Ask Your Question
0

How do I turn on monitor mode in wireshark on windows in the capture options?

asked 2023-09-28 01:05:08 +0000

KDAM71 gravatar image

My modem log says "A device failed to connect to SSID (40:5E:F6:4C:64:BE) because it provided incorrect login information" lots of times. The SSID is my phones. I want to look in to it but I can't figure out how to turn on monitor mode in the capture options in wireshark on windows. What do I put in the field under monitor mode?

Sorry for asking a question like this. Any help would be appreciated.

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2023-09-28 07:53:30 +0000

grahamb gravatar image

See the Wiki page on WLAN capture and in particular the note:

Unfortunately, changing the 802.11 capture modes is very platform/network adapter/driver/libpcap dependent, and might not be possible at all (Windows is very limited here).

I think you're running into the latter problem, your hardware\firmware\driver doesn't support monitor mode.

edit flag offensive delete link more

Comments

Thank you for your reply . I had read that. Is there a way I can verify this is the case? Is there a workaround?

I'm on windows 11 home 22H2 Wifi hardware: Intel Wi-Fi 6 AX201 160MHz

KDAM71 gravatar imageKDAM71 ( 2023-09-28 11:17:44 +0000 )edit

A workaround is to NOT use Windows and instead use another OS with hardware that is known to be supported. That may or may not help.

grahamb gravatar imagegrahamb ( 2023-09-28 11:40:35 +0000 )edit

I understand all the parts in the "chain" have to support the function in order for it to work. Is there a way to check which part(s) is/are not?.

KDAM71 gravatar imageKDAM71 ( 2023-09-28 13:24:09 +0000 )edit

I found out it's the wifi hardware that doesn't support it. On the windows command line you can use the command "netsh wlan show wirelesscapabilities" to check.

Thanks for the help.

KDAM71 gravatar imageKDAM71 ( 2023-09-28 15:41:59 +0000 )edit

That's useful, I'll add that to the wiki page.

Normally we don't close questions, instead the best answer is accepted (to inform others) by clicking the checkmark icon next to the answer.

grahamb gravatar imagegrahamb ( 2023-09-28 15:52:20 +0000 )edit

Correction. I said the hardware is incompatible but as I understand it now it's the driver that's incompatible. The same hardware seems to have the monitor mode capability in linux.

KDAM71 gravatar imageKDAM71 ( 2023-09-28 15:55:57 +0000 )edit

I' m sorry for closing the question. I'm new to this forum. I have tried to reopen it by clicking reopen at the top but i don't think it's working. Am I doing something wrong?

KDAM71 gravatar imageKDAM71 ( 2023-09-29 15:17:44 +0000 )edit

No problem, it's just convention here to leave answered questions open. I'll reopen it.

grahamb gravatar imagegrahamb ( 2023-09-29 15:52:41 +0000 )edit

I've asked Intel support why their windows drivers don't support monitor mode. Their reply:

"Unfortunately we would not be able to disclose at this point the reasons why Intel decided to not include such support for Windows. Currently there are no plans to introduce this feature."

KDAM71 gravatar imageKDAM71 ( 2023-10-02 13:58:14 +0000 )edit

This might be useful to people on the same quest, especially if more people enter their own findings in the list. It's information about wifi chipsets and their monitor mode support under windows.

https://secwiki.org/w/Npcap/WiFi_adap...

KDAM71 gravatar imageKDAM71 ( 2023-10-02 15:16:43 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2023-09-28 01:05:08 +0000

Seen: 6,226 times

Last updated: Sep 28 '23