Wireless Card that supports promiscuous mode in Windows 7

networking wireless-networking sniffing
18,696

Beware of terminology difficulties here.

Promiscuous mode is a concept that originated on wired Ethernet, where you have your card show you all the traffic your hub is repeating onto your port, even if it's not addressed to you. Many (but not all) Wi-Fi cards support promiscuous mode, in a way that looks a lot like Ethernet promiscuous mode; it shows only the "data" frames, only on your current network (same BSSID), and it shows them after they've been translated into wired-Ethernet-style packets (Ethernet-II or 802.3 framing). The idea is to make it look just like the same traffic you'd see on a wired Ethernet interface in promiscuous mode, for the sake of network engineers that want to look at things at that level.

802.11 monitor mode is a kind super-promiscuous mode for 802.11 cards. In full monitor mode, the card is tuned to a channel and shows all the packets it can receive on that channel, no matter what. If there are other Wi-Fi networks in range on that channel, it shows you the frames from those other networks as well. It shows not only the data frames you'd see on wired Ethernet, but also the 802.11-specific "Management" (Beacon, Probe, Auth, Assoc, Action, etc.) and "Control" (Ack, RTS, CTS, PS-poll, etc.) frames as well. And it shows them untranslated, with their full 802.11-style headers.

Full 802.11 monitor mode support is harder to find in consumer Wi-Fi cards, and where it exists, it is often buggy.

Many 802.11 professionals end up opting to buy a CACE Technologies (Wireshark's corporate sponsor) "AirPcap" USB wireless card for this, since they are designed from the ground up to be great 802.11 monitor mode cards for use with Wireshark.

Update:
It's also important to note that there are really only a few Wi-Fi chipset vendors out there, and all the card makers use chips from those few vendors. The biggest vendors are Broadcom, Atheros, Marvell, and Intel, and there are several smaller lesser-known vendors such as Ralink. Of those, Atheros has long been the best chipset vendor for monitor-mode support, and open source support. You might check the Linux Wi-Fi driver community to find out which cards use Atheros chips and support the "Madwifi" driver well, and then pick one of those; they're more likely to have a Windows driver that supports monitor mode well.

Share:
18,696

Related videos on Youtube

JPC
Author by

JPC

Updated on September 18, 2022

Comments

  • JPC
    JPC over 1 year

    I'm trying to use wireshark to learn a bit about networking and capturing packets. However, from what I understand, the combination of windows 7 + various wifi chips don't allow the network card to operate in "promiscuous mode". Has anyone had any experience getting this to work?

  • JPC
    JPC almost 13 years
    hmm, well I use wireshark and I suppose wireshark uses promiscuous mode to mean "monitor mode". Either way, monitor or promiscuous, I can't figure out how to enable either mode on my card in Windows 7. Are there any known cards that support this? Other than wireshark ones
  • Spiff
    Spiff almost 13 years
    @JPC I've added an update. Although I can't point you at a particular card, I'd recommend you go for Atheros-based cards. Of the biggest Wi-Fi chipset vendors, Atheros has always been the vendor of choice for people making Wi-Fi test equipment and the like, so I'd bet you'd be more likely to find good monitor mode support in an Atheros-based card than in anything else.
  • Admin
    Admin about 11 years
    No, Wireshark does not use promiscuous mode to mean monitor mode. It uses promiscuous mode to mean promiscuous mode, and monitor mode to mean monitor mode. It also uses WinPcap to capture network traffic; WinPcap does not support monitor mode (unlike libpcap on some UN*Xes, which does support monitor mode in newer versions), and, while WinPcap supports promiscuous mode, it doesn't do so if the driver doesn't support it, and few if any 802.11 adapter drivers support it (I think Microsoft's specs for 802.11 drivers say they shouldn't support promiscuous mode!).
  • Spiff
    Spiff about 11 years
    @JPC listen to Guy Harris. He knows a thing or two about Wireshark.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to set CommView to capture a specific wifi instead of the whole channel?
How do I put my wireless interface back into managed mode from monitor mode in Mac OS X without rebooting?
How to sniff for wireless MAC addresses in area - My laptop got stolen
iPhone won't connect to home wireless network - but laptop will?
Macbook Air wifi speeds are very slow
ASUS router EA-N66R has different subnet mask than laptop
What are the key differences between 2.4 Ghz and 5 Ghz Wifi distribution?
What do these advanced wireless LAN card properties specify?
Can a second router connect via WAN to another Router and establish a second network?
My router shows two IP addresses for my son's lap top