[Winpcap-users] Wireless adapters with WinPcap

Guy Harris guy at alum.mit.edu
Tue Jan 22 01:26:42 PST 2013 

On Jan 21, 2013, at 10:34 PM, Joe Reichman <joereichman at optonline.net> wrote:

> As I understand it winPcap only works With Ethernet adapters

In principle, it's not restricted to Ethernet adapters, but, in practice:

	1) it's a lot less useful with Wi-Fi adapters (it should be able to capture traffic in non-promiscuous mode on a Wi-Fi adapter, but promiscuous mode doesn't work due to driver and/or hardware limitations, with the driver limitations perhaps *required* by Microsoft, and it doesn't support monitor mode at all);

	2) it doesn't handle PPP (dial-up, VPN, mobile phone data service, etc.) adapters on many versions of Windows;

	3) it should in theory be able to handle Token Ring and various other types, but I don't know whether it's ever been tried with them, and they're probably not of very great interest these days.

So, while there are some cases where it's useful on Wi-Fi adapters, there are a lot of cases where it's not.

> If I want to achieve the same functionality with wireless adapters is 
> Airplane the solution

I've never heard of Airplane in this context, and, as one might expect, Google searches such as

	Airplane windows

and

	Airplane wi-fi

produce a ton of chaff having nothing to do with hardware or software for capturing Wi-Fi traffic, so I don't know whether it's the solution or not

Did you mean AirPcap?  If so, then *if* you want to use WinPcap, whether in your own application or an existing application such as WinDump or Wireshark, to capture Wi-Fi traffic, it's the only solution I know of.

If you just want an existing application that can capture on Wi-Fi on Windows, there are other alternatives; Microsoft Network Monitor:

	http://www.microsoft.com/en-us/download/details.aspx?id=4865

has its own capture mechanism (which *does* support NDIS 6, so, on versions of Windows that support NDIS 6, i.e. Windows Vista and later, it can capture in monitor mode on Wi-Fi interfaces *if the driver supports it correctly*, but there are people who claim that rather a lot of drivers don't), and it's free (unlike an AirPcap adapter), and there are commercial applications, such as CommView for Wi-Fi:

	https://www.tamos.com/products/commwifi/

which include their own drivers, and thus may not support as many adapters *but* may be more likely to work correctly with those adapters.

Note that Wireshark can read captures from both Network Monitor and CommView.

More information about the Winpcap-users mailing list