[Winpcap-users] WiFi monitoring on win7

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Dec 16 21:38:05 PST 2009

As far as I know NetMon uses an NDIS6 Native Wifi intermediate driver (I 
don't remember the exact name of the technology, LWF?) to capture the 
packets. WinPcap uses an NDIS5 protocol driver. I don't know if it's 
possible to capture native 802.11 frames with an NDIS6 protocol driver, but 
in any case it would require a major rewrite of the WinPcap driver. Even in 
that case, I've seen NDIS6 wifi miniports that do not deliver the original 
802.11 frames, they "massage" them by removing some headers. This is 
expecially the case for 802.11n, some of the QoS headers are removed.


----- Original Message ----- 
From: "Joshua (Shiwei) Zhao" <swzhao at gmail.com>
To: "Developer support list for Wireshark" <wireshark-dev at wireshark.org>; 
<winpcap-users at winpcap.org>
Sent: Monday, December 14, 2009 11:30 AM
Subject: [Winpcap-users] WiFi monitoring on win7

> Hi there,
> I'm wondering whether win7 allows any 3rd party (except its Netmon
> software) to put a WiFi driver into promiscuous or monitor mode. Does
> latest winpcap 4.1.1 support that?
> Is there working wifi sniffer softwares on win7?  How is AirPcap? If
> so, anyone know how they make it pass win7's nativeWifi intermediate
> driver?
> Many thanks,
> Joshua
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

More information about the Winpcap-users mailing list