Wireshark-dev: Re: [Wireshark-dev] [Winpcap-users] WiFi monitoring on win7

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Wed, 16 Dec 2009 21:38:05 -0800
As far as I know NetMon uses an NDIS6 Native Wifi intermediate driver (I don't remember the exact name of the technology, LWF?) to capture the packets. WinPcap uses an NDIS5 protocol driver. I don't know if it's possible to capture native 802.11 frames with an NDIS6 protocol driver, but in any case it would require a major rewrite of the WinPcap driver. Even in that case, I've seen NDIS6 wifi miniports that do not deliver the original 802.11 frames, they "massage" them by removing some headers. This is expecially the case for 802.11n, some of the QoS headers are removed.

GV



----- Original Message ----- From: "Joshua (Shiwei) Zhao" <swzhao@xxxxxxxxx> To: "Developer support list for Wireshark" <wireshark-dev@xxxxxxxxxxxxx>; <winpcap-users@xxxxxxxxxxx>
Sent: Monday, December 14, 2009 11:30 AM
Subject: [Winpcap-users] WiFi monitoring on win7


Hi there,
I'm wondering whether win7 allows any 3rd party (except its Netmon
software) to put a WiFi driver into promiscuous or monitor mode. Does
latest winpcap 4.1.1 support that?
Is there working wifi sniffer softwares on win7?  How is AirPcap? If
so, anyone know how they make it pass win7's nativeWifi intermediate
driver?

Many thanks,
Joshua
_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users