Wireshark
4.3.0
The Wireshark network protocol analyzer
|
Functions | |
void | AirpcapGetVersion (unsigned *VersionMajor, unsigned *VersionMinor, unsigned *VersionRev, unsigned *VersionBuild) |
Return a string with the API version. More... | |
char * | AirpcapGetLastError (PAirpcapHandle AdapterHandle) |
Return the last error related to the specified handle. More... | |
bool | AirpcapGetDeviceList (PAirpcapDeviceDescription *PPAllDevs, char *Ebuf) |
Return the list of available devices. More... | |
void | AirpcapFreeDeviceList (PAirpcapDeviceDescription PAllDevs) |
Free a list of devices returned by AirpcapGetDeviceList() More... | |
PAirpcapHandle | AirpcapOpen (char *DeviceName, char *Ebuf) |
Open an adapter. More... | |
void | AirpcapClose (PAirpcapHandle AdapterHandle) |
Close an adapter. More... | |
bool | AirpcapSetMonitorMode (PAirpcapHandle AdapterHandle, bool MonitorModeEnabled) |
Sets the monitor mode for the specified adapter. More... | |
bool | AirpcapGetMonitorMode (PAirpcapHandle AdapterHandle, bool *PMonitorModeEnabled) |
Returns true if the specified adapter is in monitor mode. More... | |
bool | AirpcapSetLinkType (PAirpcapHandle AdapterHandle, AirpcapLinkType NewLinkType) |
Set the link type of an adapter. More... | |
bool | AirpcapGetLinkType (PAirpcapHandle AdapterHandle, PAirpcapLinkType PLinkType) |
Get the link type of the specified adapter. More... | |
bool | AirpcapSetFcsPresence (PAirpcapHandle AdapterHandle, bool IsFcsPresent) |
Configures the adapter on whether to include the MAC Frame Check Sequence in the captured packets. More... | |
bool | AirpcapGetFcsPresence (PAirpcapHandle AdapterHandle, bool *PIsFcsPresent) |
Returns true if the specified adapter includes the MAC Frame Check Sequence in the captured packets. More... | |
bool | AirpcapSetFcsValidation (PAirpcapHandle AdapterHandle, AirpcapValidationType ValidationType) |
Configures the adapter to accept or drop frames with an incorrect Frame Check sequence (FCS). More... | |
bool | AirpcapGetFcsValidation (PAirpcapHandle AdapterHandle, PAirpcapValidationType ValidationType) |
Checks if the specified adapter is configured to capture frames with incorrect an incorrect Frame Check Sequence (FCS). More... | |
bool | AirpcapSetDeviceKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection) |
Set the list of decryption keys that the driver is going to use with the specified device. More... | |
bool | AirpcapGetDeviceKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection, unsigned *PKeysCollectionSize) |
Returns the list of decryption keys in the driver that are currently associated with the specified device. More... | |
bool | AirpcapSetDriverKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection) |
Set the global list of decryption keys that the driver is going to use with all the devices. More... | |
bool | AirpcapGetDriverKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection, unsigned *PKeysCollectionSize) |
Returns the global list of decryption keys in the driver that are associated with all the devices. More... | |
bool | AirpcapSetDecryptionState (PAirpcapHandle AdapterHandle, AirpcapDecryptionState Enable) |
Turns on or off the decryption of the incoming frames with the adapter-specific keys. More... | |
bool | AirpcapGetDecryptionState (PAirpcapHandle AdapterHandle, PAirpcapDecryptionState PEnable) |
Tells if this open instance is configured to perform the decryption of the incoming frames with the adapter-specific keys. More... | |
bool | AirpcapSetDriverDecryptionState (PAirpcapHandle AdapterHandle, AirpcapDecryptionState Enable) |
Turns on or off the decryption of the incoming frames with the global driver set of keys. More... | |
bool | AirpcapGetDriverDecryptionState (PAirpcapHandle AdapterHandle, PAirpcapDecryptionState PEnable) |
Tells if this open instance is configured to perform the decryption of the incoming frames with the global driver set of keys. More... | |
bool | AirpcapSetDeviceChannel (PAirpcapHandle AdapterHandle, unsigned Channel) |
Set the radio channel of a device. More... | |
bool | AirpcapGetDeviceChannel (PAirpcapHandle AdapterHandle, unsigned *PChannel) |
Get the radio channel of a device. More... | |
bool | AirpcapSetKernelBuffer (PAirpcapHandle AdapterHandle, unsigned BufferSize) |
Set the size of the kernel packet buffer for this adapter. More... | |
bool | AirpcapGetKernelBufferSize (PAirpcapHandle AdapterHandle, unsigned *PSizeBytes) |
Get the size of the kernel packet buffer for this adapter. More... | |
bool | AirpcapStoreCurConfigAsAdapterDefault (PAirpcapHandle AdapterHandle) |
Saves the configuration of the specified adapter in the registry, so that it becomes the default for this adapter. More... | |
bool | AirpcapSetFilter (PAirpcapHandle AdapterHandle, void *Instructions, unsigned Len) |
Set the BPF kernel filter for an adapter. More... | |
bool | AirpcapGetMacAddress (PAirpcapHandle AdapterHandle, PAirpcapMacAddress PMacAddress) |
Return the MAC address of an adapter. More... | |
bool | AirpcapSetMinToCopy (PAirpcapHandle AdapterHandle, unsigned MinToCopy) |
Set the mintocopy parameter for an open adapter. More... | |
bool | AirpcapGetReadEvent (PAirpcapHandle AdapterHandle, void ***PReadEvent) |
Gets an event that is signaled when that is signalled when packets are available in the kernel buffer (see AirpcapSetMinToCopy()). More... | |
bool | AirpcapRead (PAirpcapHandle AdapterHandle, uint8_t *Buffer, unsigned BufSize, unsigned *PReceievedBytes) |
Fills a user-provided buffer with zero or more packets that have been captured on the referenced adapter. More... | |
bool | AirpcapWrite (PAirpcapHandle AdapterHandle, char *TxPacket, uint32_t PacketLen) |
Transmits a packet. More... | |
bool | AirpcapGetStats (PAirpcapHandle AdapterHandle, PAirpcapStats PStats) |
Get per-adapter WinPcap-compatible capture statistics. More... | |
bool | AirpcapGetLedsNumber (PAirpcapHandle AdapterHandle, unsigned *NumberOfLeds) |
Get the number of LEDs the referenced adapter has available. More... | |
bool | AirpcapTurnLedOn (PAirpcapHandle AdapterHandle, unsigned LedNumber) |
Turn on one of the adapter's LEDs. More... | |
bool | AirpcapTurnLedOff (PAirpcapHandle AdapterHandle, unsigned LedNumber) |
Turn off one of the adapter's LEDs. More... | |
bool | AirpcapSetDeviceChannelEx (PAirpcapHandle AdapterHandle, AirpcapChannelInfo ChannelInfo) |
Set the channel of a device through its radio frequency. In case of 802.11n enabled devices, it sets the extension channel, if used. More... | |
bool | AirpcapGetDeviceChannelEx (PAirpcapHandle AdapterHandle, PAirpcapChannelInfo PChannelInfo) |
Get the channel of a device through its radiofrequency. In case of 802.11n enabled devices, it gets the extension channel, if in use. More... | |
bool | AirpcapGetDeviceSupportedChannels (PAirpcapHandle AdapterHandle, PAirpcapChannelInfo *ppChannelInfo, unsigned *pNumChannelInfo) |
Get the list of supported channels for a given device. In case of a 802.11n capable device, information related to supported extension channels is also reported. More... | |
bool | AirpcapConvertFrequencyToChannel (unsigned Frequency, unsigned *PChannel, PAirpcapChannelBand PBand) |
Converts a given frequency to the corresponding channel. More... | |
bool | AirpcapConvertChannelToFrequency (unsigned Channel, unsigned *PFrequency) |
Converts a given channel to the corresponding frequency. More... | |
Variables | |
struct _AirpcapDeviceDescription * | _AirpcapDeviceDescription::next |
char * | _AirpcapDeviceDescription::Name |
char * | _AirpcapDeviceDescription::Description |
unsigned | _AirpcapKey::KeyType |
unsigned | _AirpcapKey::KeyLen |
uint8_t | _AirpcapKey::KeyData [WEP_KEY_MAX_SIZE] |
uint8_t | _AirpcapMacAddress::Address [6] |
unsigned | _AirpcapKeysCollection::nKeys |
AirpcapKey | _AirpcapKeysCollection::Keys [1] |
unsigned | _AirpcapBpfHeader::TsSec |
unsigned | _AirpcapBpfHeader::TsUsec |
unsigned | _AirpcapBpfHeader::Caplen |
unsigned | _AirpcapBpfHeader::Originallen |
uint16_t | _AirpcapBpfHeader::Hdrlen |
unsigned | _AirpcapStats::Recvs |
unsigned | _AirpcapStats::Drops |
unsigned | _AirpcapStats::IfDrops |
unsigned | _AirpcapStats::Capt |
unsigned | _AirpcapChannelInfo::Frequency |
int8_t | _AirpcapChannelInfo::ExtChannel |
802.11n specific. Offset of the extension channel in case of 40MHz channels. More... | |
uint8_t | _AirpcapChannelInfo::Reserved [3] |
void AirpcapClose | ( | PAirpcapHandle | AdapterHandle | ) |
Close an adapter.
AdapterHandle | Handle to the adapter to close. |
bool AirpcapConvertChannelToFrequency | ( | unsigned | Channel, |
unsigned * | PFrequency | ||
) |
Converts a given channel to the corresponding frequency.
Channel | Channel number to be converted. |
PFrequency | Pointer to a user-supplied variable that will contain the channel frequency in MHz on success. |
bool AirpcapConvertFrequencyToChannel | ( | unsigned | Frequency, |
unsigned * | PChannel, | ||
PAirpcapChannelBand | PBand | ||
) |
Converts a given frequency to the corresponding channel.
Frequency | Frequency of the channel, in MHz. |
PChannel | Pointer to a user-supplied variable that will contain the channel number on success. |
PBand | Pointer to a user-supplied variable that will contain the band (a or b/g) of the given channel. |
void AirpcapFreeDeviceList | ( | PAirpcapDeviceDescription | PAllDevs | ) |
Free a list of devices returned by AirpcapGetDeviceList()
PAllDevs | Head of the list of devices returned by AirpcapGetDeviceList(). |
bool AirpcapGetDecryptionState | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapDecryptionState | PEnable | ||
) |
Tells if this open instance is configured to perform the decryption of the incoming frames with the adapter-specific keys.
AdapterHandle | Handle to the adapter. |
PEnable | Pointer to a user supplied variable that will contain the decryption configuration. See _AirpcapDecryptionState for details. |
The adapter-specific decryption keys can be configured with the AirpcapSetDeviceKeys() function.
bool AirpcapGetDeviceChannel | ( | PAirpcapHandle | AdapterHandle, |
unsigned * | PChannel | ||
) |
Get the radio channel of a device.
AdapterHandle | Handle to the adapter. |
PChannel | Pointer to a user-supplied variable into which the function will copy the currently configured radio channel. |
The list of available channels can be retrieved with AirpcapGetDeviceSupportedChannels(). The default channel setting is 6.
bool AirpcapGetDeviceChannelEx | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapChannelInfo | PChannelInfo | ||
) |
Get the channel of a device through its radiofrequency. In case of 802.11n enabled devices, it gets the extension channel, if in use.
AdapterHandle | Handle to the adapter. |
PChannelInfo | Pointer to a user-supplied variable into which the function will copy the currently configured channel information. |
bool AirpcapGetDeviceKeys | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapKeysCollection | KeysCollection, | ||
unsigned * | PKeysCollectionSize | ||
) |
Returns the list of decryption keys in the driver that are currently associated with the specified device.
AdapterHandle | Handle to an open adapter instance. |
KeysCollection | User-allocated PAirpcapKeysCollection structure that will be filled with the keys. |
PKeysCollectionSize | IN: pointer to a user-allocated variable that contains the length of the KeysCollection structure, in bytes. OUT: amount of data moved by the driver in the buffer pointed by KeysBuffer, in bytes. |
This function returns the adapter-specific set of keys. These keys are used by the specified adapter only, and not by other airpcap devices besides the specified one.
The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application. The driver supports, for every device, multiple keys at the same time.
The configured decryption keys are device-specific, therefore AirpcapGetDeviceKeys() will return a different set of keys when called on different devices.
At this time, the only supported decryption method is WEP.
bool AirpcapGetDeviceList | ( | PAirpcapDeviceDescription * | PPAllDevs, |
char * | Ebuf | ||
) |
Return the list of available devices.
PPAllDevs | Address to a caller allocated pointer. On success this pointer will receive the head of a list of available devices. |
Ebuf | String that will contain error information if false is returned. The size of the string must be AIRPCAP_ERRBUF_SIZE bytes. |
Here's a snippet of code that shows how to use AirpcapGetDeviceList():
bool AirpcapGetDeviceSupportedChannels | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapChannelInfo * | ppChannelInfo, | ||
unsigned * | pNumChannelInfo | ||
) |
Get the list of supported channels for a given device. In case of a 802.11n capable device, information related to supported extension channels is also reported.
Every control channel is listed multiple times, one for each different supported extension channel. For example channel 6 (2437MHz) is usually listed three times:
AdapterHandle | Handle to the adapter. |
ppChannelInfo | Pointer to a user-supplied variable that will point to an array of supported channel. Such list must not be freed by the caller |
pNumChannelInfo | Number of channels returned in the array. |
bool AirpcapGetDriverDecryptionState | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapDecryptionState | PEnable | ||
) |
Tells if this open instance is configured to perform the decryption of the incoming frames with the global driver set of keys.
AdapterHandle | Handle to the adapter. |
PEnable | Pointer to a user supplied variable that will contain the decryption configuration. See _AirpcapDecryptionState for details. |
The global decryption keys can be configured with the AirpcapSetDriverKeys() function.
bool AirpcapGetDriverKeys | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapKeysCollection | KeysCollection, | ||
unsigned * | PKeysCollectionSize | ||
) |
Returns the global list of decryption keys in the driver that are associated with all the devices.
AdapterHandle | Handle to an open adapter instance. |
KeysCollection | User-allocated PAirpcapKeysCollection structure that will be filled with the keys. |
PKeysCollectionSize | IN: pointer to a user-allocated variable that contains the length of the KeysCollection structure, in bytes. OUT: amount of data moved by the driver in the buffer pointed by KeysBuffer, in bytes. |
This function returns the global driver set of keys. These keys will be used by all the adapters plugged in the machine.
The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.
At this time, the only supported decryption method is WEP.
bool AirpcapGetFcsPresence | ( | PAirpcapHandle | AdapterHandle, |
bool * | PIsFcsPresent | ||
) |
Returns true if the specified adapter includes the MAC Frame Check Sequence in the captured packets.
AdapterHandle | Handle to the adapter. |
PIsFcsPresent | User-provided variable that will be set to true if the adapter is including the FCS. |
In the default configuration, the adapter has FCS inclusion turned on. The MAC Frame Check Sequence is 4 bytes and is located at the end of the 802.11 packet, with both AIRPCAP_LT_802_11 and AIRPCAP_LT_802_11_PLUS_RADIO link types. When the FCS inclusion is turned on, and if the link type is AIRPCAP_LT_802_11_PLUS_RADIO, the radiotap header that precedes each frame has two additional fields at the end: Padding and FCS. These two fields are not present when FCS inclusion is off.
bool AirpcapGetFcsValidation | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapValidationType | ValidationType | ||
) |
Checks if the specified adapter is configured to capture frames with incorrect an incorrect Frame Check Sequence (FCS).
AdapterHandle | Handle to the adapter. |
ValidationType | Pointer to a user supplied variable that will contain the type of validation the driver will perform. See the documentation of AirpcapValidationType for details. |
bool AirpcapGetKernelBufferSize | ( | PAirpcapHandle | AdapterHandle, |
unsigned * | PSizeBytes | ||
) |
Get the size of the kernel packet buffer for this adapter.
AdapterHandle | Handle to the adapter. |
PSizeBytes | User-allocated variable that will be filled with the size of the kernel buffer. |
Every AirPcap open instance has an associated kernel buffer, whose default size is 1 Mbyte. This function can be used to get the size of this buffer.
char* AirpcapGetLastError | ( | PAirpcapHandle | AdapterHandle | ) |
Return the last error related to the specified handle.
AdapterHandle | Handle to an open adapter. |
bool AirpcapGetLedsNumber | ( | PAirpcapHandle | AdapterHandle, |
unsigned * | NumberOfLeds | ||
) |
Get the number of LEDs the referenced adapter has available.
AdapterHandle | Handle to the adapter. |
NumberOfLeds | Number of LEDs available on this adapter. |
bool AirpcapGetLinkType | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapLinkType | PLinkType | ||
) |
Get the link type of the specified adapter.
AdapterHandle | Handle to the adapter. |
PLinkType | Pointer to a caller allocated AirpcapLinkType variable that will contain the link type of the adapter. |
the "link type" determines how the driver will encode the packets captured from the network. Aircap supports two link types:
bool AirpcapGetMacAddress | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapMacAddress | PMacAddress | ||
) |
Return the MAC address of an adapter.
AdapterHandle | Handle to the adapter. |
PMacAddress | Pointer to a user allocated MAC address. The size of this buffer needs to be at least 6 bytes. |
bool AirpcapGetMonitorMode | ( | PAirpcapHandle | AdapterHandle, |
bool * | PMonitorModeEnabled | ||
) |
Returns true if the specified adapter is in monitor mode.
AdapterHandle | Handle to the adapter. |
PMonitorModeEnabled | User-provided variable that will be set to true if the adapter is in monitor mode. |
bool AirpcapGetReadEvent | ( | PAirpcapHandle | AdapterHandle, |
void *** | PReadEvent | ||
) |
Gets an event that is signaled when that is signalled when packets are available in the kernel buffer (see AirpcapSetMinToCopy()).
AdapterHandle | Handle to the adapter. |
PReadEvent | Pointer to a user-supplied handle that in which the read event will be copied. |
bool AirpcapGetStats | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapStats | PStats | ||
) |
Get per-adapter WinPcap-compatible capture statistics.
AdapterHandle | Handle to the adapter. |
PStats | pointer to a user-allocated AirpcapStats structure that will be filled with statistical information. |
void AirpcapGetVersion | ( | unsigned * | VersionMajor, |
unsigned * | VersionMinor, | ||
unsigned * | VersionRev, | ||
unsigned * | VersionBuild | ||
) |
Return a string with the API version.
VersionMajor | Pointer to a variable that will be filled with the major version number. |
VersionMinor | Pointer to a variable that will be filled with the minor version number. |
VersionRev | Pointer to a variable that will be filled with the revision number. |
VersionBuild | Pointer to a variable that will be filled with the build number. |
PAirpcapHandle AirpcapOpen | ( | char * | DeviceName, |
char * | Ebuf | ||
) |
Open an adapter.
DeviceName | Name of the device to open. Use AirpcapGetDeviceList() to get the list of devices. |
Ebuf | String that will contain error information in case of failure. The size of the string must be AIRPCAP_ERRBUF_SIZE bytes. |
bool AirpcapRead | ( | PAirpcapHandle | AdapterHandle, |
uint8_t * | Buffer, | ||
unsigned | BufSize, | ||
unsigned * | PReceievedBytes | ||
) |
Fills a user-provided buffer with zero or more packets that have been captured on the referenced adapter.
AdapterHandle | Handle to the adapter. |
Buffer | pointer to the buffer that will be filled with captured packets. |
BufSize | size of the input buffer that will contain the packets, in bytes. |
PReceievedBytes | Pointer to a user supplied variable that will receive the number of bytes copied by AirpcapRead. Can be smaller than BufSize. |
802.11 frames are returned by the driver in buffers. Every 802.11 frame in the buffer is preceded by a AirpcapBpfHeader structure. The suggested way to use an AirPcap adapter is through the pcap API exported by wpcap.dll. If this is not possible, the Capture_radio and Capture_no_radio examples in the AirPcap developer's pack show how to properly decode the packets in the read buffer returned by AirpcapRead().
bool AirpcapSetDecryptionState | ( | PAirpcapHandle | AdapterHandle, |
AirpcapDecryptionState | Enable | ||
) |
Turns on or off the decryption of the incoming frames with the adapter-specific keys.
AdapterHandle | Handle to the adapter. |
Enable | Either AIRPCAP_DECRYPTION_ON or AIRPCAP_DECRYPTION_OFF |
The adapter-specific decryption keys can be configured with the AirpcapSetDeviceKeys() function.
bool AirpcapSetDeviceChannel | ( | PAirpcapHandle | AdapterHandle, |
unsigned | Channel | ||
) |
Set the radio channel of a device.
AdapterHandle | Handle to the adapter. |
Channel | the new channel to set. |
The list of available channels can be retrieved with AirpcapGetDeviceSupportedChannels(). The default channel setting is 6.
bool AirpcapSetDeviceChannelEx | ( | PAirpcapHandle | AdapterHandle, |
AirpcapChannelInfo | ChannelInfo | ||
) |
Set the channel of a device through its radio frequency. In case of 802.11n enabled devices, it sets the extension channel, if used.
AdapterHandle | Handle to the adapter. |
ChannelInfo | The new channel information to set. |
bool AirpcapSetDeviceKeys | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapKeysCollection | KeysCollection | ||
) |
Set the list of decryption keys that the driver is going to use with the specified device.
AdapterHandle | Handle an open adapter instance. |
KeysCollection | Pointer to a PAirpcapKeysCollection structure that contains the keys to be set in the driver. |
The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.
This function allows to set the adapter-specific set of keys. These keys will be used by the specified adapter only, and will not be used by other airpcap devices besides the specified one.
At this time, the only supported decryption method is WEP.
The keys are applied to the packets in the same order they appear in the KeysCollection structure until the packet is correctly decrypted, therefore putting frequently used keys at the beginning of the structure improves performance.
bool AirpcapSetDriverDecryptionState | ( | PAirpcapHandle | AdapterHandle, |
AirpcapDecryptionState | Enable | ||
) |
Turns on or off the decryption of the incoming frames with the global driver set of keys.
AdapterHandle | Handle to the adapter. |
Enable | Either AIRPCAP_DECRYPTION_ON or AIRPCAP_DECRYPTION_OFF |
The global decryption keys can be configured with the AirpcapSetDriverKeys() function.
bool AirpcapSetDriverKeys | ( | PAirpcapHandle | AdapterHandle, |
PAirpcapKeysCollection | KeysCollection | ||
) |
Set the global list of decryption keys that the driver is going to use with all the devices.
AdapterHandle | Handle an open adapter instance. |
KeysCollection | Pointer to a PAirpcapKeysCollection structure that contains the keys to be set in the driver. |
The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.
This function allows to set the global driver set of keys. These keys will be used by all the adapters plugged in the machine.
At this time, the only supported decryption method is WEP.
The keys are applied to the packets in the same order they appear in the KeysCollection structure until the packet is correctly decrypted, therefore putting frequently used keys at the beginning of the structure improves performance.
bool AirpcapSetFcsPresence | ( | PAirpcapHandle | AdapterHandle, |
bool | IsFcsPresent | ||
) |
Configures the adapter on whether to include the MAC Frame Check Sequence in the captured packets.
AdapterHandle | Handle to the adapter. |
IsFcsPresent | true if the packets should include the FCS. false otherwise |
In the default configuration, the adapter includes the FCS in the captured packets. The MAC Frame Check Sequence is 4 bytes and is located at the end of the 802.11 packet, with both AIRPCAP_LT_802_11 and AIRPCAP_LT_802_11_PLUS_RADIO link types. When the FCS inclusion is turned on, and if the link type is AIRPCAP_LT_802_11_PLUS_RADIO, the radiotap header that precedes each frame has two additional fields at the end: Padding and FCS. These two fields are not present when FCS inclusion is off.
bool AirpcapSetFcsValidation | ( | PAirpcapHandle | AdapterHandle, |
AirpcapValidationType | ValidationType | ||
) |
Configures the adapter to accept or drop frames with an incorrect Frame Check sequence (FCS).
AdapterHandle | Handle to the adapter. |
ValidationType | The type of validation the driver will perform. See the documentation of AirpcapValidationType for details. |
bool AirpcapSetFilter | ( | PAirpcapHandle | AdapterHandle, |
void * | Instructions, | ||
unsigned | Len | ||
) |
Set the BPF kernel filter for an adapter.
AdapterHandle | Handle to the adapter. |
Instructions | pointer to the first BPF instruction in the array. Corresponds to the bf_insns in a bpf_program structure (see the WinPcap documentation at https://www.winpcap.org/devel.htm). |
Len | Number of instructions in the array pointed by the previous field. Corresponds to the bf_len in a bpf_program structure (see the WinPcap documentation at https://www.winpcap.org/devel.htm). |
The AirPcap driver is able to perform kernel-level filtering using the standard BPF pseudo-machine format. You can read the WinPcap documentation at https://www.winpcap.org/devel.htm for more details on the BPF filtering mechanism.
A filter can be automatically created by using the pcap_compile() function of the WinPcap API. This function converts a human readable text expression with the tcpdump/libpcap syntax into a BPF program. If your program doesn't link wpcap, but you need to generate the code for a particular filter, you can run WinDump with the -d or -dd or -ddd flags to obtain the pseudocode.
bool AirpcapSetKernelBuffer | ( | PAirpcapHandle | AdapterHandle, |
unsigned | BufferSize | ||
) |
Set the size of the kernel packet buffer for this adapter.
AdapterHandle | Handle to the adapter. |
BufferSize | New size, in bytes. |
Every AirPcap open instance has an associated kernel buffer, whose default size is 1 Mbyte. This function can be used to change the size of this buffer, and can be called at any time. A bigger kernel buffer size decreases the risk of dropping packets during network bursts or when the application is busy, at the cost of higher kernel memory usage.
bool AirpcapSetLinkType | ( | PAirpcapHandle | AdapterHandle, |
AirpcapLinkType | NewLinkType | ||
) |
Set the link type of an adapter.
AdapterHandle | Handle to the adapter. |
NewLinkType | the "link type", i.e. the format of the frames that will be received from the adapter. |
the "link type" determines how the driver will encode the packets captured from the network. Aircap supports two link types:
bool AirpcapSetMinToCopy | ( | PAirpcapHandle | AdapterHandle, |
unsigned | MinToCopy | ||
) |
Set the mintocopy parameter for an open adapter.
AdapterHandle | Handle to the adapter. |
MinToCopy | is the mintocopy size in bytes. |
When the number of bytes in the kernel buffer changes from less than mintocopy bytes to greater than or equal to mintocopy bytes, the read event is signalled (see AirpcapGetReadEvent()). A high value for mintocopy results in poor responsiveness since the driver may signal the application "long" after the arrival of the packet. And a high value results in low CPU loading by minimizing the number of user/kernel context switches. A low MinToCopy results in good responsiveness since the driver will signal the application close to the arrival time of the packet. This has higher CPU loading over the first approach.
bool AirpcapSetMonitorMode | ( | PAirpcapHandle | AdapterHandle, |
bool | MonitorModeEnabled | ||
) |
Sets the monitor mode for the specified adapter.
AdapterHandle | Handle to the adapter. |
MonitorModeEnabled | If true, the adapter will be put in monitor mode. If false, the adapter will be configured for normal operation. |
When monitor mode is on, the adapter captures all the packets transmitted on the channel. This includes:
When monitor mode is off, the adapter has a filter on unicast packets to capture only the packets whose MAC destination address equals to the adapter's address. This means the following frames will be received:
The main reason to turn monitor mode off is that, when not in monitor mode, the adapter will acknowledge the data frames sent to its address. This is useful when the adapter needs to interact with other devices on the 802.11 network, because handling the ACKs in software is too slow.
bool AirpcapStoreCurConfigAsAdapterDefault | ( | PAirpcapHandle | AdapterHandle | ) |
Saves the configuration of the specified adapter in the registry, so that it becomes the default for this adapter.
AdapterHandle | Handle to the adapter. |
Almost all the AirPcap calls that modify the configuration (AirpcapSetLinkType(), AirpcapSetFcsPresence(), AirpcapSetFcsValidation(), AirpcapSetKernelBuffer(), AirpcapSetMinToCopy()) affect only the referenced AirPcap open instance. This means that if you do another AirpcapOpen() on the same adapter, the configuration changes will not be remembered, and the new adapter handle will have default configuration settings.
Exceptions to this rule are the AirpcapSetDeviceChannel() and AirpcapSetDeviceKeys() functions: a channel change is reflected on all the open instances, and remembered until the next call to AirpcapSetDeviceChannel(), until the adapter is unplugged, or until the machine is powered off. Same thing for the configuration of the WEP keys.
AirpcapStoreCurConfigAsAdapterDefault() stores the configuration of the give open instance as the default for the adapter: all the instances opened in the future will have the same configuration that this adapter currently has. The configuration is stored in the registry, therefore it is remembered even when the adapter is unplugged or the machine is turned off. However, an adapter doesn't bring its configuration with it from machine to machine.
the configuration information saved in the registry includes the following parameters:
The configuration is adapter-specific. This means that changing the configuration of an adapter doesn't modify the one of the other adapters that are currently used or that will be used in the future.
bool AirpcapTurnLedOff | ( | PAirpcapHandle | AdapterHandle, |
unsigned | LedNumber | ||
) |
Turn off one of the adapter's LEDs.
AdapterHandle | Handle to the adapter. |
LedNumber | zero-based identifier of the LED to turn off. |
bool AirpcapTurnLedOn | ( | PAirpcapHandle | AdapterHandle, |
unsigned | LedNumber | ||
) |
Turn on one of the adapter's LEDs.
AdapterHandle | Handle to the adapter. |
LedNumber | zero-based identifier of the LED to turn on. |
bool AirpcapWrite | ( | PAirpcapHandle | AdapterHandle, |
char * | TxPacket, | ||
uint32_t | PacketLen | ||
) |
Transmits a packet.
AdapterHandle | Handle to the adapter. |
TxPacket | Pointer to a buffer that contains the packet to be transmitted. |
PacketLen | Length of the buffer pointed by the TxPacket argument, in bytes. |
The packet will be transmitted on the channel the device is currently set. To change the device adapter, use the AirpcapSetDeviceChannel() function.
If the linktype of the adapter is AIRPCAP_LT_802_11, the buffer pointed by TxPacket should contain just the 802.11 packet, without additional information. The packet will be transmitted at 1Mbps.
If the linktype of the adapter is AIRPCAP_LT_802_11_PLUS_RADIO, the buffer pointed by TxPacket should contain a radiotap header followed by the 802.11 packet. AirpcapWrite will use the rate information in the radiotap header when transmitting the packet.
int8_t _AirpcapChannelInfo::ExtChannel |
802.11n specific. Offset of the extension channel in case of 40MHz channels.
Possible values are -1, 0 +1:
In case of 802.11a/b/g channels (802.11n legacy mode), this field should be set to 0.