[Winpcap-users] List different Access Points (AP), MAC addresses and/or signal strenght
Gianluca.Varenni at riverbed.com
Tue Apr 12 08:51:05 PDT 2011
After I wrote my reply it came to my mind that they could have used those OIDs and PacketRequest to query the list of BSSIDs...
That approach should definitely work, I would just make sure to test it on pre- and post- vista Windows with a number of different wireless adapters. >From Vista the wireless networking stack changed drastically.
From: winpcap-users-bounces at winpcap.org [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Guy Harris
Sent: Monday, April 11, 2011 5:25 PM
To: winpcap-users at winpcap.org
Subject: Re: [Winpcap-users] List different Access Points (AP), MAC addresses and/or signal strenght
On Apr 11, 2011, at 5:17 PM, Gianluca Varenni wrote:
> I'm not actually sure that Cain uses WinPcap to do that.
> I think that Cain does that by either using AirPcap or the Microsoft wi-fi APIs to list the access points.
> Have you asked the cain authors how they do that?
They say on their Web site how they do that:
"The active scanner opens the wireless network adapter using the Winpcap protocol driver then it uses the "PacketRequest" function of the same driver to communicate with the wireless network card. This API can be used from the Windows User Mode to perform a query/set operation on an internal variable of the network card driver.
BOOL PacketRequest ( LPADAPTER AdapterObject, BOOL Set, PPACKET_OID_DATA OidData);
...from Winpcap documentation
not all the network adapters implement all the query/set functions. There is a set of mandatory OID functions that is granted to be present on all the adapters, and a set of facultative functions, not provided by all the cards (see the Microsoft DDKs to see which functions are mandatory). If you use a facultative function, be careful to enclose it in an if statement to check the result.
Windows DDK provides a set of mandatory WLAN OIDs that should be supported by all Miniport drivers for IEEE 802.11; they are all defined in "ntddndis.h" file (from Windows XP SP1 DDK) and documented here.
The scan command is sent to the wireless card using the OID_802_11_BSSID_LIST_SCAN and the following function ..."
which translates as "we use WinPcap, but we don't use it to capture traffic, we use it as a userland interface to NDIS for sending OID requests to the adapter driver". It's digging up information that Windows has gathered about access points.
They can also use AirPcap to scan by watching network traffic go by:
"The passive scanner requires the AirPcap adapter from CACE Technologies which enables the raw capture of 802.11 frames by mean of its AirPcap drivers. The scanner recognize wireless Access Points (upper list) and clients (lower list) decoding 802.11b/g packets that travels on the air in a completely passive way. The "Channel Hopping" feature changes the frequency of the adapter every second and let you discover wireless networks on different channels."
Winpcap-users mailing list
Winpcap-users at winpcap.org
More information about the Winpcap-users