Wireshark-dev: Re: [Wireshark-dev] How Wireshark supports monitor mode for WLAN 802.11 adapter
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Mon, 11 Jan 2016 18:00:54 -0800
On Jan 11, 2016, at 7:12 AM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:

> On Thu, Jan 7, 2016 at 1:08 PM, Guy Harris <guy@xxxxxxxxxxxx> wrote:
> 
>> Yang, you might want to try the NPcap with monitor mode support with the latest version of Wireshark (either check it out from source and build it, or wait for the next Windows buildbot build to complete).
> 
> I still couldn't build Wireshark successfully,

What build failures are you getting?

> so I don't know if I can make any changes about it. By trying with the latest Wireshark, does it mean that Wireshark has already been patched to add the support of monitor mode?

Support for attempting to set monitor mode in the capture GUI (and on the command line with the -I flag) was *already* present in Wireshark if you were building for UN*X and the libpcap with which you're building it includes pcap_create() (and if pcap_can_set_rfmon() says the interface in question supports monitor mode).

Anders and my changes add, to the current version of Wireshark, on Windows, the ability use pcap_create(), pcap_can_set_rfmon(), pcap_set_rfmon(), and pcap_activate(), and thus to provide the same support for attempting to set monitor mode in the capture GUI, if Wireshark is built with a version of the WinPcap SDK that has those routines (which the nightly builds should be), and if running with a version of WinPcap that has those routines (which, once you have the Npcap code finished, Npcap will be), *and* if pcap_can_set_rfmon() says the interface in question supports monitor mode.

So you should try the latest build from the trunk.

> I don't quite understand the legacy issues mentioned above,

If by "legacy issues" you're referring to have Wireshark continue to be able to use WinPcap 3.x even if built with WinPcap 4.x, my changes should handle that.