Posted by:dragorn
Subject:ndis6+ and monitor mode on Windows
Date:13:16:17 12/11/2009

> First, thanks for all the great work that's been done with Kismet -- it's been a a great educational tool and, at times, a life-saver.
> I've searched the forum and elsewhere on the internet, and I know TFM says "WINDOWS DRIVERS DO NOT INCLUDE SUPPORT FOR WIFI MONITORING WHICH KISMET REQUIRES" -- but with the advent of NDIS6 (since Windows Vista) and greater, is this still the case? If so, what is still missing, and what would it take to allow Kismet to use drivers for NDIS6-compliant NICs on newer versions of Windows to enable rfmon mode?
> Sorry if the question is dumb or if I misunderstand something essential, but thanks for bearing with me.

As far as I know, despite the technical ability to do some sort of rfmon in ndis6, there is no way to get raw packets from the kernel to userspace. As it as briefly explained to me, the drivers can do, the system can understand it, and there's no way to get those packets from the drivers to an app without writing another custom driver inbetween, which isn't documented.

If someone can figure out how to get packets to show up, without using components from any commercial/demo application, then I'll figure out how to add support in Kismet.


