1/13/2024 0 Comments Windows wireshark promiscuous mode![]() (I think there's an error with the "Firmware/Driver version" and "Windows version" columns, where some of the items have the values swapped - including the Alfa item. This wiki page says it may or may not work, depending on the Windows version and the driver. WinPcap doesn't support monitor mode if you have WinPcap installed, un-install it, and install Npcap. Now why monitor mode isn't working is another matter. ![]() That's the mode that's used by WinPcap and Npcap if a caller turns on "promiscuous mode" (it's the correct mode to use for Ethernet adapters), so turning on "promiscuous mode" in sniffers using libpcap/WinPcap/Npcap, such as Wireshark, may not work for 802.11 adapters. If you want to see the VLAN tags when capturing on one of those adapters in promiscuous mode on Windows. Some more sophisticated adapters will handle VLAN tags in the adapter and/or the driver. So it may be that promiscuous mode, in the NDIS_PACKET_TYPE_PROMISCUOUS sense, doesn't work on 802.11 adapters unless you're in monitor mode. In that case, Wireshark will see VLAN tags and can handle and show them. I have some vague memory that the first of those used to say " must fail the request" rather than "must not fail the request", which would be more consistent with the second of those. So they're saying both "the driver must allow NDIS_PACKET_TYPE_PROMISCUOUS to be set in modes other than NetMon mode" and "NDIS_PACKET_TYPE_PROMISCUOUS is only valid in NetMon and AP modes". Note It is only valid for the miniport driver to enable the NDIS_PACKET_TYPE_PROMISCUOUS, NDIS_PACKET_TYPE_802_11_PROMISCUOUS_MGMT, or NDIS_PACKET_TYPE_802_11_PROMISCUOUS_CTRL packet filters if the driver is operating in Network Monitor (NetMon) or Extensible Access Point (AP) modes. However, Guidelines for 802.11 Promiscuous Receive Operations says: Note When the miniport driver is in Native 802.11 modes other than NetMon, and OID_GEN_CURRENT_PACKET_FILTER is set, the driver must not fail the set request if any promiscuous or raw filter settings are enabled in the OID data. The whole point of promiscuous mode, I thought was to enable me to sniff traffic on the airwaves that did not involve my sniffing machine. ![]() Wireshark is not seeing wifi transmissions that are not addressed to the laptop, they are filtered out before Wireshark. To quote the page for the OID_GEN_CURRENT_PACKET_FILTER OID: My conclusion is, Im not in promiscuous mode. On Windows, however, it's not clear whether "promiscuous" mode, as opposed to monitor mode, is supported on 802.11 adapters. In promiscuous mode, the NIC allows all frames through, so even frames intended for other machines or network devices can be read. The AR 9271 data sheet has a PROMISCUOUS bit in the receive filter register, described as "Promiscuous receive enable Enable reception of all frames, including errors", which sounds like monitor mode.Īnd, in fact, the Linux ath9k driver turns that bit on for monitor mode. Alfa's page for the AWUS036NHA says the chipset is the Atheros AR9271.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |