WiFi Framework includes the wclWiFiSniffer class that allows your application to capture raw WiFi frames.

How it works

The WiFi Sniffer switches your WiFi adapter to the Monitor Mode that enables to "listen" the air for all WiFi data trasferred betwing WiFi enabled devices.

The Monitor mode allows a computer with a wireless network interface controller to monitor all traffic received from the wireless network. It allows packets to be captured without having to associate with an access point or ad hoc network first.

The wireless adapter is unable to transmit while in monitor mode and is restricted to a single wireless channel. But the WiFi Framework allows to change the current RF channel so application can switch channels to capture traffic from all available channels. Also, in monitor mode the adapter does not check to see if the CRC values are correct for packets captured, so some captured packets may be corrupted.

Pre-requirements

To capture WiFi Frames in Monitor Mode WiFi Framework requires that the Microsoft Network Monitor is installed on your system. It is required that the application that captures WiFi frames is compiled for the same processor architecture (x86 or x64) as the Microsoft Network Monitor installded. By the other words: if you run Windows 64 bit you must install Network Monitor 64 bit and your application must also be 64 bit.

WiFi Sniffer Requires
  • Microsoft Network Monitor 32 bits (for 32 bits OS)
  • Microsoft Network Monitor 64 bits (for 64 bits OS)
  • WiFi Adapter that supports Monitor Mode

Current version does not include any WiFi parsers. However you can find very good description of the WiFi packet format by the link below.

Demo Applications

The WiFi Framework package includes the WiFiSniffer sample application that shows how to use the wclWiFiSniffer class to capture raw WiFi frames.

Additional Resources