[Winpcap-bugs] Windows Vista Capture Problem

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Jul 3 20:11:56 GMT 2007 

One of the reasons is that Vista wireless drivers (at least drivers specifically designed for vista) use a completely different architecture (native wi-fi), and they probably decided not to support promiscuous mode (this is just my guess). 

One thing you can try to do is forcing the installation of pre-vista drivers (XP drivers) for your wireless cards. Although not specifically designed for vista, they should work. You will need to find the driver and related INF file, and then force the installation directly from the device manager, by choosing "update driver" and then "don't choose driver, i will choose the one i want" (or something similar).

Hope it helps
GV
  ----- Original Message ----- 
  From: Kevin 
  To: 'Gianluca Varenni' ; winpcap-bugs at winpcap.org 
  Sent: Tuesday, July 03, 2007 1:01 PM
  Subject: RE: [Winpcap-bugs] Windows Vista Capture Problem


  Thank you for your reply. Yes, I think you’re probably right. I can see my own traffic when promiscuous mode is disabled and when it is enabled. I know support is poor for wireless adapters, but I haven’t been able to find one that works properly yet and I’ve tried three adapters. I don’t need to capture raw packets. I’m just trying to see basic stuff like HTTP etc. For some reason the Vista drivers for all my wireless adapters don’t support promiscuous mode apparently, which is odd since they supported it perfectly under Windows XP. I’ve talked to some other people who have run into the same problem as me and they were using Atheros with the latest Vista drivers, another card that worked properly with winpcap under XP. It’s just strange that three different adapters that worked under XP wouldn’t work under Vista. It kind of makes me think it must have something to do with the architecture of Vista and how it supports drivers. But it works fine with my regular nic, so I have no clue. I’d just love to be able to find a way to use winpcap under Vista. I’m afraid to buy another adapter because it may do the same thing. Any ideas? Anyone successfully used any adapter under Vista? If so which one.

   

  Thanks a lot,

   

  Kevin

   

  From: Gianluca Varenni [mailto:gianluca.varenni at cacetech.com] 
  Sent: Tuesday, July 03, 2007 2:44 PM
  To: Kevin; winpcap-bugs at winpcap.org
  Subject: Re: [Winpcap-bugs] Windows Vista Capture Problem

   

  The problem is probably due to the fact that most of the wireless network card drivers fail to go into promiscuous mode. 

   

  What I suspect you will see is that if you disable promiscuous mode, you will capture your own traffic only. If you enable promiscuous mode, you might possibly see NO traffic at all (this is a bug in WinPcap that has been fixed recently).

   

  As specified in this FAQ

   

  http://www.winpcap.org/misc/faq.htm#Q-16

   

  support for capture over wireless networks in quite poor, mainly due to the limitations of the current wireless drivers (and windows itself).

   

  Let me know if this answers your questions.

   

  Have a nice day

  GV

    ----- Original Message ----- 

    From: Kevin 

    To: winpcap-bugs at winpcap.org 

    Sent: Saturday, June 30, 2007 5:55 PM

    Subject: [Winpcap-bugs] Windows Vista Capture Problem

     

    Winpcap version: 4.0

     

    OS: Windows Vista Home Premium x86

     

    Windump ouput: see attached zip

     

    Network Adapters: Broadcom 802.11g network adapter, Marvel Yukon 88E8038 PCI-E Fast Ethernet Controller

     

    Special software / firewalls: none

     

    Problem Description: I'm using WinpCap 4.0 with Wireshark and I'm unable to capture packets in promiscuous mode using the Broadcom network adapter. I can see all my own traffic perfectly fine but the network traffic does not show up properly. All I see are ARP packets. I can't see any HTTP packets from the other machines on my network. My broadcom card shows up as Microsoft in wireshark but it shows the correct ip address. The Marvel Yukon adapter works perfectly fine even in promiscuious mode. I've tried other network cards atheros etc and all of them produce the same results. I thought it may be a driver issue but after trying different cards and drivers I changed my mind. I'm completly stumped. If you could look into this I would be very greatful. 

     

    Thank you for your time,

     

    Kevin


----------------------------------------------------------------------------

    _______________________________________________
    Winpcap-bugs mailing list
    Winpcap-bugs at winpcap.org
    https://www.winpcap.org/mailman/listinfo/winpcap-bugs

   

  No virus found in this incoming message.
  Checked by AVG Free Edition.
  Version: 7.5.476 / Virus Database: 269.9.14/885 - Release Date: 7/3/2007 10:02 AM



  No virus found in this outgoing message.
  Checked by AVG Free Edition.
  Version: 7.5.476 / Virus Database: 269.9.14/885 - Release Date: 7/3/2007 10:02 AM

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-bugs/attachments/20070703/659bf4fa/attachment-0001.htm

More information about the Winpcap-bugs mailing list