Hi Yang, Good idea ! (i like)
There is a "Monitor" column on Wireshark but need to have SHOW_MONITOR_COLUMN (HAVE_PCAP_CREATE) enable (see ui/qt/capture_interfaces_dialog.cpp ) But the column will look no available on Windows... Cheers On Wed, Dec 30, 2015 at 8:29 AM, Yang Luo <[email protected]> wrote: > Hi list, > > I am considering adding native 802.11 packet capturing support (including > management and control frames) in Npcap. This is possible because Microsoft > Network Monitor already implements this feature for Vista and later. > > To enable these packets' capturing, we need to switch on the Wi-Fi > adapter's monitor mode. With the help of Guy ( > http://stackoverflow.com/questions/34507789/how-to-enable-802-11-monitor-mode-dot11-operation-mode-network-monitor-in-a-nd), > I know some stuffs about it. In NDIS side, there's an OID called > *OID_DOT11_CURRENT_OPERATION_MODE > *to set and get the current operation mode of the adapter. Possible > values are *DOT11_OPERATION_MODE_NETWORK_MONITOR *(monitor mode) and > *DOT11_OPERATION_MODE_EXTENSIBLE_STATION > *(non-monitor mode). There's no way to check whether an adapter supports > monitor mode or not. > > In Npcap's libpcap/wpcap part, I have added the monitor mode support by > changing two places, I don't know if this is the right way: > > 1) *pcap_activate_win32 *function in \wpcap\libpcap\pcap-win32.c: > https://github.com/nmap/npcap/blob/master/wpcap/libpcap/pcap-win32.c > Line 569 > > if (p->opt.rfmon) { > /* > * No monitor mode on Windows XP and earlier. It could be done on > * Vista with drivers that support the native 802.11 > * mechanism and monitor mode. > */ > DOT11_CURRENT_OPERATION_MODE operation_mode; > operation_mode.uCurrentOpMode = DOT11_OPERATION_MODE_NETWORK_MONITOR; > if (pcap_oid_set_request_win32(p, OID_DOT11_CURRENT_OPERATION_MODE, > &operation_mode, sizeof(DOT11_CURRENT_OPERATION_MODE)) != 0) > return (PCAP_ERROR_RFMON_NOTSUP); > } > > So instead of originally return (PCAP_ERROR_RFMON_NOTSUP);, this code will > set the monitor mode of the adapter. > > 2) *pcap_cant_set_rfmon *function in wpcap\libpcap\pcap.c: > https://github.com/nmap/npcap/blob/master/wpcap/libpcap/pcap.c > Line 98 > > /* > * For systems where rfmon mode is never supported. > */ > static int > pcap_cant_set_rfmon(pcap_t *p _U_) > { > return (1); > // return (0); > } > > I changed this function to always returning 1, which means "supported". I > know here I should check whether the adapter supports the monitor mode, but > I found no way to check. All I can do is to get/set the current mode using > the OID way above. > > After all these changes, there's no change in Wireshark, I didn't find a > place to switch on/off the monitor mode like Microsoft Network Monitor. So > I doubt whether Wireshark supports the monitor mode of Wlan in Windows? And > how Wireshark UI make use of the monitor mode? Thanks. > > > Cheers, > Yang > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
