On Apr 11, 2011, at 5:17 PM, Gianluca Varenni wrote:
> I’m not actually sure that Cain uses WinPcap to do that.
>
> I think that Cain does that by either using AirPcap or the Microsoft wi-fi
> APIs to list the access points.
>
> Have you asked the cain authors how they do that?
They say on their Web site how they do that:
http://www.oxid.it/ca_um/topics/wireless_scanner.htm
"The active scanner opens the wireless network adapter using the Winpcap
protocol driver then it uses the "PacketRequest" function of the same driver to
communicate with the wireless network card. This API can be used from the
Windows User Mode to perform a query/set operation on an internal variable of
the network card driver.
BOOL PacketRequest ( LPADAPTER AdapterObject, BOOL Set, PPACKET_OID_DATA
OidData);
...from Winpcap documentation
not all the network adapters implement all the query/set functions. There is a
set of mandatory OID functions that is granted to be present on all the
adapters, and a set of facultative functions, not provided by all the cards
(see the Microsoft DDKs to see which functions are mandatory). If you use a
facultative function, be careful to enclose it in an if statement to check the
result.
Windows DDK provides a set of mandatory WLAN OIDs that should be supported by
all Miniport drivers for IEEE 802.11; they are all defined in "ntddndis.h" file
(from Windows XP SP1 DDK) and documented here.
The scan command is sent to the wireless card using the
OID_802_11_BSSID_LIST_SCAN and the following function ..."
which translates as "we use WinPcap, but we don't use it to capture traffic, we
use it as a userland interface to NDIS for sending OID requests to the adapter
driver". It's digging up information that Windows has gathered about access
points.
They can also use AirPcap to scan by watching network traffic go by:
"The passive scanner requires the AirPcap adapter from CACE Technologies which
enables the raw capture of 802.11 frames by mean of its AirPcap drivers. The
scanner recognize wireless Access Points (upper list) and clients (lower list)
decoding 802.11b/g packets that travels on the air in a completely passive way.
The "Channel Hopping" feature changes the frequency of the adapter every second
and let you discover wireless networks on different channels."
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
