Wifi Sniffer for Windows 10 on 802.11 networks
Table of Contents
Wifi Sniffer (802.11) for Windows 10.
Need a wifi sniffer for Windows 10? Acrylic WiFi Sniffer is Tarlogic latest software aimed to analyze and capture WiFi communications, and evaluate WiFi security. It supports several USB WiFi adapters allowing to monitor the most modern WiFi networks following WiFi6 / WiFi 802.11ac and 802.11ax standards.
These are the challenges to build a wifi sniffer:
- WiFi monitor mode in Windows: WiFi cards are designed to work as clients, i.e. connect to WiFi access points. In order to capture WiFi traffic, it is necessary to enable a feature called “monitor mode”, which is not available by default on Windows systems.
- WiFi card compatibility: Each WiFi card manufacturer integrates different chipsets into its WiFi cards, which means that there is a huge variety of devices. Supporting a large number of cards that are compatible with a wifi sniffer makes it easier to purchase hardware by expanding the range of available options.
- Channel width: First WiFi networks worked only on a 20Mhz channel width. Modern ones work with 40Mhz, 80Mhz and up to 160Mhz channel widths for greater speed. A WiFi sniffer should be able to capture traffic in these environments.
- Integration with other tools: Capturing WiFi traffic in Windows with Wireshark is one of the main requirements of advanced users.
How does the Acrylic wifi Sniffer work?
For all the above mentioned reasons, the challenge of a wifi sniffer for Windows 10 is to have a system that allows capturing WiFi traffic and communications by having a wide range of WiFi cards compatible with monitor mode in Windows, such as Alfa Network AWUS1900.
Years ago, Riverbed manufactured a device called Airpcap that allowed WiFi capture natively on Windows for 802.11a/b/g/n standards. The cost of these cards was very high, at about $700, and they were discontinued, so it is no longer possible to acquire them on the market.
After months of work, we have added support for multiple WiFi cards to natively capture WiFi traffic in Windows.
Thanks to this, we provide integration with different programs to capture WiFi communications in monitor mode:
- Acrylic WiFi Professional: WiFi analysis and diagnostic tool.
- Acrylic WiFi Heatmaps: For design, coverage analysis and WiFi performance.
- Acrylic WiFi Lea: WiFi intelligence tool designed for law enforcement.
- Wireshark: Of course, we can now use the latest version of Wireshark to capture WiFi on Windows, including 802.11ac standard.
After installing Acrylic wifi Sniffer, all WiFi adapters supporting the capture of WiFi traffic in monitor mode will be shown. It will also allow capturing WiFi packets in Wireshark, as long as it is installed in the system, after deploying the integration module.
Currently, four data capture mechanisms are supported by Acrylic WiFi Sniffer:
Data capture in Acrylic WiFi Sniffer
- NDIS: Acrylic wifi Sniffer integrates with Tarlogic NDIS driver which supports monitor mode with several WiFi adapters. However, it has limitations depending on how well each card manufacturer supports Microsoft NDIS layer. It only supports 20Mhz channel width. This is enough to see all signaling packets and part of the WiFi traffic.
- Chipsets RTL8814 and RTL8812: These are one of the latest chipsets that support 802.11ac, being able to capture all WiFi packets from a 20 Mhz channel width all the way to 160 Mhz.
It is not necessary to run Acrylic wifi Sniffer Control application in order to capture in monitor mode using any of the Acrylic WiFi tools or Wireshark.
If you use Acrylic wifi Sniffer together with Acrylic WiFi Analyzer, you can see all network and device information at a glance and even use the integrated wifi sniffer module that has a Wireshark style packet viewer, exclusively designed to display and analyze Wi-Fi frames.
If you use Wireshark instead, you can select the WiFi interface, the channel/frequency, and channel width options:
Why do you need a wifi sniffer?
The tasks may be varied: from diagnosis of performance and operation of a WiFi network, to analyze the security configuration (WPA2, WPA3, eapol frames ..), as well as to detect and list all WiFi devices within a specific area.
List of WiFi cards in monitor mode for Windows
Acrylic WiFi Sniffer supports many WiFi cards for Windows and will continue to support more in the future, so it is best to periodically check our compatibility list on Acrylic Wi-Fi website.
Our recommendation is to use the new ALFA Network AWUS1900 card. This is one of the most popular WiFi adapters on Linux to perform WiFi security audits and capturing WiFi traffic for diagnosis because it supports monitor mode.
Injecting WiFi traffic into Windows and other tools
We have been asked to support tools like reaver and airodump in Windows and we are working on it. Follow us on Twitter https://twitter.com/AcrylicWiFi and soon you will have news.
This article is part of a series of articles about how to capture and sniff wifi traffic on Windows
- WiFi Network Traffic Viewer
- How to capture WiFi traffic using Wireshark on Windows
- Hidden wifi ssid: How to know the name of a wireless network with no SSID
- Wifi Sniffer for Windows 10 on 802.11 networks