Hi Alexis,
In
https://github.com/wireshark/wireshark/blob/98f64de11525667b3f6b0a5bd7d5a5a8eeeb2ad4/cmake/modules/FindPCAP.cmake,
I found that if WIN32 macro is defined, HAVE_PCAP_CREATE will never be set
as below:
if( WIN32 ) # # This is always the case with WinPcap. #
set(CAN_SET_CAPTURE_BUFFER_SIZE
TRUE)else() check_function_exists( "pcap_create" HAVE_PCAP_CREATE ) if (
HAVE_PCAP_CREATE ) # # For libpcap, we can set the buffer size if we have
pcap_create(). # set( CAN_SET_CAPTURE_BUFFER_SIZE TRUE ) endif()endif()
So I think a suitable modification would be adding check_function_exists(
"pcap_create" HAVE_PCAP_CREATE ) to Win32 too, as below:
if( WIN32 )
#
# This is always the case with WinPcap.
#
* check_function_exists( "pcap_create" HAVE_PCAP_CREATE )
<----------------- add this*
set(CAN_SET_CAPTURE_BUFFER_SIZE TRUE)
else()
check_function_exists( "pcap_create" HAVE_PCAP_CREATE )
if ( HAVE_PCAP_CREATE )
#
# For libpcap, we can set the buffer size if we have pcap_create().
#
set( CAN_SET_CAPTURE_BUFFER_SIZE TRUE )
endif()
endif()
As WinPcap always has *pcap_create *function, so *HAVE_PCAP_CREATE *will
always be set. In Wireshark the monitor UI elements like buttons will
always show up. I think this is inevitable as this is a compile-time option
instead of a run-time option. If a user clicks this button without a
monitor-supported NIC, we just show him the error messagebox. How about
this processing?
On Wed, Dec 30, 2015 at 9:38 PM, Alexis La Goutte <[email protected]
> wrote:
> Hi Yang,
>
> Good idea ! (i like)
>
> There is a "Monitor" column on Wireshark but need to have
> SHOW_MONITOR_COLUMN (HAVE_PCAP_CREATE) enable (see
> ui/qt/capture_interfaces_dialog.cpp )
>
> But the column will look no available on Windows...
>
> Cheers
>
>
> On Wed, Dec 30, 2015 at 8:29 AM, Yang Luo <[email protected]> wrote:
>
>> Hi list,
>>
>> I am considering adding native 802.11 packet capturing support (including
>> management and control frames) in Npcap. This is possible because Microsoft
>> Network Monitor already implements this feature for Vista and later.
>>
>> To enable these packets' capturing, we need to switch on the Wi-Fi
>> adapter's monitor mode. With the help of Guy (
>> http://stackoverflow.com/questions/34507789/how-to-enable-802-11-monitor-mode-dot11-operation-mode-network-monitor-in-a-nd),
>> I know some stuffs about it. In NDIS side, there's an OID called
>> *OID_DOT11_CURRENT_OPERATION_MODE
>> *to set and get the current operation mode of the adapter. Possible
>> values are *DOT11_OPERATION_MODE_NETWORK_MONITOR *(monitor mode) and
>> *DOT11_OPERATION_MODE_EXTENSIBLE_STATION
>> *(non-monitor mode). There's no way to check whether an adapter supports
>> monitor mode or not.
>>
>> In Npcap's libpcap/wpcap part, I have added the monitor mode support by
>> changing two places, I don't know if this is the right way:
>>
>> 1) *pcap_activate_win32 *function in \wpcap\libpcap\pcap-win32.c:
>> https://github.com/nmap/npcap/blob/master/wpcap/libpcap/pcap-win32.c
>> Line 569
>>
>> if (p->opt.rfmon) {
>> /*
>> * No monitor mode on Windows XP and earlier. It could be done on
>> * Vista with drivers that support the native 802.11
>> * mechanism and monitor mode.
>> */
>> DOT11_CURRENT_OPERATION_MODE operation_mode;
>> operation_mode.uCurrentOpMode = DOT11_OPERATION_MODE_NETWORK_MONITOR;
>> if (pcap_oid_set_request_win32(p, OID_DOT11_CURRENT_OPERATION_MODE,
>> &operation_mode, sizeof(DOT11_CURRENT_OPERATION_MODE)) != 0)
>> return (PCAP_ERROR_RFMON_NOTSUP);
>> }
>>
>> So instead of originally return (PCAP_ERROR_RFMON_NOTSUP);, this code
>> will set the monitor mode of the adapter.
>>
>> 2) *pcap_cant_set_rfmon *function in wpcap\libpcap\pcap.c:
>> https://github.com/nmap/npcap/blob/master/wpcap/libpcap/pcap.c
>> Line 98
>>
>> /*
>> * For systems where rfmon mode is never supported.
>> */
>> static int
>> pcap_cant_set_rfmon(pcap_t *p _U_)
>> {
>> return (1);
>> // return (0);
>> }
>>
>> I changed this function to always returning 1, which means "supported". I
>> know here I should check whether the adapter supports the monitor mode, but
>> I found no way to check. All I can do is to get/set the current mode using
>> the OID way above.
>>
>> After all these changes, there's no change in Wireshark, I didn't find a
>> place to switch on/off the monitor mode like Microsoft Network Monitor. So
>> I doubt whether Wireshark supports the monitor mode of Wlan in Windows? And
>> how Wireshark UI make use of the monitor mode? Thanks.
>>
>>
>> Cheers,
>> Yang
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <[email protected]>
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:[email protected]
>> ?subject=unsubscribe
>>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:[email protected]
> ?subject=unsubscribe
>
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
