Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to capture raw Wi-Fi packets with supported adapter (NETGEAR A6210) #133

Closed
nbernhardt opened this issue Oct 8, 2019 · 12 comments
Closed

Unable to capture raw Wi-Fi packets with supported adapter (NETGEAR A6210) #133

nbernhardt opened this issue Oct 8, 2019 · 12 comments

Comments

@nbernhardt
Copy link

I have a system that I have been trying to convert from using AirPcap and WinPcap to using a network adapter and Npcap to capture raw 802.11 traffic. However, up to this point I have been entirely unable to view any traffic at all in Wireshark, despite selecting an appropriate adapter from https://secwiki.org/w/Npcap/WiFi_adapters (NETGEAR A6210), and enabling monitor mode using wlanhelper.
To summarize steps I have taken (and repeated on other machines/after uninstalling all software):

  1. Install npcap (with raw 802.11 traffic and API enabled)
  2. Run wlanhelper.exe in interactive mode to set Wi-Fi to monitor mode (some issues here)
    • when running "wlanhelper Wi-Fi mode" -> Error: makeOIDRequest::initPacketFunctions
    • when running "wlanhelper Wi-Fi channel" -> Error: makeOIDRequest::initPacketFunctions
    • some other parameters cause similar issue
  3. Install and run Wireshark in administrator mode, capture->options->monitor mode checked

When I start the capture on the appropriate device, no packets are received whatsoever. I am fairly certain based on the wiki page that the device I selected should work, and that based on the output I receive from wlanhelper that it has been properly set to monitor mode. Wireshark then shows that it does allow monitor mode, but when I ensure that the monitor mode box is checked, there are no packets seen by the device. Based on some strange issues I receive in using wlanhelper I wonder if my issue lies with Npcap specifically.

I have checked (and tried deleting) the Packet.dll and wpcap.dll files located in C:/Windows/System32 and C:/Windows/SystemWOW64 (Leaving the ones in their respective \Npcap\ folder alone) as some users had deemed helpful in the comments of a blog post, but with no luck there.

I have tried other machines that had never had WinPcap or Npcap installed to try for a more "fresh" environment.

Below is a sample of the output I receive when trying a few different actions in wlanhelper.

wlanhelper_output

I have made sure that my drivers for my network device match those detailed in the wiki link that I found it in.

Please, if you have any ideas for how I can fix this issue, I have spent upwards of 50 to 60 hours trying to fix these issues. If there is any more data I can provide let me know.
@matthias-he
Copy link

I have found the same problem for the Netgear A6200 that I am using. Npcap will set it to monitor mode but it throws an error if trying to select any specific WiFi channel or frequency after it is in monitoring mode.

@nbernhardt
Copy link
Author

Do you receive any packets after you set it to monitor mode? Wireshark shows nothing being received for me.

@matthias-he
Copy link

No packets received in WireShark. But without specifying a channel to monitor I did not expect the adapter to actually receive and monitor anything.

I also opened an issue about this here: Npcap WLANHELPER unable to select channel with NETGEAR A6200 #132 https://github.com/nmap/nmap/issues/1782

@dbalsom
Copy link

dbalsom commented Oct 23, 2019

I'm struggling with a similar issue with npcap at the Netgear A6210.
C:\Windows\System32\Npcap>wlanhelper Wi-Fi mode
"Error: makeOIDRequest::My_PacketOpenAdapter error (to use this function, you need to check the "Support raw 802.11 traffic" option when installing Npcap)"

  • even though the option was selected during install.

I was able to get the Netgear A6210 working in monitor mode in a VMWare Windows 7 Guest using npcap version 0.992 bundled with Wireshark 3.0.1. The latest npcap version had the same problem.

Unfortunately 0.992 on Windows 10 doesn't appear to work, either.

@dbalsom
Copy link

dbalsom commented Oct 24, 2019

@nbernhardt, I've been looking at the source code for wlanhelper. The error message you're getting, makeOIDRequest::initPacketFunctions, refers to an error loading "packet.dll" which should be in the same directory as wlanhelper.exe. All the initPacketFunctions function tries to do is open this dll and retrieve three process addresses from it. It isn't even initializing any driver functions.
Given that, I don't think this particular error has anything to do with your wireless driver at this point. Can you check the properties on your 'packet.dll' and make sure it is the same "Product Version" as wlanhelper.exe? Make sure you don't have any other 'packet.dll' in your PATH?

@matthias-he
Copy link

In my case, the Npcap directory contains all needed files with the newest version dates. Not able to set Wifi frequency as stated in previous comment,

Directory of C:\Windows\System32\Npcap

10/08/2019 04:36 AM

.
10/08/2019 04:36 AM ..
09/04/2019 04:24 PM 102,712 NpcapHelper.exe
09/04/2019 04:24 PM 161,592 Packet.dll
09/04/2019 04:24 PM 64,312 WlanHelper.exe
09/04/2019 04:24 PM 387,384 wpcap.dll
4 File(s) 716,000 bytes
2 Dir(s)

@nbernhardt
Copy link
Author

I have tried removing both Packet.dll and wpcap.dll files found in both C:/Windows/System32 and C:/Windows:/SysWOW64, then reinstalling npcap to ensure that these .dll files are up to date. The number of times I have tried to do this is easily in the dozens at this point, but I still have yet to capture any raw WiFi packets while using Windows.
Perhaps the most frustrating part is how easy it is to accomplish my original goal in linux... I was able to capture raw WiFi packets within a half an hour of trying on my personal linux machine. Unfortunately, for my original purpose I am required to use Windows, so I am left looking for another method in the meantime.
If anyone has the ability to use Linux to raw WiFi packets rather than use Windows, I would highly recommend it. A very easy to follow guide that I used on my personal computer to great success was:
http://netgab.net/web/2016/12/23/wlan-traffic-capture-2-linux/
Good luck everyone, if you have any ideas regarding how to get this working on Windows, I'm all ears.

@dbalsom
Copy link

dbalsom commented Oct 25, 2019
edited

@nbernhardt could you zip your wlanhelper.exe and packet.dll and attach?

I also notice you are running wlanhelper from c:\users somehow. did you add to path or did you copy the executable? Do you get the same error when you run from c:\windows\system32\npcap?

@HeyEddie
Copy link

EXACT. SAME. PROBLEM.

A6210 I have been using for months no I can't capture at all.

C:\Windows\System32\Npcap>wlanhelper 6135ad45-6193-4261-a5f3-cd472045c564 channel 100
Error: makeOIDRequest::My_PacketOpenAdapter error (to use this function, you need to check the "Support raw 802.11 traffic" option when installing Npcap)
Failure

@dbalsom
Copy link

dbalsom commented Nov 15, 2019
edited

@HeyEddie That's actually a different error than nbernhardt is getting.

There's an issue open for the My_PacketOpenAdapter error: https://github.com/nmap/nmap/issues/1782 The short of it I was able to get it working on npcap 0.992.

The unfortunate coda to that story is that I have found that the A6210 in monitor mode drops too many packets to be useful, even in linux. I could only capture maybe 1/4 of the frames of an EAP-TLS negotiation...

I have since switched to a Linksys WUSB6300. But I have also given up trying to use monitor mode on Windows. If you are stuck with a Windows machine I recommend running Kali Linux in a VM and doing usb-passthrough with your wireless adapter. Your time is valuable and these adapters don't cost much. Don't spend ages trying to get something to work.

@HeyEddie
Copy link

I came to the exact same conclusion. Switched to Kali.

@fyodor fyodor transferred this issue from nmap/nmap May 20, 2020
dmiller-nmap pushed a commit that referenced this issue Mar 2, 2021
@bonsaiviking
Use correct device name syntax in WlanHelper
bd76da2 
Fixes #122. Fixes #132. Fixes #134. Fixes #159.
Possibly also #210, #133, and #136, but those also mention not being
able to capture in monitor mode no matter what, so those issues may
involve other bugs or incompatibilities.
@dmiller-nmap
Copy link
Contributor

This issue is resolved in Npcap 1.30.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dbalsom @dmiller-nmap @nbernhardt @matthias-he @HeyEddie