Don’t worry, you won’t need to read the full post to know the answer: the NetGear WiFi adapter is not an alternative to AirPcap. At least, not for Windows 10… If you want to know why, then yes: keep reading! 🙂
Many PCs NICs are not suitable to capture WiFi packets, because they are not compatible with monitor mode.
AirPcap is a WiFi adapter able to capture 802.11 packets when using with Wireshark. This is, it’s able to capture packets in monitor mode from an specific WiFi channel.
However, there are 2 main disadvantages to use it:
- There is no driver for Windows 10 or Linux
- It costs a few hundres of dollars (yep!)
Having 2 PCs with Windows 10 and NICs that don’t support monitor mode, it would be an incovenient to downgrade them and then buy this expensive solution, so we looked for alternatives…
The approach to solve it
Acrylic is a propietary alternative to Wireshark that also allows capturing WiFi packets in monitor mode when having the appropriate hardware. According to their website, the NetGear A6200 WiFi Adapter is able to do this and it’s a cheaper alternative.
Also, as explained here, by installing their driver and using the NetGear adapter, you can capture in monitor mode using Wireshark, which sounds like an awesome solution, doesn’t it?
However, when we tried the previous tutorial, also explained in the Acrylic website, we found some issues…
Using NetGear WiFi Adapter in Windows 10 with Wireshark
First, the adapter per se works fine on Windows 10, although some functions like the WPS connection to the AP fails:
However, when doing it manually (entering the WiFi password), we get it to work:
The WiFi 2 interface is the one created by the NetGear dongle (the PC’s NIC is named simply “WiFi”).
Then, we run Wireshark as an Administrator and we start seeing the AP disconnecting and connecting to our PC, all the time. Also, Wireshark gets frozen… but, with lots of patient, we carry on with the experiment and wait for Wireshark to show what we wanted:
so at first sight: yay! WiFi 2 interface is working in monitor mode (although Wireshark keeps getting frozen same as the connection to the AP).
Then, we try the WPS functionality between the AP and the NetGear Adapter (we also tried between the AP and the PC and the AP and another PC in the network, but we didn’t capture anything…) and, as before, this fails, but at least we got something:
so yeah, it shows how it fails and the interesting thing to do would be capturing the WPS handshake process between the AP and another device without loosing the connection or having Wireshark frozen…
In addition, we didn’t find a way to select the channel we want to sniff from (something possible with the AirPcap Control Panel).
Therefore, this does not look like a good/effective/easy/clear solution, but we give the adapter another opportunity…
Using NetGear WiFi Adapter in Windows 10 with Acrylic
When using Acrylic, things go smoother and faster BUT we are not able to discern the WPS packets (it doesn’t show the WiFi protocol and we didn’t find a proper filter to apply), so we have to guess the following is the WPS handshaking process:
However, it’s not really accurate, as it could be something else. Therefore, this alternative is also discarded 🙁
BUT we didn’t stop here…
Using NetGear WiFi Adapter in Ubuntu with Wireshark
We installed Ubuntu 16.04.3 LTS in a bootable USB and install Wireshark (which it’s different from the Windows one as the interfaces shown are USB, SSH…and of course, only promiscuos mode available because the hardware without NetGear is the same).
Installing a driver for AirPcap in Ubuntu or any Linux distribution seems to be a master degree, so we didn’t fight too much with it. So we installed the NetGear Adapter driver by following the commands listed here:
$ git clone https://github.com/jurobystricky/Netgear-A6210
$ cd Netgear-A6210
$ sudo make install
Of course, that wasn’t enough so, investigating a bit more, we found some more resources and we manage the system to detect the adapter:
but then, we didn’t find a way to enable the interface and it doesn’t show in the list of network interfaces neither 🙁
From this research, in addition to learn a lot of interesting stuff, we came to the following conclusions:
- NetGear WiFi A6210 doesn’t look like the perfect replacement of AirPcap, at least when using it in Windows 10 nowadays (maybe some update in the system would make it?)
- We will install a Windows Server 2012 Virtual Machine (because we already tried AirPcap dongle there and it worked) and see if the NetGear adapter also works
- If you know a solution for any of the 3 ways we tried it, we would be really grateful 😀
We hope you enjoyed this post and solve any doubts you may had in this regards. We’ll keep you informed when we make some progress, because we won’t give up any soon! 😉