So although winpcap now supports win7, it's still based on ndis5.x and doesn't work on ndis6.0?
Thanks, Joshua On Mon, Dec 14, 2009 at 3:23 PM, Guy Harris <[email protected]> wrote: > (WinPcap issue, rather than Wireshark issue. libpcap 1.0.0 and later have an > API for going into monitor mode, and libpcap 0.4 and later - probably going > all the way back to libpcap 0.1 - have an API for going into promiscuous > mode; Wireshark currently doesn't support the monitor-mode API, and has > supported the promiscuous-mode API since Day One. Whether the > promiscuous-mode API does what you want on a wireless adapter is another > matter; it tends not to do so on Windows, thanks to driver problems, but > that's not unique to Wireshark.) > > On Dec 14, 2009, at 11:30 AM, Joshua (Shiwei) Zhao wrote: > >> Hi there, >> I'm wondering whether win7 allows any 3rd party (except its Netmon >> software) to put a WiFi driver into promiscuous or monitor mode. > > If you're talking about user-mode 3rd-party software, that would depend on > whether the driver that the 3rd-party software uses to talk to the adapter > can use the appropriate APIs for turning on promiscuous mode: > > http://msdn.microsoft.com/en-us/library/bb648512.aspx > > (setting the filter to NDIS_PACKET_TYPE_PROMISCUOUS) or monitor mode: > > http://msdn.microsoft.com/en-us/library/aa503132.aspx > > and whether the driver properly handles those NDIS operations. > >> Does latest winpcap 4.1.1 support that? > > It supports NDIS_PACKET_TYPE_PROMISCUOUS. > > It does not support the monitor mode APIs. > >> Is there working wifi sniffer softwares on win7? > > Microsoft Network Monitor? > >> How is AirPcap? > > AirPcap is a device; it is *not* a normal Wi-Fi adapter (you can't use it to > join a wireless network, as far as I know), it's a special device for use > when capturing traffic, and it has its own API. WinPcap uses that API to > control AirPcap devices; I think those devices are, in effect, always in > monitor mode. > >> If so, anyone know how they make it pass win7's nativeWifi intermediate >> driver? > > They do so by having it not be a normal Wi-Fi adapter, so none of Microsoft's > code that handles Wi-Fi adapters is involved when capturing packets from it. > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
