Products Services Support Partners Blog Contact Login English How to capture WiFi traffic using Wireshark on Windows Home Acrylic WiFi professional Acrylic WiFi Free How to capture WiFi traffic using Wireshark on WindowsPrevious NextHow to capture WiFi traffic using Wireshark on WindowsWiresharkuseslibpcaporWinpcaplibraries to capture network traffic on Windows. Winpcap libraries are not intended to work with wireless network cards, therefore they do not support WiFi network traffic capturing using Wireshark on Windows. Therefore, Wireshark monitor mode for Windows is not supported by default.Winpcap Capture Limitations and WiFi traffic on WiresharkCapture is mostly limited by Winpcap and not by Wireshark. However, Wireshark includesAirpcapsupport, a special -and expensive- set of WiFi network adapters, which drivers support network traffic monitoring on monitor mode. In other words, WiFi network traffic capturing onpromiscuous mode.Acrylic WiFiproducts include an NDIS traffic capture driver that captures WiFi network traffic on monitor mode on Windows,capturing WiFi traffic with Wireshark on Windows Vista, Windows 7, Windows 8, and Windows 8.1. This driver adds wireless network compatibility on Windows to other WiFi sniffers.NDIS Driver and WiFi interfaces on WiresharkTo make this integration possible, Acrylic installs an airpcap.dll library in the system. When Wireshark loads the installed airpcap library, it returns a fake list of airpcap network cards installed. One Airpcap device for each integrated WiFi network card or external USB WiFi network card.

Through this method, you can use your preferred network analyzer compatible with Airpcap to monitor WiFi packets under windows. You can view wifi traffic by using Wireshark, cain & Abel, Elcomsoft wireless security auditor or with Acrylic. By double clicking on the network interface on wireshark, you can access the interface settings. You can see that the interface shows a link-layer header, which includes captured packet signal level information.

By clicking on the Wireless settings button, you can configure advanced settings, such as WiFi channel to monitor and FCS check. FCS, orFrame Check Sequence, is a WiFi network packet integrity signature that discards corrupt packets.

WiFi traffic capturing using WiresharkAll in all, after installingAcrylic WiFi, launch Wireshark with Administrator privileges (by right clicking on the Wireshark icon and selecting Run as administrator) and select any NDIS network interface WiFi network card. In this example, the Dell integrated WiFi network card (Dell Wireless 1702/b/g/n).

Video tutorial Acrylic WiFi NDIS driver with Wireshark on WindowsDownload Acrylic WiFi Professionalfor free and start capturing WiFi packets under Windows. If you like Acrylic, support us byregistering your Acrylic WiFi professional licenseand become a Wi-Fi PRO!

DOWNLOADCapture WiFi with Wireshark under windowsAnalyze your WiFi with Acrylic and enable monitor mode under windowsDo you like Acrylic WiFi? Drop us a comment and share this article over social networks. Dont forget to check ourhardware compatibility listfor better performance.ByTarlogic Security|May 9th, 2014|Acrylic WiFi Free,Acrylic WiFi professional|5 CommentsShare This Story, Choose Your Platform! Facebook Twitter LinkedIn Reddit Tumblr Google +1 Pinterest EmailAbout the Author: Tarlogic Security

Tarlogic is an spanish startup security company, focused on ethical hacking services and advanced WLAN analysis. We are Wi-Fi enthusiasts and we develop WLAN software for security, monitoring, troubleshooting, coverage analysis and site survey.5 Comments1. Nigel10 May, 2014 at 14:33- ReplyHi,This is a great feature! Being able to use Wireshark in Windows for WiFi capturing has been always been difficult and has required specific wireless interface cards to capture in monitor mode. Your solution means that anyone can now capture WiFi packets, which is great news.I have been testing some captures in Wireshark and it seems to work well. One question I have is around channel offsets. No matter which wireless NIC I use, the channel offset option is always grayed out. Will you be building in support for 40Mhz and 80Mhz channels (assuming the NIC can support those channel widths)?ThanksNigel.2. Tarlogic Security10 May, 2014 at 15:44- ReplyThanks for your comment Nigel. We are still enhancing our NDIS driver. Ill forward your comments to our dev team.WiFi packet capture is also supported under windows with Elcomsoft software and Cain & Abel .3. Brian12 August, 2014 at 07:19- ReplyDo you have recommended/supported drivers? Im using WUSB6300,, but a) in Wireshark, the timestamps are negative but unchanging, b) the RSSIs in the radiotap header are always 0, and c) the FCS bytes arent passed up to Wireshark (regardless of what I select in Wireless Settings) and so Wireshark is treating the last 4 bytes as FCS (so everything is malformed). Some of this might be Wireshark related (v1.8.6), but I suspect some of this is adapter related too. Tarlogic Security12 August, 2014 at 10:05- ReplyHello Brian,You can check for compatible hardware athttps://www.acrylicwifi.com/en/support/compatible-hardware/. Wireshark timestamps are currently not implemented in our wrapper library, but its planned on our TODO. Next releases will include that option.Regarding b) and c) unfortunately this is not a Wireshark nor Acrylic related issue. The problem relies on the NDIS interface implementation of some manufacturers. Despite theyre WHQL-certified by Microsoft, many of these NDIS implementations are broken or at least not fully compliant when using monitor mode. Thats the reason why RSSIs are always 0 on your device (some manufacturers have only values of -100, -50 or 0, for instance). Same with FCS. Our driver request NDIS interface to return frames with the specified FCS configuration and is the manufacturer driver responsibility to check if FCS is correct or not. However, some driver implementations do not return those four FCS bytes, or they return garbage instead.We have been trying to contact several vendors but at this time only Broadcom answered us. They state that their drivers are fully NDIS compliant.The solution is to use compatible hardware listed athttps://www.acrylicwifi.com/en/support/compatible-hardware/. Feel free to report us information about compatibility and other bugs.4. Tarlogic Security21 August, 2014 at 10:21- ReplyWe have fixed some Radiotap issues like timestamps and rates information and improved data capture speed with Wireshark. Those enhancements are now included at Acrylic WiFi v2.0.Leave A CommentTop of Form

Bottom of FormTop of Form

Bottom of FormCategories Acrylic WiFi Free Acrylic WiFi heatmaps Acrylic WiFi pentester Acrylic WiFi professional Sin categora sniffer Popular Recent How to capture WiFi traffic using Wireshark on WindowsMay 9th, 2014 10 Advanced things with Acrylic WiFi Free and WLAN NDIS driverMarch 7th, 2014 How to Create a Wireless Network Site Survey ProjectMay 9th, 2014Tagsairpcap alternativecalibrate wifi mapcapture wificoverage mapcoverage mapscoverage reportdevice inventorykml wifimonitor mode wifi windowsndis driverndis wifionsite surveypacket retrySite surveysite survey programsite survey projectsite survey WiFitutorialwifi capturewifi coverage mapwifi crackingWiFI incidence resolutionWiFi mapWiFi measurementsWiFi performanceWiFi securitywifi snifferwifi speedwiresharkwlan analysiswlan heat mapwlan scannerWLAN Scopewlan softwareArchives August 2014 July 2014 May 2014 March 2014 February 2014 December 2013Contact InfoEmail:support@acrylicwifi.comWeb:Tarlogic SecurityPRODUCTSFree WLAN Scanner Acrylic WiFiProfessional Wi-Fi analyzerHeatmaps WiFi site surveyAcrylic WiFi security analysisAcrylic WiFi PentesterAcrylic WiFi Law EnforcementABOUT USCompany InfoBlogAcrylic WiFi PartnersPrivacy policyQuality policySUPPORTFAQDocumentationSoftwareMonitor mode hardwareVideo tutorialsDevelopersSitemapRECENT POSTS WiFi software Acrylic WiFi Free and professional v2.0 Is a Hidden WiFi Network Secure? (Hidden SSID) Is a WPA/WPA2 Wi-Fi network secure? View WiFi Map with Heatmaps v2.0 site survey evolved Facebook Twitter LinkedIn Youtube Pinterest Google+ Copyright 2014Tarlogic Security| All Rights Reserved