_PACKET_OID_DATA

Home Forums Discussions Support _PACKET_OID_DATA

Viewing 9 posts - 1 through 9 (of 9 total)
  • Author
    Posts
  • #11439
    Zyxel
    Participant

      Can the _PACKET_OID_DATA be used to set the DOT11_OPERATION_MODE_NETWORK_MONITOR in order to put a 802.11 adapter into the Monitor Mode ?

      Assume that the 802.11 adapter supports this mode in hardware.

      #11440
      Vadim Smirnov
      Keymaster

        You can try to, but I don’t think that it will work. I think you will need a slightly different WiFi monitoring LWF driver for this. I created one in the past from original winpkfilter, but I don’t remember all the details already…

        #11442
        Zyxel
        Participant

          That was going to be my next question. The data received by the 802.11 adapter in the monitor mode should not have the MAC address at the beginning of the indicated packet. It must have some other stuff to accommodate the reception of raw management frames, etc…

          #11447
          Zyxel
          Participant
            #11448
            Vadim Smirnov
            Keymaster

              Yes, this is what I mean. It is not that big deal to make this type of driver from winpkfilter source code, though worth to mention that the functionality of monitoring driver is limited. If I remember fine you can read packets but not to inject them.

              #11449
              Zyxel
              Participant

                Hmm, do you know the nature of the limitation of the 802.11 drivers in Windows?

                In other words, what is the DRIVER MODEL limitation inside these 802.11 adapter drivers that prevents them from injecting raw packets ?

                By comparison, Linux 802.11 adapter drivers do not have that problem…

                #11450
                Vadim Smirnov
                Keymaster

                  I never needed to inject 802.11 frames and thus never researched the subject deep. However, here are several links which could be useful:

                  https://www.codeproject.com/Articles/28713/802-11-Packet-Injection-for-Windows
                  https://github.com/Felis-Sapiens/packet11
                  https://github.com/nmap/npcap/issues/85

                  I’ve taken a quick look at the packet11 code and from what I can see it is a little bit limited in what it can do, e.g. able to inject only management frames.

                  #11462
                  Zyxel
                  Participant

                    The mere existence of this Packet11 driver suggests that the Miniport/adapter driver architecture does NOT limit the sending of raw 802.11 frames. Some hardware might limit it
                    …but not the Miniport/adapter driver architecture.

                    #11463
                    Vadim Smirnov
                    Keymaster

                      Agree, but the way of doing this is completely undocumented and thus may vary between Windows versions. The lack of commercial software doing this probably means that this feature is hard to implement/support.

                    Viewing 9 posts - 1 through 9 (of 9 total)
                    • You must be logged in to reply to this topic.