esotechnica's profile - activity

I have never had any luck capturing anything useful with Wireshark in monitor mode. It seems to be a problem with capturing high speed WLAN frames. In a previous post I detail the problems I had with my WLAN adapter not being able to capture all packets unless I downgrade the AP from 802.11n to 802.11b/g.

Assuming that it was the WLAN adapter that was the problem, I have recently purchased an Alfa AWUS036ACM AC1200 WLAN adapter. This is the card recommended by aircrack-ng as the best card for wireless packet sniffing. However, I still have the exact SAME problem as before, I can only see low-rate frames over the air.

Please, can someone tell me is it actually possible AT ALL to capture the high rate frames of 802.11n and 802.11ac, and how I can troubleshoot this issue?

NOTE: I have no trouble setting this device into monitor mode. It sees frames from other stations, just not the ones I need. Decryption works fine too.

I've managed to workout my issue with the iw command, using the iw and ip commands together require a particular order i

OK, disregard the last question, I found the MCS sets. It appears that my phone (Samsung s9+) supports MCS 0-9 for up t

My 802.11ac AP is configured to channel 44 with a 20MHz channel width with SGI disabled (I override the channel width to

My 802.11ac AP is configured to channel 44 with a 20MHz channel width with SGI disabled (I override the channel width to

I've not had any luck setting the adapter channel using iw command. I always get "command failed: Device or resource bu

I suppose the short answer to "what do I want to do" is to simply collect every frame broadcast on a particular channel

Sorry for the confusion, I have amended the title, I meant I don't get any high-rate frames at all from the air...

Persistent problems with Wireshark capturing high WLAN dataframe rates I have never had any luck capturing anything usef

Persistent problems with Wireshark capturing high rate frames I have never had any luck capturing anything useful with W

Persistent problems with Wireshark capturing high rate frames I have never had any luck capturing anything useful with W

Persistent problems with Wireshark capturing high rate frames I have never had any luck capturing anything useful with W

Persistent problems with Wireshark capturing high rate frames I have never had any luck capturing anything useful with W

It's certainly interesting that in monitor mode, it can only capture b/g traffic and yet can capture 802.11n in managed

I am trying to sniff regular data frames over WLAN with Wireshark, but am unable to capture ANY unicast frames at all.

I have created a monitor mode virtual interface (mon0) of my WLAN interface using the iw command. I get broadcast/multicast packets, as well as a ton of management/control frames, but no unicast packets, not even from the capture PC that I am running Wireshark from, let alone from any other WLAN devices on the network.

I am running Arch Linux (Linux 5.0.10) using a TP-Link WLAN adapter with a Qualcomm Atheros AR9287 chipset. I would be grateful if anyone could suggest a reason why this is not working properly?

Success! By disabling SGI and setting to b/g mixed mode, I can now see everything. Thanks so much for your help.

Hi Bob, by unicast frames I mean looking for any 'useful' data frames carrying TCP/IP traffic that are not broadcast/mul

Using airmon-ng I have now created a new monitor mode interface (rather than using iw) called wlp4s0mon. This interface

Hi Bob, if I try capturing from mon0 when the actual WLAN interface (wlp4s0) is down, I get no packets at all. I'm gues

Cannot capture unicast WLAN packets from any station I am trying to sniff regular data frames over WLAN with Wireshark,