Hey guys. I took a capture file by turning on monitor mode with airmon-ng and capturing it with airodump-ng. I then used airdecap-ng with the wep key to decrypt the cap file. The result is a cap file that wireshark can parse. However, when I try to follow TCP stream on one of the packets, it gives me an empty window with 0 bytes in the stream. I’m certain I’m picking the right packets, because I saw a few words in one of them that I knew to belong to the stream I wanted. Wireshark just can’t follow the stream for some reason.
Does anyone have any suggestions for trying to tie packets together into their textual forms successfully?