Monitor mode 802.11 on Windows

#1 (**permalink**) 11-08-2006, 07:42 PM

I've developed a Java library[1] that creates analogs to the standard
java.net.Socket class, with raw access to packets at the IP and
Ethernet frame layers, creating generic Packet objects(basically, this
lets me do low-level r/w network access in Java with a fairly
straightforward API that's consistent between the different layers of
the network). Basic concept is to allow use of protocols that aren't
supported by java.net (so far, it's been used to write packet
sniffers, nmap style port scanners, and I'd like to extend this
functionality to include 802.11 packet monitoring, but have only been
able to do this with a limited set of adapters under Linux. Under
Windows, due to driver limitations, 802.11 devices are only accessible
as virtual 802.3 devices, so I can't do any interesting radio packet
level sniffing or manipulation.

So I'm looking for recommendations for Windows drivers (commercial
drivers are acceptable) that enable promiscuous/monitor mode access
for at least read support, and preferably read and write support. A
clearly defined API is good as well.

Note that, for a variety of functionality reasons, we don't use (and
would prefer not to use) WinPcap to access packets.

[1] Internal to my company, presently, but I'm probably going to have
it open-sourced soon.

--
Richard W Kaszeta
rich@kaszeta.org
http://www.kaszeta.org/rich

#2 (**permalink**) 11-09-2006, 01:12 AM

On 08 Nov 2006 14:42:53 -0600, Richard Kaszeta <rich@kaszeta.org>
wrote:

>(...) Under
>Windows, due to driver limitations, 802.11 devices are only accessible
>as virtual 802.3 devices, so I can't do any interesting radio packet
>level sniffing or manipulation.

Note that it's not just the driver. The wireless device has to be
capeable of supporting promiscuous and/or monitor mode.

>So I'm looking for recommendations for Windows drivers (commercial
>drivers are acceptable) that enable promiscuous/monitor mode access
>for at least read support, and preferably read and write support. A
>clearly defined API is good as well.

http://www.cacetech.com/products/index.htm
http://www.wildpackets.com/support/p...opeek/hardware

>Note that, for a variety of functionality reasons, we don't use (and
>would prefer not to use) WinPcap to access packets.

It's rather difficult to avoid using something so popular.

>[1] Internal to my company, presently, but I'm probably going to have
>it open-sourced soon.

Yeah, that would make me really happy.

--
# Jeff Liebermann 150 Felker St #D Santa Cruz CA 95060
# 831-336-2558 jeffl@comix.santa-cruz.ca.us
# http://802.11junk.com jeffl@cruzio.com
# http://www.LearnByDestroying.com AE6KS

#3 (**permalink**) 11-09-2006, 01:37 AM

Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> writes:
> >(...) Under
> >Windows, due to driver limitations, 802.11 devices are only accessible
> >as virtual 802.3 devices, so I can't do any interesting radio packet
> >level sniffing or manipulation.
>
> Note that it's not just the driver. The wireless device has to be
> capeable of supporting promiscuous and/or monitor mode.

Yeah, but there are still plenty of devices that allow this, at least
with a good driver (my first prototype implementation was on Linux
using an old Orinoco Gold card).

> >So I'm looking for recommendations for Windows drivers (commercial
> >drivers are acceptable) that enable promiscuous/monitor mode access
> >for at least read support, and preferably read and write support. A
> >clearly defined API is good as well.
>
> http://www.cacetech.com/products/index.htm

That's what I'm working with now, which is probably going to be my
first effort.

> http://www.wildpackets.com/support/p...opeek/hardware

On my to-check out list as well.

> >Note that, for a variety of functionality reasons, we don't use (and
> >would prefer not to use) WinPcap to access packets.
>
> It's rather difficult to avoid using something so popular.

Indeed, but there were some significant security issues for the
application driving all this work, and especially when writing packets
it was more than a little kludgy.

> >[1] Internal to my company, presently, but I'm probably going to have
> >it open-sourced soon.
>
> Yeah, that would make me really happy.

I'll make a post here when I do that, since it should be useful, and
I'd like to get more people using/testing it. That, and the fact that
this software was sort of a byproduct of other work anyways.

Thanks for the pointers.

--
Richard W Kaszeta
rich@kaszeta.org
http://www.kaszeta.org/rich

#4 (**permalink**) 11-12-2006, 04:07 AM

"Richard Kaszeta" <rich@kaszeta.org> wrote in message
news:y6xvelp2vml.fsf@pomme.me.umn.edu...
> Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> writes:
> Yeah, but there are still plenty of devices that allow this, at least
> with a good driver (my first prototype implementation was on >Linux using
> an old Orinoco Gold card).

You should have kept the Orinoco Gold card, lol...they are so good that I am
getting one shipped in from New York all the way over the the UK.

#5 (**permalink**) 11-12-2006, 12:40 PM

"C Denver" <sdenver@btinternet.com> writes:

> "Richard Kaszeta" <rich@kaszeta.org> wrote in message
> news:y6xvelp2vml.fsf@pomme.me.umn.edu...
> > Jeff Liebermann <jeffl@comix.santa-cruz.ca.us> writes:
> > Yeah, but there are still plenty of devices that allow this, at least
> > with a good driver (my first prototype implementation was on >Linux using
> > an old Orinoco Gold card).
>
> You should have kept the Orinoco Gold card, lol...they are so good that I am
> getting one shipped in from New York all the way over the the UK.

I still have it (actually, I have quite a few of them), but it's an
older one and doesn't do 802.11g.

--
Richard W Kaszeta
rich@kaszeta.org
http://www.kaszeta.org/rich