134:. NDIS 6 supports exposing 802.11 frames to the upper protocol levels, while previous versions only exposed fake Ethernet frames translated from the 802.11 frames. Monitor mode support in NDIS 6 is an optional feature and may or may not be implemented in the client adapter driver. The implementation details and compliance with the NDIS specifications vary from vendor to vendor. In many cases, monitor mode support is not properly implemented by the vendor. For example,
79:). Monitor mode can also be used to help design Wi-Fi networks. For a given area and channel, the number of Wi-Fi devices currently being used can be discovered. This helps to create a better Wi-Fi network that reduces interference with other Wi-Fi devices by choosing the least used Wi-Fi channels.
110:
Usually the wireless adapter is unable to transmit in monitor mode and is restricted to a single wireless channel, though this is dependent on the wireless adapter's driver, its firmware, and features of its chipset. Also, in monitor mode the adapter does not check to see if the
74:
Uses for monitor mode include: geographical packet analysis, observing of widespread traffic and acquiring knowledge of Wi-Fi technology through hands-on experience. It is especially useful for auditing unsecure channels (such as those protected with
42:
first. Monitor mode only applies to wireless networks, while promiscuous mode can be used on both wired and wireless networks. Monitor mode is one of the eight modes that
210:
184:
also provide an interface for 802.11 drivers that supports monitor mode, and many drivers for those operating systems support monitor mode as well. In
285:
127:
23:
346:
51:
341:
321:
76:
46:
wireless adapter can operate in: Master (acting as an access point), Managed (client, also known as station),
112:
47:
300:
35:
138:
drivers report incorrect dBm readings and
Realtek drivers do not include trailing 4-byte CRC values.
196:
1.0.0 and later provides an API to select monitor mode when capturing on those operating systems.
157:
99:
156:
Linux's interfaces for 802.11 drivers support monitor mode and many drivers offer that support.
130:(NDIS) API has supported extensions for monitor mode since NDIS version 6, first available in
124:
87:
205:
27:
325:
189:
142:
115:(CRC) values are correct for packets captured, so some captured packets may be corrupted.
91:
258:
230:
39:
31:
335:
181:
131:
59:
55:
34:, monitor mode allows packets to be captured without having to associate with an
168:) and every other manufacturer’s provided driver doesn’t support monitor mode.
266:
238:
322:
AirSnort FAQ: What is the difference between monitor and promiscuous mode?
185:
165:
150:
146:
177:
169:
173:
161:
135:
83:
43:
26:(WNIC) to monitor all traffic received on a wireless channel. Unlike
22:, or RFMON (Radio Frequency MONitor) mode, allows a computer with a
287:
Aircrack/Aireplay-ng Under Packet
Injection Monitor Mode in Windows
153:
for WiFi provide their own device drivers to support monitor mode.
192:
network adapters allow the adapter to be put into monitor mode.
193:
95:
63:
141:
For versions of
Windows prior to Windows Vista, some
98:
files, provide a user interface for passive wireless
263:Windows Driver Kit: Network Devices and Protocols
235:Windows Driver Kit: Network Devices and Protocols
8:
211:Comparison of open-source wireless drivers
188:10.4 and later releases, the drivers for
222:
16:Mode for a network interface controller
128:Network Driver Interface Specification
24:wireless network interface controller
7:
301:"Troubleshooting Wireless Drivers"
145:applications such as Wildpackets'
14:
328: (archived December 30, 2014)
231:"Network Monitor Operation Mode"
259:"Indicating Raw 802.11 Packets"
1:
290:retrieved September 11, 2007
363:
307:. Item 3. No Monitor Mode.
30:, which is also used for
305:Kali Linux documentation
119:Operating system support
113:cyclic redundancy check
90:, in combination with
347:Wireless networking
100:network monitoring
66:and Monitor mode.
342:Network analyzers
125:Microsoft Windows
82:Software such as
354:
309:
308:
297:
291:
283:
277:
276:
274:
273:
255:
249:
248:
246:
245:
227:
206:Promiscuous mode
92:packet analyzers
28:promiscuous mode
362:
361:
357:
356:
355:
353:
352:
351:
332:
331:
326:Wayback Machine
318:
313:
312:
299:
298:
294:
284:
280:
271:
269:
257:
256:
252:
243:
241:
229:
228:
224:
219:
202:
190:AirPort Extreme
149:and TamoSoft's
143:packet analyzer
121:
108:
72:
32:packet sniffing
17:
12:
11:
5:
360:
358:
350:
349:
344:
334:
333:
330:
329:
317:
316:External links
314:
311:
310:
292:
278:
250:
221:
220:
218:
215:
214:
213:
208:
201:
198:
120:
117:
107:
104:
94:that can read
71:
68:
40:ad hoc network
15:
13:
10:
9:
6:
4:
3:
2:
359:
348:
345:
343:
340:
339:
337:
327:
323:
320:
319:
315:
306:
302:
296:
293:
289:
288:
282:
279:
268:
264:
260:
254:
251:
240:
236:
232:
226:
223:
216:
212:
209:
207:
204:
203:
199:
197:
195:
191:
187:
183:
182:DragonFly BSD
179:
175:
171:
167:
163:
159:
154:
152:
148:
144:
139:
137:
133:
132:Windows Vista
129:
126:
118:
116:
114:
105:
103:
101:
97:
93:
89:
85:
80:
78:
69:
67:
65:
61:
57:
53:
49:
45:
41:
37:
33:
29:
25:
21:
304:
295:
286:
281:
270:. Retrieved
262:
253:
242:. Retrieved
234:
225:
155:
140:
122:
109:
81:
73:
60:Wi-Fi Direct
36:access point
20:Monitor mode
19:
18:
158:STA drivers
106:Limitations
336:Categories
272:2007-11-30
244:2007-11-30
217:References
267:Microsoft
239:Microsoft
200:See also
186:Mac OS X
166:Broadcom
151:CommView
147:OmniPeek
52:Repeater
324:at the
194:Libpcap
178:OpenBSD
170:FreeBSD
180:, and
174:NetBSD
162:Ralink
136:Ralink
88:Kismet
84:KisMAC
48:Ad hoc
44:802.11
123:The
96:pcap
70:Uses
64:TDLS
56:Mesh
86:or
77:WEP
38:or
338::
303:.
265:.
261:.
237:.
233:.
176:,
172:,
164:,
102:.
62:,
58:,
54:,
50:,
275:.
247:.
160:(
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.