Wireshark-users: Re: [Wireshark-users] Wireless Capture

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Tue, 3 Apr 2012 21:40:31 -0400
On Apr 3, 2012, at 7:30 PM, Barry Constantine wrote:

> Besides AirPcap, are there other ways to capture promiscuously on a wireless network and to capture the WiFi physical layer information?

Yes:

	1) run Linux;

	2) run *BSD;

	3) run OS X;

	4) if you're stuck running Windows, do your capture with another application, such as Microsoft Network Monitor:

		http://www.microsoft.com/download/en/details.aspx?id=4865

	   if you're running Vista or later and have a Wi-Fi adapter with an NDIS 6 river that supports Native Wi-Fi, or TamoSoft CommView for Wi-Fi:

		http://www.tamos.com/products/commwifi/

	   if you have a compatible Wi-Fi adapter and supported Windows version:

		http://www.tamos.com/products/commwifi/adapterlist.php

	   and possibly read those files into Wireshark;

	5) if you're stuck running Windows, and it's Vista or later, and want to capture with Wireshark (or WinDump or any other WinPcap-based application), modify WinPcap so that, on Windows Vista and later, it's an NDIS 6 driver and uses the Native Wi-Fi mechanism (and the monitor mode APIs from libpcap 1.0 and later, which means upgrading WinDump's underlying libpcap version to 1.0 or later).  (Contribute the changes to the WinPcap developers if you don't want to continue supporting them yourself.)