Re: [Winpcap-users] WiFi monitoring on win7

["Gianluca Varenni" <gianluca.varenni () cacetech com>]

As far as I know NetMon uses an NDIS6 Native Wifi intermediate driver (I 
don't remember the exact name of the technology, LWF?) to capture the 
packets. WinPcap uses an NDIS5 protocol driver. I don't know if it's 
possible to capture native 802.11 frames with an NDIS6 protocol driver, but 
in any case it would require a major rewrite of the WinPcap driver. Even in 
that case, I've seen NDIS6 wifi miniports that do not deliver the original 
802.11 frames, they "massage" them by removing some headers. This is 
expecially the case for 802.11n, some of the QoS headers are removed.

GV



----- Original Message ----- 
From: "Joshua (Shiwei) Zhao" <swzhao () gmail com>
To: "Developer support list for Wireshark" <wireshark-dev () wireshark org>; 
<winpcap-users () winpcap org>
Sent: Monday, December 14, 2009 11:30 AM
Subject: [Winpcap-users] WiFi monitoring on win7


> Hi there,
> I'm wondering whether win7 allows any 3rd party (except its Netmon
> software) to put a WiFi driver into promiscuous or monitor mode. Does
> latest winpcap 4.1.1 support that?
> Is there working wifi sniffer softwares on win7?  How is AirPcap? If
> so, anyone know how they make it pass win7's nativeWifi intermediate
> driver?
>
> Many thanks,
> Joshua
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users () winpcap org
> https://www.winpcap.org/mailman/listinfo/winpcap-users 

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe