Warning:
This -wifi
version Npcap is especially for the people who want to capture packets with 802.11 headers instead of Ethernet headers on their wireless adapters.
Other users who do NOT care about this feature should use a normal
version Npcap. The latest normal
version Npcap is 0.06 r14
at:
https://github.com/nmap/npcap/releases/download/v0.06-r14/npcap-nmap-0.06-r14.exe
Usage:
- Install
npcap-nmap-0.06-r15-wifi2.exe
. - Run
WlanHelper.exe
with Administrator privilege. Type in the index of your wireless adapter (usually0
) and pressEnter
. Then type in1
and pressEnter
to to switch on the Monitor Mode. - Launch
Wireshark
and capture on the wireless adapter, you will see all 802.11 packets (data + control + management). - If you need to return to Managed Mode, run
WlanHelper.exe
again and input the index of the adapter, then type in0
and pressEnter
to to switch off the Monitor Mode.
Notice:
You need to use WlanHelper.exe
tool to switch on the Monitor Mode in order to see 802.11 control and management packets
in Wireshark (also encrypted 802.11 data packets
, you need to specify the decipher key
in Wireshark in order to decrypt those packets), otherwise you will only see 802.11 data packets
.
Switching on the Monitor Mode will disconnect your wireless network from the AP, you can switch back to Managed Mode using the same WlanHelper.exe
tool.
The source code of WlanHelper.exe
tool is published at:
https://github.com/hsluoyz/WlanHelper
Terminology:
Managed Mode (for Linux
) = Extensible Station Mode (aka ExtSTA, for Windows
)
Monitor Mode (for Linux
) = Network Monitor Mode (aka NetMon, for Windows
)