Re: How Wireshark supports monitor mode for WLAN 802.11 adapter in Windows?

[Yang Luo <hsluoyb () gmail com>]

On Thu, Jan 7, 2016 at 1:08 PM, Guy Harris <guy () alum mit edu> wrote:

> On Jan 4, 2016, at 12:12 PM, Guy Harris <guy () alum mit edu> wrote:
>
> > On Jan 4, 2016, at 4:08 AM, Anders Broman <anders.broman () ericsson com>
> wrote:
> > > As a test I tried to compile Wireshark with HAVE_PCAP_CREATE set using
> nmake
> > > Linking dumpcap.exe
> > >       link @C:\Users\etxrab\AppData\Local\Temp\nmFF17.tmp
> > > dumpcap.obj : error LNK2019: unresolved external symbol pcap_create
> referenced in function open_capture_device
> >       ...
> >
> > > dumpcap.exe : fatal error LNK1120: 9 unresolved externals
> > >
> > > Not sure why linking fails :-(
> >
> > It fails because Wireshark doesn't link directly with WinPcap; it's
> built to load WinPcap at run time, so that we don't need to ship separate
> versions of Wireshark, one built with WinPcap (to use if you want to
> capture traffic and are willing to install WinPcap) and one not built with
> WinPcap (if you don't need to capture traffic and don't want WinPcap
> installed).
> > Therefore, Wireshark has its own versions of all the pcap_ routines, in
> caputils/capture-wpcap.c, which call the underlying WinPcap routines
> through pointers set by g_module_symbol() after doing a ws_load_module() of
> WinPcap.
> > So caputils/capture-wpcap.c would have to be changed to add wrapper
> routines for pcap_create(), pcap_set_snaplen(), pcap_set_promisc(),
> pcap_can_set_rfmon(), pcap_set_rfmon(), pcap_set_timeout(),
> pcap_set_buffer_size(), pcap_activate(), and pcap_statustostr(), calling
> them through pointers, and add entries for those functions to the symbols[]
> table in load_wpcap().
> > Note that, unless dumpcap is changed to, at least on Windows, check at
> *run-time* whether we have pcap_create() or not, and use pcap_open_live()
> if we don't, the change to caputils/capture-wpcap.c would have to require
> that all those routines are present, and mark WinPcap as not present if
> they're not.
>
> With your changes and mine, it builds, and does the run-time check in
> question.  I did a build on my Windows 7 VM, with WinPcap 4.1.3, it appears
> to be work and to capture.
>
> Yang, you might want to try the NPcap with monitor mode support with the
> latest version of Wireshark (either check it out from source and build it,
> or wait for the next Windows buildbot build to complete).

I still couldn't build Wireshark sucessfully, so I don't know if I can make
any changes about it. By trying with the latest Wireshark, does it mean
that Wireshark has already been patched to add the support of monitor mode?
I don't quite understand the legacy issues mentioned above, so I think I
will start from Npcap's driver support for monitor mode first..

Cheers,
Yang



> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe