Wi-Fi Sniffer The Wi-Fi sniffer is the software that listens to and captures the raw data exchange between Wi-Fi-enabled devices. It can capture the raw data packets that devices send to each other, to the access point, and receive from the access point. It also can capture the access point service data and much more Wi-Fi communication details. The sniffer is useful when you need to check the Wi-Fi communication or analyze protocols.

The Wi-Fi Framework includes the wclWiFiSniffer class that allows your application to implement the Wi-Fi sniffer functionality and to provide this feature to your application users. The Wi-Fi sniffer feature of the Wi-Fi Framework also allows you to implement some "hidden" communication between, let's say, your IoT device and PC because the sniffer can capture the Wi-Fi service packages.

How it works

The Wi-Fi sniffer feature requires that your Wi-Fi adapter supports the monitoring mode. The monitor mode allows a computer with a wireless network interface controller to monitor all traffic received from the wireless network. It allows packets to be captured without having to associate with an access point or ad hoc network first. Not all Wi-Fi adapters support this feature; however, the Wi-Fi Framework provides methods to check if your adapter supports the required feature.

While in monitoring mode, the wireless adapter is unable to transmit and is restricted to a single wireless channel. But the Wi-Fi Framework allows changing the current RF channel so an application can switch channels to capture traffic from all available channels. Also, in monitor mode the adapter does not check to see if the CRC values are correct for packets captured, so some captured packets may be corrupted.

The Wi-Fi Framework can decode some Wi-Fi packets and provide detailed information about captured data. However, not all captured packets can be decoded, and if the received packet cannot be decoded, then it is passed to an application as a raw byte stream so your application can decode it by itself. If you need to expand the list of known Wi-Fi packets, please contact us, and we will try to add the required decoding feature.

PREREQUISITES

To capture Wi-Fi frames in monitor mode, the Wi-Fi Framework requires that the Microsoft Network Monitor is installed on your system. It is required that the application that captures Wi-Fi frames is compiled for the same processor architecture (x86 or x64) as the Microsoft Network Monitor installed. In other words, if you run Windows 64-bit, you must install Network Monitor 64-bit, and your application must also be 64-bit.

Wi-Fi Sniffer Requires
  • The Microsoft Network Monitor 32-bits (for 32-bits OS)
  • The Microsoft Network Monitor 64-bits (for 64-bits OS)
  • A Wi-Fi adapter with monitor mode support