search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
2.92k stars 508 forks source link

Npcap: No "Monitor Mode" checkbox in “Capture options” in Wireshark #429

Closed taismi closed 3 years ago

taismi commented 7 years ago

There is no No "Monitor Mode" checkbox in “Capture options” in Wireshark (GTK version) 2.2.5. No packets are captured. I'm using Netgear A6200 with newest drivers. Windows 10 64 bit.

I have tried to follow Wireshark section in https://rawgit.com/nmap/npcap/master/docs/npcap-guide-wrapper.html#npcap-feature-dot11 .

C:\Program Files\Npcap>NPFInstall.exe -i2
Npcap LWF driver (with Wi-Fi support) has been successfully installed!

Diag report: http://pastebin.com/3urTeM6x

Instal log: http://pastebin.com/LkcqK94e

http://i.imgur.com/WS7mqnp.png

This might be a simple problem but I can't capture packets and I'm in hurry.

hsluoyz commented 7 years ago

Hi @taismi,

Your DiagReport and Install log have expired:

image

Could you upload it in this conversation? Thanks.

hsluoyz commented 7 years ago

Hi @taismi ,

I just tested it under Npcap 0.90, Wireshark 2.2.6 QT, Windows 10 x64. And the monitor mode works well like the following picture:

image

Please do not install the wifi driver by calling NPFInstall.exe -i2 manually. That command may not work any more. Please use the Npcap GUI installer, and choose the 802.11 option. It's the safest way.

And you can use the Wireshark QT GUI, instead of the GTK one. I found that the GTK UI doesn't have a place to set the monitor mode in 2.2.6. Maybe Wireshark has disabled this feature in this release. So please try it with the QT UI.

taismi commented 7 years ago

wireshark-gui-monitor_mode

Install log: https://pastebin.com/BzDi7D51 Diag: https://pastebin.com/w70hUGiL

hsluoyz commented 7 years ago

Let me store it here in case it's gone again..

DiagReport.txt

Install.txt

hsluoyz commented 7 years ago

From your DiagReport, I saw:

    Directory: C:\WINDOWS\System32

Mode                LastWriteTime         Length Name                                                                  
----                -------------         ------ ----                                                                  
-a----         1.3.2013      3.49         107768 Packet.dll                                                            
-a----         1.3.2013      3.49         370424 wpcap.dll

It means that you didn't uninstall WinPcap 4.1.3 thoroughly last time. And its DLLs (wpcap.dll, Packet.dll) still remain in C:\WINDOWS\System32 (and also C:\WINDOWS\SysWOW64 for 32-bit apps). So please remove those WinPcap legacy DLLs manually at those folders. And try again.

taismi commented 7 years ago

Thanks. Now there is monitor mode checkbox and I can see beacon frames etc.

For sure I reinstalled Netgear A6200 drivers and Npcap. Interface name WLAN2 is now Microsoft: WLAN. I installed A6200-standalone-V1.0.0.35.exe. Wireless toolbar in Wireshark i grayed out so I can't change channel. I cannot find channel information from radiotap header either.

Driver version is: 6.32.145.8 (25.4.2014)

hsluoyz commented 7 years ago

If I remember right, Netgear A6200 just doesn't support changing channel on Windows. I don't know this is limited by its hardware or by its driver on Windows. If it can work on another OS like Ubuntu, then it should be the driver issue. It is hardly Npcap's problem, because I have implemented the changing channel code in Npcap driver, and Npcap can change channel in another adapter of mine (an Atheros NIC on my last laptop).

You can make a little more test to re-check this thing. Use the WlanHelper.exe utility installed with Npcap, should be in C:\WINDOWS\System32\Npcap. It supports doing the Wlan specific operations, have better functionality than the Wireshark UI. Use -h to see the help.

taismi commented 7 years ago

This worked. WlanHelper 8c309594-364d-425a-98f7-7ba157b84aa6 channel 11

My Netgear A6200 has a Broadcom BCM43526 chip. Netgear A6210 has a MediaTek MT7612U chip. If I have time I'll test A6210 tomorrow.

Many thanks to you. Finally I can start debugging our wlan promlems.

Edit... Occasionally capturing stops receiving frames. I have to restart capture.

hsluoyz commented 7 years ago

OK. I'll close the issue now.

huzaifazafar108 commented 6 years ago

@taismi @hsluoyz do you think the A7000 supports network monitor mode?

I used the same steps as mentioned in this thread but still unable to see the monitor mode checkbox in Wireshark. Kindly help when you get a chance.

hsluoyz commented 6 years ago

Please paste the error of WlanHelper.exe here.

rafafilho11 commented 5 years ago

My wireshar is on the promiscouous mode, but I can't see the WLAN traffic information when I see on the wireshark. Can anyone help me ?

SSID: MySSID Protocolo: 802.11n Tipo de segurança: WPA2-Personal Banda de rede: 2,4 GHz Canal de rede: 11 Fabricante: Intel Corporation Descrição: Intel(R) Dual Band Wireless-N 7260 Versão do driver: 18.33.7.2

image

image