vindy

Promiscuous Mode using Windows 8

6 posts in this topic

Hello. I have an HP Laptop I bought not too long ago running Windows 8 and I was wondering if there are windows drivers out there for my Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter that Wireshark could make use of to put the card into promiscuous or monitor mode. First of all is there a difference between promiscuous and monitor mode or are they two terms for the same thing? I am certain that my Atheros WiFi NIC has support for promiscuous mode built into the hardware, but most windows drivers don't implement it. It has been suggested that I try using Winpcap, but Winpcap is installed along with Wireshark and Wireshark on my Windows 8 laptop is unable to throw the card into promiscuous mode. If there are windows drivers that would allow me to do this that Wireshark can use that'd be great. If I have to download a different packet sniffer using its own custom drivers to get use of promiscuous mode that's alright I guess. I am aware, and I know, that most Linux distributions, such as Backtrack, can do it no problem, but if I could get it working under Windows 8 I would really like to. Any help would be greatly appreciated. Thanks.

Share this post


Link to post
Share on other sites

Because of NDIS, the only way (i know of) to get a Windows WiFi chipset in monitor is Airpcap with an Airpcap adapter. I have one, but linux with an Alfa USB is much better and cheaper. That can be run in a Linux VM as well.

 

I never had much luck with Windows, Promiscuous mode, and Wifi. I know most Broadcom chipsets will do it. As will Windows drivers for the old Prism 2.5 chipset. The Prism 2.5 is 802.11 B only. Not sure of newer Broadcom with A/B/G/N chipsets either (that's A as in 802.11 N on 2.4 & 5.2 not old 802.11 A). 

 

You can always ARP-Spoof the entire broadcast domain. But that can cause a lots of trouble on networks with a lot of hosts. Or if your computer is too under-powered to process all the traffic. 

Share this post


Link to post
Share on other sites

I know this is gonna sound absolutely absurd, especially when you consider that achieving promiscuous/monitor mode in Linux is not difficult at all, but I may actually go as far as to write my own packet sniffer that makes use of custom drivers written myself. I have always wanted to dabble some in learning assembly (I know a little x86 already), and teach myself how to do some low-level hardware programming aimed at certain devices. I guess now I have a reason to. Just wonder how long it'll take me. :stuart: I think maybe I will attempt it over the summer when I will have an extended break from college courses.

Edited by vindy

Share this post


Link to post
Share on other sites

I just hope I don't run into some kind of trouble; like Windows 8 refusing to run my custom self-written drivers because it can't identify them. I was reading something just recently somewhere talking about how new versions of Windows (maybe it was Vista, I can't recall) will not accept certain drivers for some devices if they are not Microsoft signed. Guess I'll just have to cross my fingers, or find out how to forge Microsoft signatures on software.

1 person likes this

Share this post


Link to post
Share on other sites

They do not need to be signed. The user will get a warning, stating they are not signed. They will be presented with an option to either install them, or skip installation.

 

You might be thinking Patch Guard, starting with Vista 64-bit. Kernel Patching is just the term used, not like patching a Linux Kernel. It basically blocks low-level access to kernel services. Drivers were unaffected.

 

In the past I've wondered why no Windows drivers could do monitor mode. It is because of NDIS. All windows adapters use it so they can bind more than one protocol to a single adapter. I guess the low-level functions make it difficult. Air-Pcap uses it's own networking subsystem, not built into Windows.

Edited by tekio

Share this post


Link to post
Share on other sites

Hi,

 

For Wireless promiscuous mode capture (monitor mode) under windows download Acrylic WiFi Free at https://www.acrylicwifi.com/en/wlan-software/wlan-scanner-acrylic-wifi-free/

 

Acrylic-WiFi-Free-WLAN-Scanner-and-Chann

 

It's a WiFi sniffer for windows that supports monitor driver with an NDIS driver. That driver, once installed allows you to usecain & Abel, Elcomsoft software and  Wireshark under windows to capture WiFi packets ( https://www.acrylicwifi.com/en/blog/how-to-capture-wifi-traffic-using-wireshark-on-windows/)

 

There is also a airodump for windows port that uses Acrylic NDIS driver https://www.acrylicwifi.com/en/support/acrylic-api-for-developers/native-windows-support-for-airodump/

 

 

wifi-scanner-software-packet-sniffer.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now