github nmap/npcap v0.06-r15
Npcap 0.06 r15: Added native 802.11 control and management packets capture support

Warning:

This -wifi version Npcap is especially for the people who want to capture packets with 802.11 headers instead of Ethernet headers on their wireless adapters.

Other users who do NOT care about this feature should use a normal version Npcap. The latest normal version Npcap is 0.06 r14 at:
https://github.com/nmap/npcap/releases/download/v0.06-r14/npcap-nmap-0.06-r14.exe

Usage:

  1. Install npcap-nmap-0.06-r15-wifi2.exe.
  2. Run WlanHelper.exe with Administrator privilege. Type in the index of your wireless adapter (usually 0) and press Enter. Then type in 1 and press Enter to to switch on the Monitor Mode.
  3. Launch Wireshark and capture on the wireless adapter, you will see all 802.11 packets (data + control + management).
  4. If you need to return to Managed Mode, run WlanHelper.exe again and input the index of the adapter, then type in 0 and press Enter to to switch off the Monitor Mode.

Notice:

You need to use WlanHelper.exe tool to switch on the Monitor Mode in order to see 802.11 control and management packets in Wireshark (also encrypted 802.11 data packets, you need to specify the decipher key in Wireshark in order to decrypt those packets), otherwise you will only see 802.11 data packets.

Switching on the Monitor Mode will disconnect your wireless network from the AP, you can switch back to Managed Mode using the same WlanHelper.exe tool.

The source code of WlanHelper.exe tool is published at:
https://github.com/hsluoyz/WlanHelper

Terminology:

Managed Mode (for Linux) = Extensible Station Mode (aka ExtSTA, for Windows)
Monitor Mode (for Linux) = Network Monitor Mode (aka NetMon, for Windows)

latest releases: v1.55, v1.50, v1.40...
5 years ago