New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Supported adapter - monitor mode #1466

Open
gpotter2 opened this Issue Feb 8, 2019 · 6 comments

Comments

Projects
None yet
3 participants
@gpotter2
Copy link

gpotter2 commented Feb 8, 2019

Hi, I happened to try Npcap monitor mode on a Windows 7 machine. Would you mind adding it to https://secwiki.org/w/Npcap/WiFi_adapters ? Thanks

  • Atheros AR9285 Wireless Network Adapter
  • monitor mode capture: yes + works
  • FCS: bad FCS
  • dBm_AntSignal: yes
  • channel/frequency: no
  • tried out on 0.99-r9 on a Windows 7 v6.1.7601
@gpotter2

This comment has been minimized.

Copy link
Author

gpotter2 commented Feb 8, 2019

Side off-topic questions, if you have time:

  • I’ve noticed

Note: These features are part of the "Native 802.11 WLAN" interface, which is deprecated in Windows 10. It is possible that a device listed here under Windows 10 may perform better in Windows 8 or 8.1.

What are the plans against that ? From a quick search, I couldn’t find any documentation about the new universal device drivers supporting raw 802.11

  • I read the very interesting #1234
    and the Npcap doc (especially the custom Npcap functions), are there equivalents to pcap_setmode for other parameters (monitor mode, channel, frequency...) ? We’re calling WlanHelper for now, but that’s not great..
@guyharris

This comment has been minimized.

Copy link

guyharris commented Feb 10, 2019

  • I read the very interesting #1234
    and the Npcap doc (especially the custom Npcap functions), are there equivalents to pcap_setmode for other parameters (channel, frequency...) ? We’re calling WlanHelper for now, but that’s not great..

libpcap currently has no APIs for setting 802.11 parameters. (And if by "other" parameters you mean "other than monitor mode", pcap_setmode() doesn't affect monitor mode, pcap_set_rfmon() does.)

@guyharris

This comment has been minimized.

Copy link

guyharris commented Feb 10, 2019

Side off-topic questions, if you have time:

  • I’ve noticed

Note: These features are part of the "Native 802.11 WLAN" interface, which is deprecated in Windows 10. It is possible that a device listed here under Windows 10 may perform better in Windows 8 or 8.1.

What are the plans against that ? From a quick search, I couldn’t find any documentation about the new universal device drivers supporting raw 802.11

OK, so Microsoft's "Native 802.11 Wireless LAN Drivers" page says

The Native 802.11 Wireless LAN interface was superceded in Windows 10 and later by the [WLAN Universal Driver Model (WDI)](url
https://docs.microsoft.com/en-us/windows-hardware/drivers/network/wifi-universal-driver-model).

The "WLAN Universal Windows driver model" page, in turn, has a "Getting Started with Universal Windows drivers" link, and that link now takes you to the "Windows Driver Kit documentation" page. That page has a link to the WDK DDI Reference, and, on that page, under "Connectivity", there's a "Network" link that, helpfully, takes you to the "Networking drivers for Windows Vista and later" page - the "Vista" isn't entirely a good sign that you'll be getting Shiny New Documentation, but if you scroll down to "NetAdapterCx", it says:

Starting in Windows 10, version 1703, the Windows Driver Kit (WDK) includes a class extension module (NetAdapterCx) that enables you to write a KMDF-based networking (NDIS) client driver for Network Interface Cards (NICs). The client driver interacts with NetAdapterCx, which acts as a bridge to traditional NDIS.

For more info about NetAdapterCx, see [Network Adapter WDF Class Extension (Cx)](Network Adapter WDF Class Extension (Cx)).

Well, the "WLAN Universal Windows driver model" mentioned above says

To write a universal WLAN driver, see [Getting Started with Universal Windows drivers](url
https://msdn.microsoft.com/windows-drivers/develop/getting_started_with_universal_drivers), and follow the steps in the section titled Building a Universal Windows driver to build a universal driver using the Kernel Mode Driver (KMDF) template.

which is encouraging, as it also mentions KMDF.

So it sounds as if NetAdapterCx might be worth looking at; the "Network Adapter WDF Class Extension (NetAdapterCx)" page says

NetAdapterCx gives you the power and flexibility of WDF and the networking performance of NDIS, and makes it easy to write a driver for your NIC.

which sounds as if it's glue between WDF (which I guess is related to WDI) and NDIS.

If that's what it's all about, it may be that, at the layer at which the Npcap driver resides, all you see is NDIS, and you have no idea whether the hardware driver is a Boring Old NDIS Driver or a Shiny New Universal driver - meaning Microsoft addressed the "The Native 802.11 Wireless LAN interface was superceded in Windows 10 and later by the WLAN Universal Driver Model (WDI)" statement to miniport driver writers, not to people trying to beat Windows into something that supports libpcap. :-)

@gpotter2

This comment has been minimized.

Copy link
Author

gpotter2 commented Feb 10, 2019

Thanks for your detailed answers !

And if by "other" parameters you mean "other than monitor mode", pcap_setmode() doesn't affect monitor mode, pcap_set_rfmon() does.

You are right, I was confused by the name. I actually noticed my mistake while trying to use it.

@fyodor

This comment has been minimized.

Copy link

fyodor commented Feb 13, 2019

Thanks Gabriel. I added the Atheros AR9285 entry to https://secwiki.org/w/Npcap/WiFi_adapters

@gpotter2 gpotter2 closed this Feb 13, 2019

@gpotter2 gpotter2 reopened this Feb 13, 2019

@gpotter2

This comment has been minimized.

Copy link
Author

gpotter2 commented Feb 13, 2019

@fyodor Thanks. Note dBm_AntSignal = RSSI, (sorry if that was unclear) so this is supported (you registered N/A)

Feel free to close once fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment