I would love to see this updated with winpcap and networking sniffing. The last update was 2017, so I think the Windows 10 version isn't working properly.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
ooh, that's interesting.. and sounds quite promissing.
Can you test it for me and see if it can in fact capture on wireless networks that winpcap cannot?-mouser (November 26, 2011, 06:13 PM)
Netmon Capture Device
The Microsoft Network Monitor (Netmon) is a network analysis tool quite similar to Wireshark. Netmon can be downloaded directly from Microsoft's web site as a standalone application. Microsoft has published the underlying packet capture API that the Netmon application is based on. This means users are free to write their own custom network analysis tools in either C++ or .NET and link against the Netmon library. It is this library, namely NMAPI.dll, that the Netwitness Netmon capture device uses.
Since Microsoft does not yet permit redistribution of the Netmon DLL, users are required to download the Netmon application directly from Microsoft, install it, then copy the NMAPI.dll from the install directory into the directory [...] This is all that is required to use the Netmon capture device.
Use the nmwifi.exe application that comes with the Microsoft Network Monitor to place the USB wireless device into monitor mode as well as set the desired frequency channel.
Windows versions prior to Vista are limited to NDIS 5, which does not support monitor (RFMON) mode. Therefore, the Netmon capture device does not support these operating systems for the purposes of wireless capture in monitor mode. However, the Netmon Capture Device does support wired capture in the same manner as WinPcap. This means that one can use the Netmon Capture device to capture wired traffic in lieu of installing WinPcap.
there are definitely winpcap problems with some wireless adapters -- i think especially intel. it's unfortunate but i don't know much more.. the winpcap site used to have an archived discussion list somewhere but it's hard to find now and im not sure where it is.-mouser (October 06, 2010, 07:30 PM)
Windows NT4/2000/XP/2003/Vista/2008/Win7/2008R2: the packet driver works ok on Ethernet networks. As for dial-up adapters and VPN connections, read Q5 and Q6. As in Win9x, FDDI, ARCNET, ATM and Token Ring are supported, but not tested by us.
Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. Some of them are not detected, other don't support promiscuous mode. In the best case, WinPcap is able to see an Ethernet emulation and not the real transiting packets: this means that the 802.11 frames are transformed into fake Ethernet frames before being captured, and that control frames are not received.
I'm wondering about the auto detect adapter string, which by default says "Privacy". Where is this line of text supposed to be coming from? Google's index page or where exactly?
yes -- it's simply looking to see a specific string in the page it retrieves, in this case the string "Privacy" expected on the google page. when found it means the page was seen.
first advice: completely forget about automatic network adapter detection -- just turn it off, it serves no value except to save you the trouble of selecting your adapter from the drop down list.
the real problem is your intel wireless adapter may not be supported by winpcap.-mouser (October 06, 2010, 06:12 PM)