1 of 1 people found this helpful
You are not alone. Sometime after 1.6.5 the prism headers stopped being decoded properly by Wireshark. If I recall correctly, all packets show as association responses as you allude.
I am back on Wireshark 1.6.5 (you can still find it out there if you look hard) and get the proper decode. If your experience is like mine, you'll notice that after 1.6.5 the "prism capture header" is missing. Here's that header being reflected properly in 1.6.5:
If anyone else has further insight into this observation, I'd be interested as well.
Also, I've not tested the latest 1.10.0 stable release from Wireshark. Maybe someone else has?
I went ahead and flagged this post as “Assumed Answered.” If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons. This will make them visible and help other members of the community find solutions more easily as well as award points to the users that helped you. If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.
That was it. I downloaded wireshark 1.6.5 and the pcap file decodes properly.
What's interesting is that Metageek's Eye AP is still able to decode the pcap file, but some of the decoded info is incorrect. The data rates are incorrect, but the subframe types are correct:
I tried Wireshark 1.10 and it's unable to decode the pcap files correctly.