Ar9271 Windows 10 Driver

0 views
Skip to first unread message

Elwanda Menhennett

unread,
Aug 3, 2024, 5:10:51 PM8/3/24
to tonimila

I'm running Wireshark on my wpa2 wifi network on windows. I'm using an alfa that IS capable of promiscuous and monitor mode. When capturing, I only see local traffic (to and from my PC) and broadcast traffic (Destination ip: 255.255.255.255, as well as arp requests, DHCP, multicast packets). I am in promiscuous mode, but still nothing. Why isn't this working? I have tried setting up decryption, but that didn't work either. I've tried multiple network adapter, all 802.11 channels, and even monitor mode (which automatically unchecks itself). Any ideas are greatly appreciated.

It's advertised as an adapter for promiscuous, monitor (rfmon), and packet injection. It is the highest recommended card I could find, and reviews are all great. It is an Alfa Awus036nha if you want to see if you can find any additional info. Thanks

Alfa's page for the AWUS036NHA says the chipset is the Atheros AR9271. The AR 9271 data sheet has a PROMISCUOUS bit in the receive filter register, described as "Promiscuous receive enable; Enable reception of all frames, including errors", which sounds like monitor mode.

Note When the miniport driver is in Native 802.11 modes other than NetMon, and OID_GEN_CURRENT_PACKET_FILTER is set, the driver must not fail the set request if any promiscuous or raw filter settings are enabled in the OID data.

So they're saying both "the driver must allow NDIS_PACKET_TYPE_PROMISCUOUS to be set in modes other than NetMon mode" and "NDIS_PACKET_TYPE_PROMISCUOUS is only valid in NetMon and AP modes". I have some vague memory that the first of those used to say "must fail the request" rather than "must not fail the request", which would be more consistent with the second of those.

So it may be that promiscuous mode, in the NDIS_PACKET_TYPE_PROMISCUOUS sense, doesn't work on 802.11 adapters unless you're in monitor mode. That's the mode that's used by WinPcap and Npcap if a caller turns on "promiscuous mode" (it's the correct mode to use for Ethernet adapters), so turning on "promiscuous mode" in sniffers using libpcap/WinPcap/Npcap, such as Wireshark, may not work for 802.11 adapters.

Now why monitor mode isn't working is another matter. WinPcap doesn't support monitor mode; if you have WinPcap installed, un-install it, and install Npcap. This wiki page says it may or may not work, depending on the Windows version and the driver. (I think there's an error with the "Firmware/Driver version" and "Windows version" columns, where some of the items have the values swapped - including the Alfa item.)

First off, thank you for your answer. I guess you can't sniff wirelessly on windows. After some research, I finally found an answer. Sort of. Running Wireshark with admin privileges lets me turn on monitor mode. The problem now is, when I go start the capture, I get no packets. So, doing what Wireshark says, I went to turn off promiscuous mode, and then I get a blue screen of death. Every time. "What failed: athurx.sys" which is for the Alfa card. I guess it's just not compatible on windows.

I cannot use adapter TP-Link wn722n on lubuntu 20.04 on laptop. I tried to install drivers for github but nothing works. Kernel version is 5.15.0-56. Please can you give me more information and suggestions what can i try to do, to fix this problem. Meanwhile i also cannot use wifi which is integrated on my laptop. Activation is on F12 button. When i activate it's still writes, wifi disabled. Also when i type sudo rfkill list, it shows that it's hard blocked. Also to mention,all these things (integrated wifi and adapter TP-link) works normally on windows OS.Thanks in advance.

c80f0f1006
Reply all
Reply to author
Forward
0 new messages