Open kmramn opened 5 days ago
(Single quotes do not serve as "make this fixed-width text" brackets; you must use three backquotes, ```. Here's a properly-fixed-widthified, and better-indented, version of the code, which should be easier to read.)
#include <pcap.h>
#pragma comment(lib, "wpcap.lib")
#include <Windows.h>
#include <winerror.h>
#include <stdio.h>
#include
using namespace std;
#include <tchar.h>
#include <strsafe.h>
#include <time.h>
BOOL LoadNpcapDlls()
{
_TCHAR npcap_dir[512];
UINT len;
len = GetSystemDirectory(npcap_dir, 480);
if (!len) {
fprintf(stderr, "Error in GetSystemDirectory: %x", GetLastError());
return FALSE;
}
_tcscat_s(npcap_dir, 512, _T("\Npcap"));
if (SetDllDirectory(npcap_dir) == 0) {
fprintf(stderr, "Error in SetDllDirectory: %x", GetLastError());
return FALSE;
}
return TRUE;
}
void packet_handler(u_char *param, const struct pcap_pkthdr *header, const u_char *pkt_data)
{
struct tm ltime;
char timestr[16];
time_t local_tv_sec;
(VOID)(param);
(VOID)(pkt_data);
/* convert the timestamp to readable format */
local_tv_sec = header->ts.tv_sec;
localtime_s(<ime, &local_tv_sec);
strftime(timestr, sizeof timestr, "%H:%M:%S", <ime);
printf("%s,%.6d len:%d\n",
timestr, header->ts.tv_usec, header->len);
}
/* Main Decleration */
void wmain()
{
pcap_if_t *alldevs;
pcap_if_t *d;
int inum;
int i = 0;
pcap_t *adhandle;
char errbuf[PCAP_ERRBUF_SIZE];
/* Load Npcap and its functions. */
if (!LoadNpcapDlls())
{
fprintf(stderr, "Couldn't load Npcap\n");
exit(1);
}
/* Retrieve the device list on the local machine */
if (pcap_findalldevs_ex(PCAP_SRC_IF_STRING,
NULL, &alldevs, errbuf) == -1)
{
fprintf(stderr, "Error in pcap_findalldevs: %s\n", errbuf);
exit(1);
}
/* Print the list */
for (d = alldevs; d; d = d->next)
{
printf("%d. %s", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if (i == 0)
{
printf("\nNo interfaces found! Make sure Npcap is installed.\n");
return;
}
printf("Enter the interface number (1-%d):", i);
scanf_s("%d", &inum);
if (inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
/* Jump to the selected adapter */
for (d = alldevs, i = 0; i < inum - 1; d = d->next, i++);
/* Open the device */
if ((adhandle = pcap_open(d->name, // name of the device
2048, // portion of the packet to capture
// 65536 guarantees that the whole packet will
// be captured on all the link layers
PCAP_OPENFLAG_PROMISCUOUS, // promiscuous mode
1000, // read timeout
NULL, // authentication on the remote machine
errbuf // error buffer
)) == NULL)
{
fprintf(stderr,
"\nUnable to open the adapter. %s is not supported by Npcap\n",
d->name);
/* Free the device list */
pcap_freealldevs(alldevs);
return;
}
//Try setting monitor mode and error check, trimmed down to the error I'm facing
int mm_set = pcap_can_set_rfmon(adhandle);
if (mm_set == 0)
{
fprintf(stderr, "Error setting monitor mode: Device doesn't have MM capability\n");
}
else
{
if (!pcap_set_rfmon(adhandle, 1))
{
cout << "Monitor Mode Enabled, pcap_set_rfmon(...) == 0" << endl;
}
}
cout << endl;
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0
//indicating success but the pcap_activate() error check contradicts this
cout << pcap_set_rfmon(adhandle, 1) << endl;
//int status = pcap_activate(adhandle);
//Activate the interface for sniffing
if (pcap_activate(adhandle))
{
cout << endl;
pcap_perror(adhandle, "Error");
cout << endl;
pcap_set_rfmon(adhandle, 0);
pcap_activate(adhandle);
}
printf("\nlistening on %s...\n", d->description);
/* At this point, we don't need any more the device list. Free it */
//pcap_freealldevs(alldevs);
/* start the capture */
pcap_loop(adhandle, 0, packet_handler, NULL);
}
if ((adhandle = pcap_open(d->name, // name of the device ... //Try setting monitor mode and error check, trimmed down to the error I'm facing
pcap_open()
does all the work to open a device; you can't set monitor mode after a device is opened.
You need to use pcap_create()
and pcap_activate()
, as well as:
pcap_set_snaplen()
to set the snapshot length to 2048 (BTW, there's no guarantee that 65535 is large enough for all link layers; tcpdump and Wireshark currently default to 262144 for most devices);pcap_set_timeout()
to set the buffer timeout to 1 second (1000 milliseconds).You do not need to set promiscuous mode if you're setting monitor mode.
Those should be done between pcap_create()
and pcap_activate()
, along with...
//Using pcap_set_rfmon() here to illustrate issue, this will output a 0 //indicating success but the pcap_activate() error check contradicts this cout << pcap_set_rfmon(adhandle, 1) << endl;
...the pcap_set_rfmon()
mode.
Older versions of libpcap would not catch attempts to set monitor mode after a pcap_t
has been activated, so that call would do nothing and then return 0. Newer versions of libpcap - including the version that the current version of Npcap uses - will check whether the pcap_t
is activated and return an error. (pcap_open_live()
and pcap_open()
return a pointer to an already-activated pcap_t
; pcap_create()
returns a pointer to an unactivated pcap_t
.)
What version of Npcap are you using?
Npcap version in Control Panel
Earlier while installing through Wireshark, it was having the version 1.78. So, I have to uninstall manually and install 1.79
using pcap_lib_version()
I will definitely try your above suggestion.
Describe the bug I wrote a C++ program using Npcap SDK in Windows environment where I have enabled Wi-Fi in monitor mode. But the program is unable to capture Wi-Fi 802.11 Beacon packets. Using Wireshark application, I am able to capture the Wi-Fi 802.11 Beacon packets.
To Reproduce Steps to reproduce the behavior:
Expected behavior A clear and concise description of what you expected to happen.
Screenshots Capturing the radio 802.11 Beacon using C++ is not working.![image](https://github.com/nmap/npcap/assets/6291476/7d5951e4-e331-4e02-afb9-f64299b0889b)
Capturing the radio 802.11 Beacon using Wireshark is working.![image](https://github.com/nmap/npcap/assets/6291476/84e79230-245d-44c1-ab0b-16a7e1e8afd5)
Is it possible to capture the radio 802.11 Beacon packets using C++ and Npcap SDK? If possible, can you please suggest me what correction U have to make? Thank you.