I am fairly new into the wireless hacking business, however I do come with some knowledge on the subjects of encryption and other things associated with wireless sin general.
The issue I am facing seems a realistic one to me (wireless isn't perfect) however I wish to verify this.
I have done an experiment in which my desktop computer downloaded 5 parts of 100mb each to be exact in succession (http), however the captured pcap file which was generated by airodump on my laptop registered only 100mb.
Analyzing the traffic via Wireshark this is explained as follows:
Along the numerous "Continuation or non-HTTP traffic" which is basically the http download there is numerous scattered "TCP Previous segment lost".
the inevitable conclusion drawn from this is that airodump or the hardware itself for that matter failed to capture most of the "Continuation or non-HTTP traffic".
laptop is asus eee 1000pe (wireless card supports everyhting associated with the aircrack-ng suite)
dektop wireless card dlink G520
wireless network was secured with WPA2 - wireshark decrypted it (airdecap failed to, possibly because of ccmp-aes?)
The desktop and laptop were in close proximity of 1 meter (possible cause?)
Based on what I know of these things I would blame the hardware, since the adapter isn't perfect it would loose traffic and whereas the adapter that receives the file would complain of such errors and request a resent a monitoring adapter in a passive mode would not.
Appreciate any input on the matter.