Wireshark captures only 802.11 and LLC

Question

Last time I used wireshark for capturing wifi traffic in monitor mode, it worked well, meaning it captured all the traffic from all protocols I needed: http, tcp, etc. Perhaps, I've changed something in its setting and now it only captures the packets from 802.11 and LLC protocols.

I tried to make it work as I did before by checking different checkboxes in wlan0 window (monitor mode, promiscuous mode) and the same for eth0, but it still does the same: captures only 802.11 and LLC packets.

I run it as sudo wireshark.

How do I make it work?

Answer 1

Last time I used wireshark for capturing wifi traffic in monitor mode, it worked well, meaning it captured all the traffic from all protocols I needed: http, tcp, etc. Perhaps, I've changed something in its setting and now it only captures the packets from 802.11 and LLC protocols.

You probably either changed the settings for the network on which it's sniffing, switching it from an open (unencrypted) network to a protected (encrypted) network (using WEP or WPA/WPA2), changed the type of protection (e.g., from WEP to WPA/WPA2), changed the settings in Wireshark not to have the password for the network if it's protected, or changed the type of protection specified for the password for the network if it's protected.

I.e., it's reporting "802.11" or "LLC" packets because it's not decrypting the payload and therefor it's not capable of dissecting the packets beyond the 802.11 header (or LLC header, but that's probably encrypted so it's finding a DSAP that isn't the actual DSAP and therefore the dissection of anything above LLC is wrong).