Wireshark mailing list archives
Some questions about Wireshark monitor mode support on Windows
From: Yang Luo <hsluoyb () gmail com>
Date: Thu, 19 May 2016 02:41:00 +0800
Hi list, I just released Npcap 0.07 R4: https://github.com/nmap/npcap/releases This version Npcap already supports monitor mode setting using Wireshark GUI or command line. 1) For GUI, if you check the "Capture packets in monitor mode" option in "Edit Interface Settings", your adapter will turn into monitor mode immediately. 2) For CLI, run "dumpcap" command with -I option, your adapter will turn into monitor mode right before capturing. And I have several questions: 1) In "Edit Interface Settings", if I check "Capture packets in monitor mode" option, my adapter will turn into monitor mode immediately. But if I uncheck it again, my adapter won't come back to managed mode. I think the right behavior is the mode should be changed back to managed mode if the user uncheck the option. 2) After I check "Capture packets in monitor mode" option, the "Mon. Mode" column in "Capture Options" won't change from "disabled" to "enabled". This behavior is weird. 3) libpcap API (wpcap.dll) doesn't export a pcap_get_rfmon function, which means Wireshark can't get the current operation mode in any way. Maybe before starting Wireshark, the adapter is already in monitor mode (like setting it using WlanHelper), the "Capture packets in monitor mode" option in "Edit Interface Settings" won't reflect this initial state. because Wireshark can't obtain the current operation mode. 4) Wireshark does nothing after capturing with "Capture packets in monitor mode" option checked. I think Wireshark should be responsible to change the mode back to managed when the capture ends, if it changed the mode to monitor when capture starts. Any suggestions? Thanks! Cheers, Yang
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Some questions about Wireshark monitor mode support on Windows Yang Luo (May 18)
- Re: Some questions about Wireshark monitor mode support on Windows Guy Harris (May 20)
- Re: Some questions about Wireshark monitor mode support on Windows Yang Luo (May 20)
- Re: Some questions about Wireshark monitor mode support on Windows Guy Harris (May 24)
- Re: Some questions about Wireshark monitor mode support on Windows Yang Luo (May 25)
- Re: Some questions about Wireshark monitor mode support on Windows Yang Luo (May 20)
- Re: Some questions about Wireshark monitor mode support on Windows Guy Harris (May 20)