The WiFi Framework includes the wclWiFiSniffer class that allows your application to capture raw WiFi frames.

How it works

The WiFi Sniffer switches your WiFi adapter to the Monitor Mode that enables to "listen" the air for all WiFi data trasferred betwing WiFi enabled devices.

The Monitor mode allows a computer with a wireless network interface controller to monitor all traffic received from the wireless network. It allows packets to be captured without having to associate with an access point or ad hoc network first.

The wireless adapter is unable to transmit while in monitor mode and is restricted to a single wireless channel. But the WiFi Framework allows to change the current RF channel so application can switch channels to capture traffic from all available channels. Also, in monitor mode the adapter does not check to see if the CRC values are correct for packets captured, so some captured packets may be corrupted.


To capture WiFi Frames in Monitor Mode the WiFi Framework requires that the Microsoft Network Monitor is installed on your system. It is required that the application that captures WiFi frames is compiled for the same processor architecture (x86 or x64) as the Microsoft Network Monitor installded. By the other words: if you run Windows 64 bit you must install Network Monitor 64 bit and your application must also be 64 bit.

WiFi Sniffer Requires

Current version does not include any WiFi parsers. However you can find very good description of the WiFi packet format by this link.

WiFi Sniffer Demo Application

The WiFi Framework package includes the WiFiSniffer sample application that shows how to use the wclWiFiSniffer class to capture raw WiFi frames.