[Winpcap-users] NPF Interface Problem - Atheros Promiscuous Mode

Sun Feb 21 10:13:10 PST 2010

Well switch to Linux 
http://wiki.wireshark.org/CaptureSetup/WLAN#head-bb8373ef4903fe9da2b8375331726541fb1ad32d
<snip>
Cards with Atheros Communications chipsets
See the Atheros customer products page to find products that use Atheros
chipsets.
You can capture raw 802.11 packets with AR5K cards on Linux systems with
the v5_ar5k or madwifi drivers. For the v5ar5k driver you will need the Linux
wireless-tools version 25 or higher to put the card into monitor mode. If
you're using the madwifi driver, you can put the card into monitor mode using
iwconfig interface mode monitor, followed by iwconfig interface channel channel
to select a channel (if needed). THis works only on the old version of the
madwifi driver. If you are using the new version, also known as madwifi-ng,
you must create a monitor vap with the command wlanconfig ath create wlandev
wifiX wlanmode mon. For further information read the madwifi documentation,
included with versions 0.9.0 and up. 
<snip>

or

buy an AirPcap adapter*.
http://www.cacetech.com/products/airpcap.html
http://www.winpcap.org/misc/faq.htm#Q-16
<snip>
For real wireless capture, CACE Technologies offers the AirPcap adapter,
specifically designed to sniff 802.11 traffic, including control frames,
management frames and power information. AirPcap at this time is the only
solution for capturing raw 802.11 traffic with WinPcap. More details can
be found on the  AirPcap product page.
<snip>

*Last year I got one for free, when I visited Sharkfest:
http://www.cacetech.com/sharkfest.09/
The next Sharkfest is in June:
http://www.cacetech.com/sharkfest.10/

Best regards
Joan

On Sun, 21 Feb 2010 11:09:05 -0500 russ421 wrote:
>
> Yes - it's wireless traffic I am looking at.  Atheros AR9285 is the wireless
>adapater, but still no luck.  I did check out those two links, but they
didn't
>offer any solutions yet.  Like David Trout mentioned, the micro-logix links
>do not work, so I couldn't look at either of those.  

>
>-----Original Message-----
>From: j.snelders <j.snelders at telfort.nl>
>To: winpcap-users at winpcap.org
>Sent: Sun, Feb 21, 2010 4:35 am
>Subject: Re: [Winpcap-users] NPF Interface Problem - Atheros Promiscuous
>Mode
>
>
>Hi,
>
>I've got no problems with this adapter:
>Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
>
>64-bit Windows Server 2008 R2
>wireshark: Version 1.3.3-SVN-31855
>WinPcap version 4.1.1
>
>Driver:
>C:\Windows\system32\DRIVERS\L1E62x64.sys
>Driver Date: 11-06-2009
>Driver Version: 1.0.0.15
>
>
>Are you trying to capture wireless traffic in promiscuous mode?
>If so, please take a look at WinPcap FAQ and Wireshark Wiki:
>http://www.winpcap.org/misc/faq.htm#Q-16
>http://wiki.wireshark.org/CaptureSetup/WLAN#head-02456742c655394c9e948a4c9a59d3441c92782f
>
>Best regards
>Joan
>
>On Sat, 20 Feb 2010 18:29:34 -0500 russ421 wrote:
>>
>> I recently installed Win 7 on a new laptop and am having trouble running
>>Wireshark in promiscuous mode using WinPCap.  The NIC is Atheros AR9285
>which
>>I thought was supported.  Originally I was using the default Microsoft
drivers
>>for the card after installing windows 7.  I installed Wireshark / WinPCap
>>but could not capture in promiscuous mode.  I then installed the Atheros
>>drivers, uninstalled and reinstalled Wireshark / WinPCap but still no luck.
>> Now when I start Wireshark in promiscuous mode to capture, it says "The
>>capture session could not be initialed.  Failed to set device to promiscuous
>>mode.  Please check that the device /device/npf_{...} is the proper interface".
>>
>>Does anyone know what the problem might be?  does it have to do with the
>>fact I had installed wireshark / winpcap before installing the Atheros
drivers?
>> Is the Atheros AR9285 not supported in WinPCap 4.1.1?  Any ideas would
>be
>>greatly appreciated.  I've tried uninstalling / reinstalling winpcap and
>>wireshark.  I've restarted computer several times.  Tried running 'net
stop
>>npf' 'net start npf' as administrator, etc. but no luck yet.