_PACKET_OID_DATA

Home Forums Discussions Support Portal _PACKET_OID_DATA

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #11439
    Zyxel
    Participant

    Can the _PACKET_OID_DATA be used to set the DOT11_OPERATION_MODE_NETWORK_MONITOR in order to put a 802.11 adapter into the Monitor Mode ?

    Assume that the 802.11 adapter supports this mode in hardware.

    #11440
    Vadim Smirnov
    Moderator

    You can try to, but I don’t think that it will work. I think you will need a slightly different WiFi monitoring LWF driver for this. I created one in the past from original winpkfilter, but I don’t remember all the details already…

    #11442
    Zyxel
    Participant

    That was going to be my next question. The data received by the 802.11 adapter in the monitor mode should not have the MAC address at the beginning of the indicated packet. It must have some other stuff to accommodate the reception of raw management frames, etc…

    • This reply was modified 1 month, 3 weeks ago by Zyxel.
    • This reply was modified 1 month, 3 weeks ago by Zyxel.
    • This reply was modified 1 month, 3 weeks ago by Zyxel.
    #11447
    Zyxel
    Participant
    #11448
    Vadim Smirnov
    Moderator

    Yes, this is what I mean. It is not that big deal to make this type of driver from winpkfilter source code, though worth to mention that the functionality of monitoring driver is limited. If I remember fine you can read packets but not to inject them.

    #11449
    Zyxel
    Participant

    Hmm, do you know the nature of the limitation of the 802.11 drivers in Windows?

    In other words, what is the DRIVER MODEL limitation inside these 802.11 adapter drivers that prevents them from injecting raw packets ?

    By comparison, Linux 802.11 adapter drivers do not have that problem…

    #11450
    Vadim Smirnov
    Moderator

    I never needed to inject 802.11 frames and thus never researched the subject deep. However, here are several links which could be useful:

    https://www.codeproject.com/Articles/28713/802-11-Packet-Injection-for-Windows
    https://github.com/Felis-Sapiens/packet11
    https://github.com/nmap/npcap/issues/85

    I’ve taken a quick look at the packet11 code and from what I can see it is a little bit limited in what it can do, e.g. able to inject only management frames.

    #11462
    Zyxel
    Participant

    The mere existence of this Packet11 driver suggests that the Miniport/adapter driver architecture does NOT limit the sending of raw 802.11 frames. Some hardware might limit it
    …but not the Miniport/adapter driver architecture.

    #11463
    Vadim Smirnov
    Moderator

    Agree, but the way of doing this is completely undocumented and thus may vary between Windows versions. The lack of commercial software doing this probably means that this feature is hard to implement/support.

Viewing 9 posts - 1 through 9 (of 9 total)
  • You must be logged in to reply to this topic.