Can't capture TCP with Wireshark

[johnthethird]

Hi all,

I've installed Backtrack 3 and I'd like to learn how to use Wireshark for academic purposes.

When I try to capture wireless traffic from my other computer linked to the Internet through an wireless ADSL router, I cannot see TCP or IP protocol packets in Wireshark, only a bunch of IEEE.802 and LLC protocols mostly.

I can't figure it out why. Wireshark is configured with the "decryption key", "promiscuous mode", and "assume packets have FCS" which I understood are the main parameteres.

Thank you fot your help.

[imported_vvpalin]

How exactly are you feeding wireshark the data?

Do you have airodump on the correct channel with matching bssid?

This link might be of a little help HowToDecrypt802.11 - The Wireshark Wiki

You are also going to need a valid handshake for you to be able to decrypt everything.

"WPA and WPA2 uses keys derived from an EAPOL handshake to encrypt traffic. Unless all four handshake packets are present for the session you're trying to decrypt, Wireshark won't be able to decrypt the traffic. You can use the display filter eapol to locate EAPOL packets in your capture."

To grab a handshake it's pretty much as simple as deauthing a client. Anymore help feel free to ask, also let us know if you get it working.

Cheers!