Hi list,
I am considering adding native 802.11 packet capturing support (including management and control frames) in Npcap. This is possible because Microsoft Network Monitor already implements this feature for Vista and later.
In Npcap's libpcap/wpcap part, I have added the monitor mode support by changing two places, I don't know if this is the right way:
1) pcap_activate_win32 function in \wpcap\libpcap\pcap-win32.c:
Line 569
if (p->opt.rfmon) {
/*
* No monitor mode on Windows XP and earlier. It could be done on
* Vista with drivers that support the native 802.11
* mechanism and monitor mode.
*/
DOT11_CURRENT_OPERATION_MODE operation_mode;
operation_mode.uCurrentOpMode = DOT11_OPERATION_MODE_NETWORK_MONITOR;
if (pcap_oid_set_request_win32(p, OID_DOT11_CURRENT_OPERATION_MODE, &operation_mode, sizeof(DOT11_CURRENT_OPERATION_MODE)) != 0)
return (PCAP_ERROR_RFMON_NOTSUP);
}
So instead of originally return (PCAP_ERROR_RFMON_NOTSUP);, this code will set the monitor mode of the adapter.
2) pcap_cant_set_rfmon function in wpcap\libpcap\pcap.c:
Line 98
/*
* For systems where rfmon mode is never supported.
*/
static int
pcap_cant_set_rfmon(pcap_t *p _U_)
{
return (1);
// return (0);
}
I changed this function to always returning 1, which means "supported". I know here I should check whether the adapter supports the monitor mode, but I found no way to check. All I can do is to get/set the current mode using the OID way above.
After all these changes, there's no change in Wireshark, I didn't find a place to switch on/off the monitor mode like Microsoft Network Monitor. So I doubt whether Wireshark supports the monitor mode of Wlan in Windows? And how Wireshark UI make use of the monitor mode? Thanks.
Cheers,
Yang
