[Winpcap-users] WiFi monitoring on win7
Gianluca Varenni
gianluca.varenni at cacetech.com
Wed Dec 16 21:38:05 PST 2009
As far as I know NetMon uses an NDIS6 Native Wifi intermediate driver (I
don't remember the exact name of the technology, LWF?) to capture the
packets. WinPcap uses an NDIS5 protocol driver. I don't know if it's
possible to capture native 802.11 frames with an NDIS6 protocol driver, but
in any case it would require a major rewrite of the WinPcap driver. Even in
that case, I've seen NDIS6 wifi miniports that do not deliver the original
802.11 frames, they "massage" them by removing some headers. This is
expecially the case for 802.11n, some of the QoS headers are removed.
GV
----- Original Message -----
From: "Joshua (Shiwei) Zhao" <swzhao at gmail.com>
To: "Developer support list for Wireshark" <wireshark-dev at wireshark.org>;
<winpcap-users at winpcap.org>
Sent: Monday, December 14, 2009 11:30 AM
Subject: [Winpcap-users] WiFi monitoring on win7
> Hi there,
> I'm wondering whether win7 allows any 3rd party (except its Netmon
> software) to put a WiFi driver into promiscuous or monitor mode. Does
> latest winpcap 4.1.1 support that?
> Is there working wifi sniffer softwares on win7? How is AirPcap? If
> so, anyone know how they make it pass win7's nativeWifi intermediate
> driver?
>
> Many thanks,
> Joshua
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
More information about the Winpcap-users
mailing list