On Jan 1, 2016, at 8:47 AM, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
> Also, I don't know how fast Wireshark can make changes about this monitor support, But I came up with another workaround for now. It is letting Npcap provide some kind of control panel for users. There's a switch in this panel that controls the wifi adapter's monitor mode. So I guess under this condition Wireshark is not necessary to know anything about the monitor mode? This is kind of like Airpcap, I saw it also provides such a panel and supports Wireshark. Is this viable?
It's not what we want in the long term, but it's similar to what's done on a number of Linux distributions.
libpcap has code to implement monitor mode on Linux, but it doesn't work very well unless libpcap is built with libnl, and most distributions don't do that because of problems with libnl having three incompatible major versions and distributions shipping with both versions 1 and 3 - if an application is linked with one version, and is also linked with a libpcap that's linked with another version, the application fails.
Therefore, for now, you usually have to use airmon-ng from airpcap-ng to add a monitor-mode vif, and capture on that.
So a temporary workaround in which there's a separate way to turn on monitor mode would be OK.
