Wireshark  4.3.0
The Wireshark network protocol analyzer
Enumerator | Functions | Variables

Functions

void AirpcapGetVersion (unsigned *VersionMajor, unsigned *VersionMinor, unsigned *VersionRev, unsigned *VersionBuild)
 Return a string with the API version. More...
 
char * AirpcapGetLastError (PAirpcapHandle AdapterHandle)
 Return the last error related to the specified handle. More...
 
bool AirpcapGetDeviceList (PAirpcapDeviceDescription *PPAllDevs, char *Ebuf)
 Return the list of available devices. More...
 
void AirpcapFreeDeviceList (PAirpcapDeviceDescription PAllDevs)
 Free a list of devices returned by AirpcapGetDeviceList() More...
 
PAirpcapHandle AirpcapOpen (char *DeviceName, char *Ebuf)
 Open an adapter. More...
 
void AirpcapClose (PAirpcapHandle AdapterHandle)
 Close an adapter. More...
 
bool AirpcapSetMonitorMode (PAirpcapHandle AdapterHandle, bool MonitorModeEnabled)
 Sets the monitor mode for the specified adapter. More...
 
bool AirpcapGetMonitorMode (PAirpcapHandle AdapterHandle, bool *PMonitorModeEnabled)
 Returns true if the specified adapter is in monitor mode. More...
 
bool AirpcapSetLinkType (PAirpcapHandle AdapterHandle, AirpcapLinkType NewLinkType)
 Set the link type of an adapter. More...
 
bool AirpcapGetLinkType (PAirpcapHandle AdapterHandle, PAirpcapLinkType PLinkType)
 Get the link type of the specified adapter. More...
 
bool AirpcapSetFcsPresence (PAirpcapHandle AdapterHandle, bool IsFcsPresent)
 Configures the adapter on whether to include the MAC Frame Check Sequence in the captured packets. More...
 
bool AirpcapGetFcsPresence (PAirpcapHandle AdapterHandle, bool *PIsFcsPresent)
 Returns true if the specified adapter includes the MAC Frame Check Sequence in the captured packets. More...
 
bool AirpcapSetFcsValidation (PAirpcapHandle AdapterHandle, AirpcapValidationType ValidationType)
 Configures the adapter to accept or drop frames with an incorrect Frame Check sequence (FCS). More...
 
bool AirpcapGetFcsValidation (PAirpcapHandle AdapterHandle, PAirpcapValidationType ValidationType)
 Checks if the specified adapter is configured to capture frames with incorrect an incorrect Frame Check Sequence (FCS). More...
 
bool AirpcapSetDeviceKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection)
 Set the list of decryption keys that the driver is going to use with the specified device. More...
 
bool AirpcapGetDeviceKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection, unsigned *PKeysCollectionSize)
 Returns the list of decryption keys in the driver that are currently associated with the specified device. More...
 
bool AirpcapSetDriverKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection)
 Set the global list of decryption keys that the driver is going to use with all the devices. More...
 
bool AirpcapGetDriverKeys (PAirpcapHandle AdapterHandle, PAirpcapKeysCollection KeysCollection, unsigned *PKeysCollectionSize)
 Returns the global list of decryption keys in the driver that are associated with all the devices. More...
 
bool AirpcapSetDecryptionState (PAirpcapHandle AdapterHandle, AirpcapDecryptionState Enable)
 Turns on or off the decryption of the incoming frames with the adapter-specific keys. More...
 
bool AirpcapGetDecryptionState (PAirpcapHandle AdapterHandle, PAirpcapDecryptionState PEnable)
 Tells if this open instance is configured to perform the decryption of the incoming frames with the adapter-specific keys. More...
 
bool AirpcapSetDriverDecryptionState (PAirpcapHandle AdapterHandle, AirpcapDecryptionState Enable)
 Turns on or off the decryption of the incoming frames with the global driver set of keys. More...
 
bool AirpcapGetDriverDecryptionState (PAirpcapHandle AdapterHandle, PAirpcapDecryptionState PEnable)
 Tells if this open instance is configured to perform the decryption of the incoming frames with the global driver set of keys. More...
 
bool AirpcapSetDeviceChannel (PAirpcapHandle AdapterHandle, unsigned Channel)
 Set the radio channel of a device. More...
 
bool AirpcapGetDeviceChannel (PAirpcapHandle AdapterHandle, unsigned *PChannel)
 Get the radio channel of a device. More...
 
bool AirpcapSetKernelBuffer (PAirpcapHandle AdapterHandle, unsigned BufferSize)
 Set the size of the kernel packet buffer for this adapter. More...
 
bool AirpcapGetKernelBufferSize (PAirpcapHandle AdapterHandle, unsigned *PSizeBytes)
 Get the size of the kernel packet buffer for this adapter. More...
 
bool AirpcapStoreCurConfigAsAdapterDefault (PAirpcapHandle AdapterHandle)
 Saves the configuration of the specified adapter in the registry, so that it becomes the default for this adapter. More...
 
bool AirpcapSetFilter (PAirpcapHandle AdapterHandle, void *Instructions, unsigned Len)
 Set the BPF kernel filter for an adapter. More...
 
bool AirpcapGetMacAddress (PAirpcapHandle AdapterHandle, PAirpcapMacAddress PMacAddress)
 Return the MAC address of an adapter. More...
 
bool AirpcapSetMinToCopy (PAirpcapHandle AdapterHandle, unsigned MinToCopy)
 Set the mintocopy parameter for an open adapter. More...
 
bool AirpcapGetReadEvent (PAirpcapHandle AdapterHandle, void ***PReadEvent)
 Gets an event that is signaled when that is signalled when packets are available in the kernel buffer (see AirpcapSetMinToCopy()). More...
 
bool AirpcapRead (PAirpcapHandle AdapterHandle, uint8_t *Buffer, unsigned BufSize, unsigned *PReceievedBytes)
 Fills a user-provided buffer with zero or more packets that have been captured on the referenced adapter. More...
 
bool AirpcapWrite (PAirpcapHandle AdapterHandle, char *TxPacket, uint32_t PacketLen)
 Transmits a packet. More...
 
bool AirpcapGetStats (PAirpcapHandle AdapterHandle, PAirpcapStats PStats)
 Get per-adapter WinPcap-compatible capture statistics. More...
 
bool AirpcapGetLedsNumber (PAirpcapHandle AdapterHandle, unsigned *NumberOfLeds)
 Get the number of LEDs the referenced adapter has available. More...
 
bool AirpcapTurnLedOn (PAirpcapHandle AdapterHandle, unsigned LedNumber)
 Turn on one of the adapter's LEDs. More...
 
bool AirpcapTurnLedOff (PAirpcapHandle AdapterHandle, unsigned LedNumber)
 Turn off one of the adapter's LEDs. More...
 
bool AirpcapSetDeviceChannelEx (PAirpcapHandle AdapterHandle, AirpcapChannelInfo ChannelInfo)
 Set the channel of a device through its radio frequency. In case of 802.11n enabled devices, it sets the extension channel, if used. More...
 
bool AirpcapGetDeviceChannelEx (PAirpcapHandle AdapterHandle, PAirpcapChannelInfo PChannelInfo)
 Get the channel of a device through its radiofrequency. In case of 802.11n enabled devices, it gets the extension channel, if in use. More...
 
bool AirpcapGetDeviceSupportedChannels (PAirpcapHandle AdapterHandle, PAirpcapChannelInfo *ppChannelInfo, unsigned *pNumChannelInfo)
 Get the list of supported channels for a given device. In case of a 802.11n capable device, information related to supported extension channels is also reported. More...
 
bool AirpcapConvertFrequencyToChannel (unsigned Frequency, unsigned *PChannel, PAirpcapChannelBand PBand)
 Converts a given frequency to the corresponding channel. More...
 
bool AirpcapConvertChannelToFrequency (unsigned Channel, unsigned *PFrequency)
 Converts a given channel to the corresponding frequency. More...
 

Variables

struct _AirpcapDeviceDescription_AirpcapDeviceDescription::next
 
char * _AirpcapDeviceDescription::Name
 
char * _AirpcapDeviceDescription::Description
 
unsigned _AirpcapKey::KeyType
 
unsigned _AirpcapKey::KeyLen
 
uint8_t _AirpcapKey::KeyData [WEP_KEY_MAX_SIZE]
 
uint8_t _AirpcapMacAddress::Address [6]
 
unsigned _AirpcapKeysCollection::nKeys
 
AirpcapKey _AirpcapKeysCollection::Keys [1]
 
unsigned _AirpcapBpfHeader::TsSec
 
unsigned _AirpcapBpfHeader::TsUsec
 
unsigned _AirpcapBpfHeader::Caplen
 
unsigned _AirpcapBpfHeader::Originallen
 
uint16_t _AirpcapBpfHeader::Hdrlen
 
unsigned _AirpcapStats::Recvs
 
unsigned _AirpcapStats::Drops
 
unsigned _AirpcapStats::IfDrops
 
unsigned _AirpcapStats::Capt
 
unsigned _AirpcapChannelInfo::Frequency
 
int8_t _AirpcapChannelInfo::ExtChannel
 802.11n specific. Offset of the extension channel in case of 40MHz channels. More...
 
uint8_t _AirpcapChannelInfo::Reserved [3]
 

Detailed Description

Function Documentation

◆ AirpcapClose()

void AirpcapClose ( PAirpcapHandle  AdapterHandle)

Close an adapter.

Parameters
AdapterHandleHandle to the adapter to close.

◆ AirpcapConvertChannelToFrequency()

bool AirpcapConvertChannelToFrequency ( unsigned  Channel,
unsigned *  PFrequency 
)

Converts a given channel to the corresponding frequency.

Parameters
ChannelChannel number to be converted.
PFrequencyPointer to a user-supplied variable that will contain the channel frequency in MHz on success.
Returns
true on success, i.e. the given channel number exists.

◆ AirpcapConvertFrequencyToChannel()

bool AirpcapConvertFrequencyToChannel ( unsigned  Frequency,
unsigned *  PChannel,
PAirpcapChannelBand  PBand 
)

Converts a given frequency to the corresponding channel.

Parameters
FrequencyFrequency of the channel, in MHz.
PChannelPointer to a user-supplied variable that will contain the channel number on success.
PBandPointer to a user-supplied variable that will contain the band (a or b/g) of the given channel.
Returns
true on success, i.e. the frequency corresponds to a valid a or b/g channel.

◆ AirpcapFreeDeviceList()

void AirpcapFreeDeviceList ( PAirpcapDeviceDescription  PAllDevs)

Free a list of devices returned by AirpcapGetDeviceList()

Parameters
PAllDevsHead of the list of devices returned by AirpcapGetDeviceList().

◆ AirpcapGetDecryptionState()

bool AirpcapGetDecryptionState ( PAirpcapHandle  AdapterHandle,
PAirpcapDecryptionState  PEnable 
)

Tells if this open instance is configured to perform the decryption of the incoming frames with the adapter-specific keys.

Parameters
AdapterHandleHandle to the adapter.
PEnablePointer to a user supplied variable that will contain the decryption configuration. See _AirpcapDecryptionState for details.
Returns
true if the operation is successful. false otherwise.

The adapter-specific decryption keys can be configured with the AirpcapSetDeviceKeys() function.

Note
By default, the driver is configured with AIRPCAP_DECRYPTION_ON.

◆ AirpcapGetDeviceChannel()

bool AirpcapGetDeviceChannel ( PAirpcapHandle  AdapterHandle,
unsigned *  PChannel 
)

Get the radio channel of a device.

Parameters
AdapterHandleHandle to the adapter.
PChannelPointer to a user-supplied variable into which the function will copy the currently configured radio channel.
Returns
true on success.

The list of available channels can be retrieved with AirpcapGetDeviceSupportedChannels(). The default channel setting is 6.

Note
this is a device-related function: when you change the channel from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapGetDeviceChannelEx()

bool AirpcapGetDeviceChannelEx ( PAirpcapHandle  AdapterHandle,
PAirpcapChannelInfo  PChannelInfo 
)

Get the channel of a device through its radiofrequency. In case of 802.11n enabled devices, it gets the extension channel, if in use.

Parameters
AdapterHandleHandle to the adapter.
PChannelInfoPointer to a user-supplied variable into which the function will copy the currently configured channel information.
Returns
true on success.
Note
this is a device-related function: when you change the channel from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapGetDeviceKeys()

bool AirpcapGetDeviceKeys ( PAirpcapHandle  AdapterHandle,
PAirpcapKeysCollection  KeysCollection,
unsigned *  PKeysCollectionSize 
)

Returns the list of decryption keys in the driver that are currently associated with the specified device.

Parameters
AdapterHandleHandle to an open adapter instance.
KeysCollectionUser-allocated PAirpcapKeysCollection structure that will be filled with the keys.
PKeysCollectionSizeIN: pointer to a user-allocated variable that contains the length of the KeysCollection structure, in bytes. OUT: amount of data moved by the driver in the buffer pointed by KeysBuffer, in bytes.
Returns
true if the operation is successful. If an error occurs, the return value is false and KeysCollectionSize is zero. If the provided buffer is too small to contain the keys, the return value is false and KeysCollectionSize contains the needed KeysCollection length, in bytes. If the device doesn't have any decryption key configured, the return value is true, and KeysCollectionSize will be zero.

This function returns the adapter-specific set of keys. These keys are used by the specified adapter only, and not by other airpcap devices besides the specified one.

The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application. The driver supports, for every device, multiple keys at the same time.

The configured decryption keys are device-specific, therefore AirpcapGetDeviceKeys() will return a different set of keys when called on different devices.

At this time, the only supported decryption method is WEP.

◆ AirpcapGetDeviceList()

bool AirpcapGetDeviceList ( PAirpcapDeviceDescription PPAllDevs,
char *  Ebuf 
)

Return the list of available devices.

Parameters
PPAllDevsAddress to a caller allocated pointer. On success this pointer will receive the head of a list of available devices.
EbufString that will contain error information if false is returned. The size of the string must be AIRPCAP_ERRBUF_SIZE bytes.
Returns
true on success. false is returned on failure, in which case Ebuf is filled in with an appropriate error message.

Here's a snippet of code that shows how to use AirpcapGetDeviceList():

char Ebuf[AIRPCAP_ERRBUF_SIZE];
if(AirpcapGetDeviceList(&Desc, Ebuf) == -1)
{
printf("Unable to get the list of devices: %s\n", Ebuf);
return -1;
}
for(tDesc = Desc; tDesc; tDesc = tDesc->next)
{
printf("%u) %s (%s)\n",
++i,
tDesc->Name,
tDesc->Description);
}
void AirpcapFreeDeviceList(PAirpcapDeviceDescription PAllDevs)
Free a list of devices returned by AirpcapGetDeviceList()
bool AirpcapGetDeviceList(PAirpcapDeviceDescription *PPAllDevs, char *Ebuf)
Return the list of available devices.
Entry in the list returned by AirpcapGetDeviceList();.
Definition: airpcap.h:69

◆ AirpcapGetDeviceSupportedChannels()

bool AirpcapGetDeviceSupportedChannels ( PAirpcapHandle  AdapterHandle,
PAirpcapChannelInfo ppChannelInfo,
unsigned *  pNumChannelInfo 
)

Get the list of supported channels for a given device. In case of a 802.11n capable device, information related to supported extension channels is also reported.

Every control channel is listed multiple times, one for each different supported extension channel. For example channel 6 (2437MHz) is usually listed three times:

  • Frequency 2437 Extension +1. Control channel is 6, extension channel is 10.
  • Frequency 2437 Extension 0. Control channel is 6, no extension channel is used (20MHz channel and legacy mode).
  • Frequency 2437 Extension -1. Control channel is 6, extension channel is 2.
    Parameters
    AdapterHandleHandle to the adapter.
    ppChannelInfoPointer to a user-supplied variable that will point to an array of supported channel. Such list must not be freed by the caller
    pNumChannelInfoNumber of channels returned in the array.
    Returns
    true on success.
    Note
    The supported channels are not listed in any specific order.

◆ AirpcapGetDriverDecryptionState()

bool AirpcapGetDriverDecryptionState ( PAirpcapHandle  AdapterHandle,
PAirpcapDecryptionState  PEnable 
)

Tells if this open instance is configured to perform the decryption of the incoming frames with the global driver set of keys.

Parameters
AdapterHandleHandle to the adapter.
PEnablePointer to a user supplied variable that will contain the decryption configuration. See _AirpcapDecryptionState for details.
Returns
true if the operation is successful. false otherwise.

The global decryption keys can be configured with the AirpcapSetDriverKeys() function.

Note
By default, the driver is configured with AIRPCAP_DECRYPTION_ON.

◆ AirpcapGetDriverKeys()

bool AirpcapGetDriverKeys ( PAirpcapHandle  AdapterHandle,
PAirpcapKeysCollection  KeysCollection,
unsigned *  PKeysCollectionSize 
)

Returns the global list of decryption keys in the driver that are associated with all the devices.

Parameters
AdapterHandleHandle to an open adapter instance.
KeysCollectionUser-allocated PAirpcapKeysCollection structure that will be filled with the keys.
PKeysCollectionSizeIN: pointer to a user-allocated variable that contains the length of the KeysCollection structure, in bytes. OUT: amount of data moved by the driver in the buffer pointed by KeysBuffer, in bytes.
Returns
true if the operation is successful. If an error occurs, the return value is false and KeysCollectionSize is zero. If the provided buffer is too small to contain the keys, the return value is false and KeysCollectionSize contains the needed KeysCollection length, in bytes. If the device doesn't have any decryption key configured, the return value is true, and KeysCollectionSize will be zero.

This function returns the global driver set of keys. These keys will be used by all the adapters plugged in the machine.

The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.

At this time, the only supported decryption method is WEP.

◆ AirpcapGetFcsPresence()

bool AirpcapGetFcsPresence ( PAirpcapHandle  AdapterHandle,
bool *  PIsFcsPresent 
)

Returns true if the specified adapter includes the MAC Frame Check Sequence in the captured packets.

Parameters
AdapterHandleHandle to the adapter.
PIsFcsPresentUser-provided variable that will be set to true if the adapter is including the FCS.
Returns
true if the operation is successful. false otherwise.

In the default configuration, the adapter has FCS inclusion turned on. The MAC Frame Check Sequence is 4 bytes and is located at the end of the 802.11 packet, with both AIRPCAP_LT_802_11 and AIRPCAP_LT_802_11_PLUS_RADIO link types. When the FCS inclusion is turned on, and if the link type is AIRPCAP_LT_802_11_PLUS_RADIO, the radiotap header that precedes each frame has two additional fields at the end: Padding and FCS. These two fields are not present when FCS inclusion is off.

◆ AirpcapGetFcsValidation()

bool AirpcapGetFcsValidation ( PAirpcapHandle  AdapterHandle,
PAirpcapValidationType  ValidationType 
)

Checks if the specified adapter is configured to capture frames with incorrect an incorrect Frame Check Sequence (FCS).

Parameters
AdapterHandleHandle to the adapter.
ValidationTypePointer to a user supplied variable that will contain the type of validation the driver will perform. See the documentation of AirpcapValidationType for details.
Returns
true if the operation is successful. false otherwise.
Note
By default, the driver is configured in AIRPCAP_VT_ACCEPT_EVERYTHING mode.

◆ AirpcapGetKernelBufferSize()

bool AirpcapGetKernelBufferSize ( PAirpcapHandle  AdapterHandle,
unsigned *  PSizeBytes 
)

Get the size of the kernel packet buffer for this adapter.

Parameters
AdapterHandleHandle to the adapter.
PSizeBytesUser-allocated variable that will be filled with the size of the kernel buffer.
Returns
true on success.

Every AirPcap open instance has an associated kernel buffer, whose default size is 1 Mbyte. This function can be used to get the size of this buffer.

◆ AirpcapGetLastError()

char* AirpcapGetLastError ( PAirpcapHandle  AdapterHandle)

Return the last error related to the specified handle.

Parameters
AdapterHandleHandle to an open adapter.
Returns
The string with the last error.

◆ AirpcapGetLedsNumber()

bool AirpcapGetLedsNumber ( PAirpcapHandle  AdapterHandle,
unsigned *  NumberOfLeds 
)

Get the number of LEDs the referenced adapter has available.

Parameters
AdapterHandleHandle to the adapter.
NumberOfLedsNumber of LEDs available on this adapter.
Returns
true on success.

◆ AirpcapGetLinkType()

bool AirpcapGetLinkType ( PAirpcapHandle  AdapterHandle,
PAirpcapLinkType  PLinkType 
)

Get the link type of the specified adapter.

Parameters
AdapterHandleHandle to the adapter.
PLinkTypePointer to a caller allocated AirpcapLinkType variable that will contain the link type of the adapter.
Returns
true on success.

the "link type" determines how the driver will encode the packets captured from the network. Aircap supports two link types:

  • AIRPCAP_LT_802_11, to capture 802.11 frames (including control frames) without any power information. Look at the Capture_no_radio example application in the developer's pack for a reference on how to decode 802.11 frames with this link type.
  • AIRPCAP_LT_802_11_PLUS_RADIO, to capture 802.11 frames (including control frames) with a radiotap header that contains power and channel information. More information about the radiotap header can be found int the radiotap section. Moreover, the "Capture_radio" example application in the developer's pack can be used as a reference on how to decode 802.11 frames with radiotap headers.

◆ AirpcapGetMacAddress()

bool AirpcapGetMacAddress ( PAirpcapHandle  AdapterHandle,
PAirpcapMacAddress  PMacAddress 
)

Return the MAC address of an adapter.

Parameters
AdapterHandleHandle to the adapter.
PMacAddressPointer to a user allocated MAC address. The size of this buffer needs to be at least 6 bytes.
Returns
true on success.

◆ AirpcapGetMonitorMode()

bool AirpcapGetMonitorMode ( PAirpcapHandle  AdapterHandle,
bool *  PMonitorModeEnabled 
)

Returns true if the specified adapter is in monitor mode.

Parameters
AdapterHandleHandle to the adapter.
PMonitorModeEnabledUser-provided variable that will be set to true if the adapter is in monitor mode.
Returns
true if the operation is successful. false otherwise.
Note
When an adapter is plugged into the system, it's always configured with monitor mode ON. The monitor mode configuration is not stored persistently, so if you want to turn monitor mode off, you will need to do it every time you open the adapter.

◆ AirpcapGetReadEvent()

bool AirpcapGetReadEvent ( PAirpcapHandle  AdapterHandle,
void ***  PReadEvent 
)

Gets an event that is signaled when that is signalled when packets are available in the kernel buffer (see AirpcapSetMinToCopy()).

Parameters
AdapterHandleHandle to the adapter.
PReadEventPointer to a user-supplied handle that in which the read event will be copied.
Returns
true on success.
Note
the event is signalled when at least mintocopy bytes are present in the kernel buffer (see AirpcapSetMinToCopy()). This event can be used by WaitForSingleObject() and WaitForMultipleObjects() to create blocking behavior when reading packets from one or more adapters (see AirpcapRead()).

◆ AirpcapGetStats()

bool AirpcapGetStats ( PAirpcapHandle  AdapterHandle,
PAirpcapStats  PStats 
)

Get per-adapter WinPcap-compatible capture statistics.

Parameters
AdapterHandleHandle to the adapter.
PStatspointer to a user-allocated AirpcapStats structure that will be filled with statistical information.
Returns
true on success.

◆ AirpcapGetVersion()

void AirpcapGetVersion ( unsigned *  VersionMajor,
unsigned *  VersionMinor,
unsigned *  VersionRev,
unsigned *  VersionBuild 
)

Return a string with the API version.

Parameters
VersionMajorPointer to a variable that will be filled with the major version number.
VersionMinorPointer to a variable that will be filled with the minor version number.
VersionRevPointer to a variable that will be filled with the revision number.
VersionBuildPointer to a variable that will be filled with the build number.

◆ AirpcapOpen()

PAirpcapHandle AirpcapOpen ( char *  DeviceName,
char *  Ebuf 
)

Open an adapter.

Parameters
DeviceNameName of the device to open. Use AirpcapGetDeviceList() to get the list of devices.
EbufString that will contain error information in case of failure. The size of the string must be AIRPCAP_ERRBUF_SIZE bytes.
Returns
A PAirpcapHandle handle on success. NULL is returned on failure, in which case Ebuf is filled in with an appropriate error message.

◆ AirpcapRead()

bool AirpcapRead ( PAirpcapHandle  AdapterHandle,
uint8_t *  Buffer,
unsigned  BufSize,
unsigned *  PReceievedBytes 
)

Fills a user-provided buffer with zero or more packets that have been captured on the referenced adapter.

Parameters
AdapterHandleHandle to the adapter.
Bufferpointer to the buffer that will be filled with captured packets.
BufSizesize of the input buffer that will contain the packets, in bytes.
PReceievedBytesPointer to a user supplied variable that will receive the number of bytes copied by AirpcapRead. Can be smaller than BufSize.
Returns
true on success.

802.11 frames are returned by the driver in buffers. Every 802.11 frame in the buffer is preceded by a AirpcapBpfHeader structure. The suggested way to use an AirPcap adapter is through the pcap API exported by wpcap.dll. If this is not possible, the Capture_radio and Capture_no_radio examples in the AirPcap developer's pack show how to properly decode the packets in the read buffer returned by AirpcapRead().

Note
this function is NOT blocking. Blocking behavior can be obtained using the event returned by AirpcapGetReadEvent(). See also AirpcapSetMinToCopy().

◆ AirpcapSetDecryptionState()

bool AirpcapSetDecryptionState ( PAirpcapHandle  AdapterHandle,
AirpcapDecryptionState  Enable 
)

Turns on or off the decryption of the incoming frames with the adapter-specific keys.

Parameters
AdapterHandleHandle to the adapter.
EnableEither AIRPCAP_DECRYPTION_ON or AIRPCAP_DECRYPTION_OFF
Returns
true on success.

The adapter-specific decryption keys can be configured with the AirpcapSetDeviceKeys() function.

Note
By default, the driver is configured with AIRPCAP_DECRYPTION_ON.

◆ AirpcapSetDeviceChannel()

bool AirpcapSetDeviceChannel ( PAirpcapHandle  AdapterHandle,
unsigned  Channel 
)

Set the radio channel of a device.

Parameters
AdapterHandleHandle to the adapter.
Channelthe new channel to set.
Returns
true on success.

The list of available channels can be retrieved with AirpcapGetDeviceSupportedChannels(). The default channel setting is 6.

Note
this is a device-related function: when you change the channel from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapSetDeviceChannelEx()

bool AirpcapSetDeviceChannelEx ( PAirpcapHandle  AdapterHandle,
AirpcapChannelInfo  ChannelInfo 
)

Set the channel of a device through its radio frequency. In case of 802.11n enabled devices, it sets the extension channel, if used.

Parameters
AdapterHandleHandle to the adapter.
ChannelInfoThe new channel information to set.
Returns
true on success.
Note
this is a device-related function: when you change the channel from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapSetDeviceKeys()

bool AirpcapSetDeviceKeys ( PAirpcapHandle  AdapterHandle,
PAirpcapKeysCollection  KeysCollection 
)

Set the list of decryption keys that the driver is going to use with the specified device.

Parameters
AdapterHandleHandle an open adapter instance.
KeysCollectionPointer to a PAirpcapKeysCollection structure that contains the keys to be set in the driver.
Returns
true if the operation is successful. false otherwise.

The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.

This function allows to set the adapter-specific set of keys. These keys will be used by the specified adapter only, and will not be used by other airpcap devices besides the specified one.

At this time, the only supported decryption method is WEP.

The keys are applied to the packets in the same order they appear in the KeysCollection structure until the packet is correctly decrypted, therefore putting frequently used keys at the beginning of the structure improves performance.

Note
: when you change the set of keys from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapSetDriverDecryptionState()

bool AirpcapSetDriverDecryptionState ( PAirpcapHandle  AdapterHandle,
AirpcapDecryptionState  Enable 
)

Turns on or off the decryption of the incoming frames with the global driver set of keys.

Parameters
AdapterHandleHandle to the adapter.
EnableEither AIRPCAP_DECRYPTION_ON or AIRPCAP_DECRYPTION_OFF
Returns
true on success.

The global decryption keys can be configured with the AirpcapSetDriverKeys() function.

Note
By default, the driver is configured with AIRPCAP_DECRYPTION_ON.

◆ AirpcapSetDriverKeys()

bool AirpcapSetDriverKeys ( PAirpcapHandle  AdapterHandle,
PAirpcapKeysCollection  KeysCollection 
)

Set the global list of decryption keys that the driver is going to use with all the devices.

Parameters
AdapterHandleHandle an open adapter instance.
KeysCollectionPointer to a PAirpcapKeysCollection structure that contains the keys to be set in the driver.
Returns
true if the operation is successful. false otherwise.

The AirPcap driver is able to use a set of decryption keys to decrypt the traffic transmitted on a specific SSID. If one of the keys corresponds to the one the frame has been encrypted with, the driver will perform decryption and return the cleartext frames to the application.

This function allows to set the global driver set of keys. These keys will be used by all the adapters plugged in the machine.

At this time, the only supported decryption method is WEP.

The keys are applied to the packets in the same order they appear in the KeysCollection structure until the packet is correctly decrypted, therefore putting frequently used keys at the beginning of the structure improves performance.

Note
: when you change the set of keys from an open capture instance, the change will be immediately reflected on all the other capture instances.

◆ AirpcapSetFcsPresence()

bool AirpcapSetFcsPresence ( PAirpcapHandle  AdapterHandle,
bool  IsFcsPresent 
)

Configures the adapter on whether to include the MAC Frame Check Sequence in the captured packets.

Parameters
AdapterHandleHandle to the adapter.
IsFcsPresenttrue if the packets should include the FCS. false otherwise
Returns
true on success.

In the default configuration, the adapter includes the FCS in the captured packets. The MAC Frame Check Sequence is 4 bytes and is located at the end of the 802.11 packet, with both AIRPCAP_LT_802_11 and AIRPCAP_LT_802_11_PLUS_RADIO link types. When the FCS inclusion is turned on, and if the link type is AIRPCAP_LT_802_11_PLUS_RADIO, the radiotap header that precedes each frame has two additional fields at the end: Padding and FCS. These two fields are not present when FCS inclusion is off.

◆ AirpcapSetFcsValidation()

bool AirpcapSetFcsValidation ( PAirpcapHandle  AdapterHandle,
AirpcapValidationType  ValidationType 
)

Configures the adapter to accept or drop frames with an incorrect Frame Check sequence (FCS).

Parameters
AdapterHandleHandle to the adapter.
ValidationTypeThe type of validation the driver will perform. See the documentation of AirpcapValidationType for details.
Returns
true on success.
Note
By default, the driver is configured in AIRPCAP_VT_ACCEPT_EVERYTHING mode.

◆ AirpcapSetFilter()

bool AirpcapSetFilter ( PAirpcapHandle  AdapterHandle,
void *  Instructions,
unsigned  Len 
)

Set the BPF kernel filter for an adapter.

Parameters
AdapterHandleHandle to the adapter.
Instructionspointer to the first BPF instruction in the array. Corresponds to the bf_insns in a bpf_program structure (see the WinPcap documentation at https://www.winpcap.org/devel.htm).
LenNumber of instructions in the array pointed by the previous field. Corresponds to the bf_len in a bpf_program structure (see the WinPcap documentation at https://www.winpcap.org/devel.htm).
Returns
true on success.

The AirPcap driver is able to perform kernel-level filtering using the standard BPF pseudo-machine format. You can read the WinPcap documentation at https://www.winpcap.org/devel.htm for more details on the BPF filtering mechanism.

A filter can be automatically created by using the pcap_compile() function of the WinPcap API. This function converts a human readable text expression with the tcpdump/libpcap syntax into a BPF program. If your program doesn't link wpcap, but you need to generate the code for a particular filter, you can run WinDump with the -d or -dd or -ddd flags to obtain the pseudocode.

◆ AirpcapSetKernelBuffer()

bool AirpcapSetKernelBuffer ( PAirpcapHandle  AdapterHandle,
unsigned  BufferSize 
)

Set the size of the kernel packet buffer for this adapter.

Parameters
AdapterHandleHandle to the adapter.
BufferSizeNew size, in bytes.
Returns
true on success.

Every AirPcap open instance has an associated kernel buffer, whose default size is 1 Mbyte. This function can be used to change the size of this buffer, and can be called at any time. A bigger kernel buffer size decreases the risk of dropping packets during network bursts or when the application is busy, at the cost of higher kernel memory usage.

Note
don't use this function unless you know what you are doing. Due to caching issues and bigger non-paged memory consumption, bigger buffer sizes can decrease the capture performance instead of improving it.

◆ AirpcapSetLinkType()

bool AirpcapSetLinkType ( PAirpcapHandle  AdapterHandle,
AirpcapLinkType  NewLinkType 
)

Set the link type of an adapter.

Parameters
AdapterHandleHandle to the adapter.
NewLinkTypethe "link type", i.e. the format of the frames that will be received from the adapter.
Returns
true on success.

the "link type" determines how the driver will encode the packets captured from the network. Aircap supports two link types:

  • AIRPCAP_LT_802_11, to capture 802.11 frames (including control frames) without any power information. Look at the Capture_no_radio example application in the developer's pack for a reference on how to decode 802.11 frames with this link type.
  • AIRPCAP_LT_802_11_PLUS_RADIO, to capture 802.11 frames (including control frames) with a radiotap header that contains power and channel information. More information about the radiotap header can be found in the radiotap section. Moreover, the "Capture_radio" example application in the developer's pack can be used as a reference on how to decode 802.11 frames with radiotap headers.
  • AIRPCAP_LT_802_11_PLUS_PPI, to capture 802.11 frames (including control frames) with a Per Packet Information (PPI) header that contains per-packet meta information like channel and power information. More details on the PPI header can be found in the PPI online documentation (TODO).

◆ AirpcapSetMinToCopy()

bool AirpcapSetMinToCopy ( PAirpcapHandle  AdapterHandle,
unsigned  MinToCopy 
)

Set the mintocopy parameter for an open adapter.

Parameters
AdapterHandleHandle to the adapter.
MinToCopyis the mintocopy size in bytes.
Returns
true on success.

When the number of bytes in the kernel buffer changes from less than mintocopy bytes to greater than or equal to mintocopy bytes, the read event is signalled (see AirpcapGetReadEvent()). A high value for mintocopy results in poor responsiveness since the driver may signal the application "long" after the arrival of the packet. And a high value results in low CPU loading by minimizing the number of user/kernel context switches. A low MinToCopy results in good responsiveness since the driver will signal the application close to the arrival time of the packet. This has higher CPU loading over the first approach.

◆ AirpcapSetMonitorMode()

bool AirpcapSetMonitorMode ( PAirpcapHandle  AdapterHandle,
bool  MonitorModeEnabled 
)

Sets the monitor mode for the specified adapter.

Parameters
AdapterHandleHandle to the adapter.
MonitorModeEnabledIf true, the adapter will be put in monitor mode. If false, the adapter will be configured for normal operation.
Returns
true on success.

When monitor mode is on, the adapter captures all the packets transmitted on the channel. This includes:

  • unicast packets
  • multicast packets
  • broadcast packets
  • control and management packets

When monitor mode is off, the adapter has a filter on unicast packets to capture only the packets whose MAC destination address equals to the adapter's address. This means the following frames will be received:

  • unicast packets with the address of the adapter
  • multicast packets
  • broadcast packets
  • beacons and probe requests

The main reason to turn monitor mode off is that, when not in monitor mode, the adapter will acknowledge the data frames sent to its address. This is useful when the adapter needs to interact with other devices on the 802.11 network, because handling the ACKs in software is too slow.

Note
When an adapter is plugged into the system, it's always configured with monitor mode ON. The monitor mode configuration is not stored persistently, so if you want to turn monitor mode off, you will need to do it every time you open the adapter.

◆ AirpcapStoreCurConfigAsAdapterDefault()

bool AirpcapStoreCurConfigAsAdapterDefault ( PAirpcapHandle  AdapterHandle)

Saves the configuration of the specified adapter in the registry, so that it becomes the default for this adapter.

Parameters
AdapterHandleHandle to the adapter.
Returns
true on success. false on failure.

Almost all the AirPcap calls that modify the configuration (AirpcapSetLinkType(), AirpcapSetFcsPresence(), AirpcapSetFcsValidation(), AirpcapSetKernelBuffer(), AirpcapSetMinToCopy()) affect only the referenced AirPcap open instance. This means that if you do another AirpcapOpen() on the same adapter, the configuration changes will not be remembered, and the new adapter handle will have default configuration settings.

Exceptions to this rule are the AirpcapSetDeviceChannel() and AirpcapSetDeviceKeys() functions: a channel change is reflected on all the open instances, and remembered until the next call to AirpcapSetDeviceChannel(), until the adapter is unplugged, or until the machine is powered off. Same thing for the configuration of the WEP keys.

AirpcapStoreCurConfigAsAdapterDefault() stores the configuration of the give open instance as the default for the adapter: all the instances opened in the future will have the same configuration that this adapter currently has. The configuration is stored in the registry, therefore it is remembered even when the adapter is unplugged or the machine is turned off. However, an adapter doesn't bring its configuration with it from machine to machine.

the configuration information saved in the registry includes the following parameters:

  • channel
  • kernel buffer size
  • mintocopy
  • link type
  • CRC presence
  • Encryption keys
  • Encryption Enabled/Disabled state

The configuration is adapter-specific. This means that changing the configuration of an adapter doesn't modify the one of the other adapters that are currently used or that will be used in the future.

Note
AirpcapStoreCurConfigAsAdapterDefault() must have exclusive access to the adapter – it will fail if more than one AirPcap handle is opened at the same time for this adapter. AirpcapStoreCurConfigAsAdapterDefault() needs administrator privileges. It will fail if the calling user is not a local machine administrator.

◆ AirpcapTurnLedOff()

bool AirpcapTurnLedOff ( PAirpcapHandle  AdapterHandle,
unsigned  LedNumber 
)

Turn off one of the adapter's LEDs.

Parameters
AdapterHandleHandle to the adapter.
LedNumberzero-based identifier of the LED to turn off.
Returns
true on success.

◆ AirpcapTurnLedOn()

bool AirpcapTurnLedOn ( PAirpcapHandle  AdapterHandle,
unsigned  LedNumber 
)

Turn on one of the adapter's LEDs.

Parameters
AdapterHandleHandle to the adapter.
LedNumberzero-based identifier of the LED to turn on.
Returns
true on success.

◆ AirpcapWrite()

bool AirpcapWrite ( PAirpcapHandle  AdapterHandle,
char *  TxPacket,
uint32_t  PacketLen 
)

Transmits a packet.

Parameters
AdapterHandleHandle to the adapter.
TxPacketPointer to a buffer that contains the packet to be transmitted.
PacketLenLength of the buffer pointed by the TxPacket argument, in bytes.
Returns
true on success.

The packet will be transmitted on the channel the device is currently set. To change the device adapter, use the AirpcapSetDeviceChannel() function.

If the linktype of the adapter is AIRPCAP_LT_802_11, the buffer pointed by TxPacket should contain just the 802.11 packet, without additional information. The packet will be transmitted at 1Mbps.

If the linktype of the adapter is AIRPCAP_LT_802_11_PLUS_RADIO, the buffer pointed by TxPacket should contain a radiotap header followed by the 802.11 packet. AirpcapWrite will use the rate information in the radiotap header when transmitting the packet.

Variable Documentation

◆ ExtChannel

int8_t _AirpcapChannelInfo::ExtChannel

802.11n specific. Offset of the extension channel in case of 40MHz channels.

Possible values are -1, 0 +1:

  • -1 means that the extension channel should be below the control channel (e.g. Control = 5 and Extension = 1)
  • 0 means that no extension channel should be used (20MHz channels or legacy mode)
  • +1 means that the extension channel should be above the control channel (e.g. Control = 1 and Extension = 5)

In case of 802.11a/b/g channels (802.11n legacy mode), this field should be set to 0.