Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Npcap WLANHELPER unable to select channel with NETGEAR A6200 #1782

Open
matthias-he opened this issue Oct 11, 2019 · 7 comments

Comments

@matthias-he
Copy link

@matthias-he matthias-he commented Oct 11, 2019

The below screenshot command sequence (in administrator mode) speaks for itself. WLANHELPER can set the Netgear A6200 into monitor mode but cannot set it to a specific WiFi channel or frequency.

Npcpap was uninstalled and reinstalled with option "Support raw 802.11 traffic" checked, and the system was rebooted between uninstall and reinstall. No success.

C:\Windows\System32\Npcap>netsh wlan show interfaces

There are 2 interfaces on the system:

Name                   : Wi-Fi
Description            : Realtek RTL8723BS Wireless LAN 802.11n SDIO Network Adapter
GUID                   : 90236bb9-5db3-4cd6-8eeb-71feae3e559e
Physical address       : 8c:18:d9:48:bd:89
State                  : disconnected
Radio status           : Hardware On
                         Software On

Name                   : Wi-Fi 2
Description            : NETGEAR A6200 WiFi Adapter
GUID                   : f5e950fc-d049-4c10-938d-f59b05888be8
Physical address       : 20:0c:c8:1e:71:4d
State                  : disconnected
Radio status           : Hardware On
                         Software On

Hosted network status  : Not available

C:\Windows\System32\Npcap>wlanhelper f5e950fc-d049-4c10-938d-f59b05888be8 mode monitor
Success

C:\Windows\System32\Npcap>wlanhelper f5e950fc-d049-4c10-938d-f59b05888be8 channel 6
Error: makeOIDRequest::My_PacketOpenAdapter error (to use this function, you need to check the "Support raw 802.11 traffic" option when installing Npcap)
Failure

C:\Windows\System32\Npcap>wlanhelper f5e950fc-d049-4c10-938d-f59b05888be8 freq 2437
Error: makeOIDRequest::My_PacketOpenAdapter error (to use this function, you need to check the "Support raw 802.11 traffic" option when installing Npcap)
Failure

@matthias-he

This comment has been minimized.

Copy link
Author

@matthias-he matthias-he commented Oct 24, 2019

Just in case there is a question about having all the right files in the right directory path. Below is a readout.

Directory of C:\Windows\System32\Npcap

10/08/2019 04:36 AM

.
10/08/2019 04:36 AM ..
09/04/2019 04:24 PM 102,712 NpcapHelper.exe
09/04/2019 04:24 PM 161,592 Packet.dll
09/04/2019 04:24 PM 64,312 WlanHelper.exe
09/04/2019 04:24 PM 387,384 wpcap.dll
4 File(s) 716,000 bytes
2 Dir(s)

@dbalsom

This comment has been minimized.

Copy link

@dbalsom dbalsom commented Oct 24, 2019

@matthias-he : i've been adding debug code to wlanhelper and compiling it to explore our error message here. it looks like enumeration of devices is also failing (PacketGetAdapterNames) wlanhelper doesn't directly use this function, but you can test it with windump for npcap

https://github.com/hsluoyz/WinDump/releases

Run windump -D - do you get any output? You should get a list of devices. If you get no output, it's no good.

I have compiled a debug version of packet.dll that logs the problem when i try to retrieve mode for my adapter:

[000056EC] 2019-10-23 23:50:19 <-- PacketGetAdaptersIPH
[000056EC] 2019-10-23 23:50:19 <-- PacketPopulateAdaptersInfoList
[000056EC] 2019-10-23 23:50:19 NOT found AdInfo for adapter \Device\NPCAP_WIFI_{3d41567b-39b7-4fa1-8b99-xxxxxxxxxx}
[000056EC] 2019-10-23 23:50:19 <-- PacketFindAdInfo
[000056EC] 2019-10-23 23:50:19 Looking for the adapter in our list 2nd time...
[000056EC] 2019-10-23 23:50:19 Failed to open it as a DAG/ERF file, failing with ERROR_BAD_UNIT
[000056EC] 2019-10-23 23:50:19 <-- PacketOpenAdapter
[000056EC] 2019-10-23 23:50:19 --> DllMain
[000056EC] 2019-10-23 23:50:19 --> NpcapStopHelper
[000056EC] 2019-10-23 23:50:19 <-- NpcapStopHelper
[000056EC] 2019-10-23 23:50:19 <-- DllMain

Compare to successful mode retrieval on Windows 7 machine:

[00001520] 2019-10-24 00:09:57 --> PacketFindAdInfo
[00001520] 2019-10-24 00:09:57 Found AdInfo for adapter \Device\NPCAP_WIFI_{1d05a9db-fd9b-46bf-86a7-xxxxxxxxxxxx}
[00001520] 2019-10-24 00:09:57 <-- PacketFindAdInfo
[00001520] 2019-10-24 00:09:57 Looking for the adapter in our list 2nd time...
[00001520] 2019-10-24 00:09:57 Adapter found in our list. Check adapter type and see if it's actually supported.
[00001520] 2019-10-24 00:09:57 Normal NPF adapter, trying to open it...
[00001520] 2019-10-24 00:09:57 --> PacketOpenAdapterNPF
[00001520] 2019-10-24 00:09:57 Trying to open adapter \Device\NPCAP_WIFI_{1d05a9db-fd9b-46bf-86a7-xxxxxxxxxxxx}
[00001520] 2019-10-24 00:09:57 --> PacketStartService
[00001520] 2019-10-24 00:09:57 NPF registry key present, driver is installed.
[00001520] 2019-10-24 00:09:57 Trying to see if the NPF service is running...
[00001520] 2019-10-24 00:09:57 <-- PacketStartService
[00001520] 2019-10-24 00:09:57 --> NpcapIsAdminOnlyMode
[00001520] 2019-10-24 00:09:57 <-- NpcapIsAdminOnlyMode
[00001520] 2019-10-24 00:09:57 SymbolicLinkA = \.\Global\NPCAP_WIFI_{1d05a9db-fd9b-46bf-86a7-xxxxxxxxxxxx}, lpAdapter->hFile = 000000c0
[00001520] 2019-10-24 00:09:57 --> PacketSetReadEvt
[00001520] 2019-10-24 00:09:57 <-- PacketSetReadEvt
[00001520] 2019-10-24 00:09:57 --> PacketSetMaxLookaheadsize
[00001520] 2019-10-24 00:09:57 --> PacketRequest
[00001520] 2019-10-24 00:09:57 PacketRequest: OID = 0x00010105, Length = 4, Set = 0, Result = 1
[00001520] 2019-10-24 00:09:57 <-- PacketRequest
[00001520] 2019-10-24 00:09:57 --> PacketRequest
[00001520] 2019-10-24 00:09:57 PacketRequest: OID = 0x0001010f, Length = 4, Set = 1, Result = 1
[00001520] 2019-10-24 00:09:57 <-- PacketRequest
[00001520] 2019-10-24 00:09:57 <-- PacketSetMaxLookaheadsize
[00001520] 2019-10-24 00:09:57 Successfully opened adapter
[00001520] 2019-10-24 00:09:57 <-- PacketOpenAdapterNPF
[00001520] 2019-10-24 00:09:57 <-- PacketOpenAdapter
[00001520] 2019-10-24 00:09:57 --> PacketRequest

@matthias-he

This comment has been minimized.

Copy link
Author

@matthias-he matthias-he commented Oct 24, 2019

@dbalsom

Here is a Windump readout followed by the WiFi hardware detection of wlanhelper. The Netgear A6200 driver version is 6.32.145.8 dated 4/25/2014. That is the latest driver version 1.0.0.35 from the Netgear web site.

I find it curious that in the Windump readout the Netgear A6200 device, " 6.\Device\NPF_{F5E950FC-D049-4C10-938D-F59B05888BE8} ", is referenced by the vendor name 'Microsoft' rather than 'Netgear' as I would have expected.

Microsoft Windows [Version 10.0.18362.418]
(c) 2019 Microsoft Corporation. All rights reserved.

C:\Windows\System32\Npcap>dir
Volume in drive C is Windows
Volume Serial Number is XXXX-XXXX

Directory of C:\Windows\System32\Npcap

10/24/2019 01:22 AM

.
10/24/2019 01:22 AM ..
09/04/2019 04:24 PM 102,712 NpcapHelper.exe
09/04/2019 04:24 PM 161,592 Packet.dll
06/02/2017 11:13 PM 584,704 WinDump.exe
09/04/2019 04:24 PM 64,312 WlanHelper.exe
09/04/2019 04:24 PM 387,384 wpcap.dll
5 File(s) 1,300,704 bytes
2 Dir(s) 7,899,918,336 bytes free

C:\Windows\System32\Npcap>windump -D
1.\Device\NPF_{86B2D2B1-023F-4882-BBF1-5DD8FC4D59CD} (NdisWan Adapter)
2.\Device\NPF_{90236BB9-5DB3-4CD6-8EEB-71FEAE3E559E} (Microsoft)
3.\Device\NPF_{294C09E1-1290-409C-B572-3A6BC789F7A0} ()
4.\Device\NPF_{ED4E4F00-41AB-4639-9827-A434D4FE3DC3} (Research In Motion)
5.\Device\NPF_{15CC6FDE-CB0D-4AF3-8B9E-5E6A388E19C5} (NdisWan Adapter)
6.\Device\NPF_{F5E950FC-D049-4C10-938D-F59B05888BE8} (Microsoft)
7.\Device\NPF_{6A29F159-CE9C-4B49-9B3B-CEE07A18C8B8} (Realtek )
8.\Device\NPF_{AAECDFF1-7381-45AC-A3C9-BBDA41C020C9} (Microsoft)
9.\Device\NPF_{9FCE5643-71A9-4B7B-B147-1D39081DCF59} (Microsoft)
10.\Device\NPF_{B6C04944-DCF9-41A9-9BCE-8CAAFC003642} (Microsoft)
11.\Device\NPF_{DE15F278-11FD-4EF4-A8EC-7CED630D9055} (NdisWan Adapter)
12.\Device\NPF_Loopback (Adapter for loopback traffic capture)
13.\Device\NPF_{519A381C-D88C-4518-84FF-349AD63940C6} (TAP-Windows Adapter V9)

C:\Windows\System32\Npcap>wlanhelper -i
WlanHelper [Interactive Mode]:


  1. 90236bb9-5db3-4cd6-8eeb-71feae3e559e
    Name: Wi-Fi
    Description: Realtek RTL8723BS Wireless LAN 802.11n SDIO Network Adapter
    State: "disconnected"
    Operation Mode: "Extensible Station (ExtSTA)"
  2. f5e950fc-d049-4c10-938d-f59b05888be8
    Name: Wi-Fi 2
    Description: NETGEAR A6200 WiFi Adapter
    State: "disconnected"
    Operation Mode: "Extensible Station (ExtSTA)"
    Enter the choice (0, 1,..) of the wireless card you want to operate on:
@dbalsom

This comment has been minimized.

Copy link

@dbalsom dbalsom commented Oct 24, 2019

So you are not having enumeration issues. I think it would be good if you got a debug packet.dll. It was not difficult to compile with visual studio. You can get verbose logging from wlanhelper that way.

@dbalsom

This comment has been minimized.

Copy link

@dbalsom dbalsom commented Oct 27, 2019

Update: 0.992 Works on Windows 10!

Turns out my problem on Windows 10 was that even after uninstall, npcap.sys version 0.9983 was left in the C:\Windows\System32\drivers directory. So when I reinstalled 0.992 it was not overwritten.

Try this:
Uninstall Wireshark 3.0.X and npcap
Check for and delete C:\Windows\System32\drivers\npcap.sys if necessary
Install Wireshark 3.0.1 and npcap 0.992

Try changing mode with wlanhelper now:
C:\Windows\System32\Npcap>wlanhelper 3d41567b-39b7-4fa1-8b99-f8b5701cd000 mode monitor
Success

channel change:
C:\Windows\System32\Npcap>wlanhelper 3d41567b-39b7-4fa1-8b99-f8b5701cd000 channel 6
Success

Wireshark captures packets!

@michalfita

This comment has been minimized.

Copy link

@michalfita michalfita commented Nov 4, 2019

The last advice works for me either, so I managed to get properly working commands.

However Intel(R) Wireless-AC 9560 160MHz seem to support only managed mode. According to people that card works in monitor mode under Linux.

@dbalsom

This comment has been minimized.

Copy link

@dbalsom dbalsom commented Nov 15, 2019

The unfortunate coda this story:

Even after getting my A6210 working I find that it drops too many packets in monitor mode to be useful, even under Linux, so it is not a npcap problem.

I have switched to a Linksys WUSB6300 which does a great job. No luck getting that one to work with npcap at all, so I am using a Kali Linux VM and doing usb-passthrough. The latest Kali dkms drivers work great.

In retrospect I spent way too much time on this issue trying to get a $50 adapter working. It isn't worth your time and effort. Try something else.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.