols in monitor mode with wireshark Cannot capture or decrypt some protocols in monitor mode with wireshark First off I put my network adapter into monitor |
| 2022-01-02 23:01:22 +0000 | asked a question | Cannot captrue or decrypt tcp and dns packets in wireshark Cannot captrue or decrypt tcp and dns packets in wireshark First off I put my network adapter into monitor mode and capt |
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.