Hi list,
I just released Npcap 0.07 R4:
This version Npcap already supports monitor mode setting using Wireshark GUI or command line.
1) For GUI, if you check the "Capture packets in monitor mode" option in "Edit Interface Settings", your adapter will turn into monitor mode immediately.
2) For CLI, run "dumpcap" command with -I option, your adapter will turn into monitor mode right before capturing.
And I have several questions:
1) In "Edit Interface Settings", if I check "Capture packets in monitor mode" option, my adapter will turn into monitor mode immediately. But if I uncheck it again, my adapter won't come back to managed mode. I think the right behavior is the mode should be changed back to managed mode if the user uncheck the option.
2) After I check "Capture packets in monitor mode" option, the "Mon. Mode" column in "Capture Options" won't change from "disabled" to "enabled". This behavior is weird.
3) libpcap API (wpcap.dll) doesn't export a pcap_get_rfmon function, which means Wireshark can't get the current operation mode in any way. Maybe before starting Wireshark, the adapter is already in monitor mode (like setting it using WlanHelper), the "Capture packets in monitor mode" option in "Edit Interface Settings" won't reflect this initial state. because Wireshark can't obtain the current operation mode.
4) Wireshark does nothing after capturing with "Capture packets in monitor mode" option checked. I think Wireshark should be responsible to change the mode back to managed when the capture ends, if it changed the mode to monitor when capture starts.
Any suggestions? Thanks!
Cheers,
Yang
