1

By working on the Wireless QoS (WMM/802.11e), I captured with airmon-ng and airodump-ng on Kali Linux, the 802.11 raw wireless frames, on my BSSID and channel.

I generate some traffic from my Wireless client connected to the access point sniffed, but only few frames appear, and very few 802.11 Data frames, which should transport the data from the generated traffic. Are there any reasons to didn't get all the wireless frames ?

Config: Start the monitoring: airmon-ng start wlan1, WLAN discovering with airodump-ng wlan1mon, selection of the WLAN with specific BSSID airodump-ng -c 11 --bssid 00:01:02:03:04:05 -w dump wlan1mon, then traffic generation from my endpoint

bdes31
  • 113
  • 5

1 Answers1

4

Since you specify that you are getting some data frames (indicating you are indeed in monitor mode), the most likely issue is that the capabilities of the wireless device generating data exceeds the capabilities of the wireless device capturing data.

For example, if the data client is 802.11ac and the capture device is 802.11n, the capture will only include frames that the 802.11n chipset recognizes. Or the data client could be 3x3:3 chipset while the capture devices is a 3x3:2 or a 2x2:2.

In this type of situation, your capture device will only be able to "see" frames that are transmitted within it's capabilities to understand.

On the other hand you are able to capture the management frames because those typically are sent at the lowest base/required data rate configured for the SSID (which must be supported by all associated clients and is typically uses a single spatial stream and lower data rates).

YLearn
  • 3,967
  • 1
  • 17
  • 34