802.11 Traffic and Protection Bits:
In the 802.11 protocol, protection bits and the Initialization Vector (IV) are used in encrypted wireless
traffic.
If the traffic is captured directly from an AP, the frames may include encrypted content.
Wireshark may misinterpret these protection bits or fail to display the frames correctly unless it is
configured to ignore protection bits and correctly parse the IV.
Key Scenario:
When traffic is captured directly from an AP managed by HPE Aruba Networking Central, the frames
are often captured before decryption occurs.
In such cases, you must configure Wireshark to ignore the protection bits and handle the IV properly
for correct frame interpretation.
Option Analysis:
Option A: Incorrect. Data plane traffic sent to a remote IP is usually decrypted, so Wireshark does not
require this adjustment.
Option B: Incorrect. Switch port mirroring captures traffic at Layer 2/3, not raw 802.11 frames.
Option C: Correct. Traffic captured directly from an AP via HPE Aruba Networking Central often
includes encrypted wireless frames, requiring Wireshark adjustments.
Option D: Incorrect. Control plane traffic is typically management data and not raw wireless frames
needing IV interpretation.
