I'm running BT4 in a VM with a USB wifi stick that I've been using successfully for months with BT. Tonight I was sniffing traffic from the VM's host (a Vaio laptop) and getting lots of traffic and a handshake straight away.
When I came to decrypt the capture with airdecap though, I was only able to decrypt traffic from other devices that happened to be connecting to the router (my phone, Kindle etc). So even though airdecap could see, say, 52530 packets, it would only decrypt 530 of them and all of these were from devices other than the laptop.
Can anyone shed any light on this? Obviously it's a bit of an unnatural situation, but I'd be interested to know the explanation. Surely once the packets are in the air and coming from different interfaces, their origin is pretty irrelevant?
I'm using airodump to capture and airdecap-ng -p password -e foo foo.cap