Jump to content

Monitor mode: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Added limited support for monitor mode in Windows
→‎Limitations: Clean up, give a reference for monitor mode and raw 802.11 packets in NDIS 6. Note that *BSD also does a good job of supporting monitor mode.
Line 11: Line 11:
Usually the wireless card is unable to transmit in monitor mode and is restricted to a single wireless channel, though this is dependent on the wireless card driver. Also, in monitor mode the NIC does not check to see if the [[CRC]] values are correct for packets captured, so some packets may be corrupted.
Usually the wireless card is unable to transmit in monitor mode and is restricted to a single wireless channel, though this is dependent on the wireless card driver. Also, in monitor mode the NIC does not check to see if the [[CRC]] values are correct for packets captured, so some packets may be corrupted.


The Windows NDIS API ([[Network Driver Interface Specification]]) does not support any extensions for wireless monitor mode in most of its Operating Systems. Although, starting with Windows Vista, it will become possible to enable monitor mode because a new Network Interface communication system ([[NDIS 6]]) has been developed, that exposes 802.11 frames to the upper protocol levels; with previous versions of NDIS what is exposed are fake Ethernet frames translated from the 802.11 data frames.
The Windows [[Network Driver Interface Specification]] (NDIS) API does not support any extensions for wireless monitor mode in most versions of Windows. Starting with NDIS 6 in Windows Vista, it is possible to enable monitor mode[http://msdn2.microsoft.com/en-us/library/aa503132.aspx]. NDIS 6 supports exposing 802.11 frames to the upper protocol levels[http://msdn2.microsoft.com/en-us/library/aa503359.aspx]; with previous versions of NDIS only fake Ethernet frames translated from the 802.11 data frames can be exposed to the upper protocol levels.


For the moment, the best choice to get monitor mode drivers are available in Linux.<ref>[http://www.hackernotcracker.com/2007-06/using-aircrack-ngaireplay-ng-under-injection-monitor-mode-in-windows.html ''Aircrack/Aireplay-ng Under Packet Injection Monitor Mode in Windows''] retrieved [[September 11]] [[2007]]</ref>
For the moment, the best way to get support for monitor mode is to run [[Linux]], as Linux's interfaces for 802.11 drivers support monitor mode and many drivers offer that support.<ref>[http://www.hackernotcracker.com/2007-06/using-aircrack-ngaireplay-ng-under-injection-monitor-mode-in-windows.html ''Aircrack/Aireplay-ng Under Packet Injection Monitor Mode in Windows''] retrieved [[September 11]] [[2007]]</ref> [[FreeBSD]], [[NetBSD]], [[OpenBSD]], and [[DragonFly BSD]] also provide an interface for 802.11 drivers that suppors monitor mode, and many drivers for those operating systems support monitor mode as well.


In versions of Windows prior to Windows Vista, some [[packet sniffer]] applications such as Wildpackets' [[OmniPeek]] provide their own device drivers to support monitor mode.
In Microsoft Operating Systems previous than Windows Vista one can get software like Wildpackets' Omnipeek <ref>[http://www.wildpackets.com/products/demos]</ref> for this purpose.


==See also==
==See also==

Revision as of 21:02, 30 November 2007

Monitor mode, or RFMON mode, allows a computer with a wireless network interface card (NIC) to monitor all traffic received from the wireless network. Unlike promiscuous mode, which is also used for packet sniffing, monitor mode allows packets to be captured without having to associate with an access point or ad-hoc network first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of four modes that 802.11 wireless cards can operated in: Master (acting as an access point), Managed (client, also known as station), ad-hoc, and monitor mode.

Uses

Monitor mode may be used for malicious purposes, such as collecting traffic for WEP cracking.

Software such as KisMAC or Kismet in combination with protocol analyzers such as Wireshark or tcpdump provide a user interface for passive wireless network monitoring.

Limitations

Usually the wireless card is unable to transmit in monitor mode and is restricted to a single wireless channel, though this is dependent on the wireless card driver. Also, in monitor mode the NIC does not check to see if the CRC values are correct for packets captured, so some packets may be corrupted.

The Windows Network Driver Interface Specification (NDIS) API does not support any extensions for wireless monitor mode in most versions of Windows. Starting with NDIS 6 in Windows Vista, it is possible to enable monitor mode[1]. NDIS 6 supports exposing 802.11 frames to the upper protocol levels[2]; with previous versions of NDIS only fake Ethernet frames translated from the 802.11 data frames can be exposed to the upper protocol levels.

For the moment, the best way to get support for monitor mode is to run Linux, as Linux's interfaces for 802.11 drivers support monitor mode and many drivers offer that support.[1] FreeBSD, NetBSD, OpenBSD, and DragonFly BSD also provide an interface for 802.11 drivers that suppors monitor mode, and many drivers for those operating systems support monitor mode as well.

In versions of Windows prior to Windows Vista, some packet sniffer applications such as Wildpackets' OmniPeek provide their own device drivers to support monitor mode.

See also

References

  1. ^ Aircrack/Aireplay-ng Under Packet Injection Monitor Mode in Windows retrieved September 11 2007
Retrieved from "https://en.wikipedia.org/w/index.php?title=Monitor_mode&oldid=174915450"