[Winpcap-users] List different Access Points (AP), MAC addresses and/or signal strenght

[Guy Harris]

On Apr 11, 2011, at 5:17 PM, Gianluca Varenni wrote:

> I’m not actually sure that Cain uses WinPcap to do that.
>  
> I think that Cain does that by either using AirPcap or the Microsoft wi-fi APIs to list the access points.
>  
> Have you asked the cain authors how they do that?

They say on their Web site how they do that:

	http://www.oxid.it/ca_um/topics/wireless_scanner.htm

"The active scanner opens the wireless network adapter using the Winpcap protocol driver then it uses the "PacketRequest" function of the same driver to communicate with the wireless network card. This API can be used from the Windows User Mode to perform a query/set operation on an internal variable of the network card driver.
 
BOOL PacketRequest ( LPADAPTER AdapterObject, BOOL Set, PPACKET_OID_DATA OidData);
 
...from Winpcap documentation
not all the network adapters implement all the query/set functions. There is a set of mandatory OID functions that is granted to be present on all the adapters, and a set of facultative functions, not provided by all the cards (see the Microsoft DDKs to see which functions are mandatory). If you use a facultative function, be careful to enclose it in an if statement to check the result.
 
Windows DDK provides a set of mandatory WLAN OIDs that should be supported by all Miniport drivers for IEEE 802.11; they are all defined in "ntddndis.h" file (from Windows XP SP1 DDK) and documented here.
 
The scan command is sent to the wireless card using the OID_802_11_BSSID_LIST_SCAN and the following function ..."

which translates as "we use WinPcap, but we don't use it to capture traffic, we use it as a userland interface to NDIS for sending OID requests to the adapter driver".  It's digging up information that Windows has gathered about access points.

They can also use AirPcap to scan by watching network traffic go by:

"The passive scanner requires the AirPcap adapter from CACE Technologies which enables the raw capture of 802.11 frames by mean of its AirPcap drivers. The scanner recognize wireless Access Points (upper list) and clients (lower list) decoding 802.11b/g packets that travels on the air in a completely passive way. The "Channel Hopping" feature changes the frequency of the adapter every second and let you discover wireless networks on different channels."