Kismet Wireless

Kismet Forums


Posted by:arbiter26
Subject:ndis6+ and monitor mode on Windows
Date:19:52:58 20/06/2011

> > First, thanks for all the great work that's been done with Kismet -- it's been a a great educational tool and, at times, a life-saver.
> >
> > I've searched the forum and elsewhere on the internet, and I know TFM says "WINDOWS DRIVERS DO NOT INCLUDE SUPPORT FOR WIFI MONITORING WHICH KISMET REQUIRES" -- but with the advent of NDIS6 (since Windows Vista) and greater, is this still the case? If so, what is still missing, and what would it take to allow Kismet to use drivers for NDIS6-compliant NICs on newer versions of Windows to enable rfmon mode?
> >
> > Sorry if the question is dumb or if I misunderstand something essential, but thanks for bearing with me.
> As far as I know, despite the technical ability to do some sort of rfmon in ndis6, there is no way to get raw packets from the kernel to userspace. As it as briefly explained to me, the drivers can do, the system can understand it, and there's no way to get those packets from the drivers to an app without writing another custom driver inbetween, which isn't documented.
> If someone can figure out how to get packets to show up, without using components from any commercial/demo application, then I'll figure out how to add support in Kismet.
> -m

I know that this is an old post, but I think that I may have found a solution.

There is a program called "Microsoft Network Monitor" that successfully captured packets on my Windows 7 computer w/Atheros AR9285. It uses a DLL called "NMAPI.dll" to accomplish this. Although not redistributable, it is free to download, and the API is documented in Network Monitor's help files.

I appreciate the work that has been done to make Kismet the illustrious tool that it is. Unless I am mistaken (and I could very well be), NMAPI.dll can bring raw packets from kernel to userspace, making it possible to use Kismet on Windows Vista/7.

Reply to this message