This is our old Q&A Site. Please post any new questions and answers at

I use a Netgear A6210 USB adapter to do WiFi captures. Savvius OmniPeek has a driver to put it into promiscuous mode and it works well. It supports 802.11ac. Is there a way that Wireshark could be set up to support this adapter?

Here's a link to show the adapter on Amazon (which is where Savvius tells you to go to buy it). I'm at Sharkfest 2016 right now and will be for the rest of the week - I'm Ron Fox.

asked 13 Jun '16, 11:00

RonF's gravatar image

accept rate: 0%

Linux might work. Do you require windows?

(13 Jun '16, 12:42) Bob Jones

Looks like I spoke too soon. I have several of these for use with OmniPeek and they enumerate on Linux as:

/home/admin# lsusb Bus 002 Device 005: ID 0846:9053 NetGear, Inc.

This link ( says MediaTek has a driver, but there is none for my Kali Rolling install with kernel 4.4.0-kali1-amd64 built-in.

It's not worth the effort for me to go get some driver and compile, but you could try. On Windows, did you try npcap? That has never worked for me, but others have had success.

(13 Jun '16, 13:55) Bob Jones

I'd prefer Windows. I'm working in a corporate environment where all the PC's have Windows on them. I could possibly get them to give me a dedicated laptop to use that I could convert over to Linux. I'm at Sharkfest and the development team have suggested I give npcap I try, which I plan to do as soon as I get back from this and have a chance to put it up on my secondary laptop.

If I WERE to put this up on Linux, what release/version of Linux should I use?

(15 Jun '16, 09:15) RonF

Why not use the OmniPeek software? It works on Windows and Savvius (the company who develops AND SUPPORTS the OmniPeek software) provides the drivers for Windows.

As a user of OmniPeek, I prefer to use it rather than Wireshark to capture WiFi. However, I still use Wireshark for some post analysis.

(15 Jun '16, 12:35) Amato_C

Hi Ron,

you can eventually give a try to Npcap that is a fork of WinPcap using NDIS6.0 and that can capture WiFi packets depending on the drivers used.

permanent link

answered 13 Jun '16, 15:49

Pascal%20Quantin's gravatar image

Pascal Quantin
accept rate: 30%

Please use Npcap (together with Wireshark):

Npcap has a feature called "Raw 802.11 Packet Capture": Npcap is able to see 802.11 packets instead of fake Ethernet packets on ordinary wireless adapters. You need to select the "Support raw 802.11 traffic (and monitor mode) for wireless adapters" option in the installation wizard to enable this feature.

  1. When your adapter is in Monitor Mode, Npcap will supply all 802.11 data + control + management packets with radiotap headers.

  2. When your adapter is in Managed Mode, Npcap will only supply 802.11 data packets with radiotap headers.

Moreover, Npcap provides the WlanHelper.exe tool to help you switch to Monitor Mode on Windows. See more details about this feature in section "For software that use Npcap raw 802.11 feature" in the docs. See more details about radiotap here:

permanent link

answered 15 Jun '16, 06:48

Yang%20Luo's gravatar image

Yang Luo
accept rate: 4%

I'm going to try this. I have a question; how do I install this with Wireshark? Do I simply install Wireshark, decline when it asks me if I want to install winpcap and then install this driver after I'm done? Or should I install this driver first?

(20 Jun '16, 16:05) RonF

You can install Npcap driver first or later, the order doesn't matter. But when you install Wireshark first, you need to make sure you doesn't install WinPcap.

(20 Jun '16, 17:00) Yang Luo

Hm. So I installed npcap 0.07 r17 and then installed Wireshark 2.0.4. I enabled "Raw 802.11 Packet Capture" but not the WinAPI compatibility mode. When I brought up Wireshark I told it to NOT install WinPcap. Upon actually starting the software it told me "Unable to load WinPcap (wpcap.dll); yuou will not be able to capture packets." I'm going to uninstall npcap and reinstall it using the WinAPI compatible mode to see if that works.

(22 Jun '16, 13:06) RonF

Wireshark 2.0.4 does not support Npcap installed without WinPcap compatibility mode. Only the very latest 2.1.1 development builds can.

(22 Jun '16, 13:40) Pascal Quantin

Just as Pascal said, please download the latest 2.1.1 Wireshark here:

Or you can add "C:\Windows\System32\Npcap" manually to your PATH, then re-login or reboot. Then you can use a stable version Wireshark too.

(22 Jun '16, 17:31) Yang Luo
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:


question asked: 13 Jun '16, 11:00

question was seen: 11,733 times

last updated: 06 Oct '17, 11:19

p​o​w​e​r​e​d by O​S​Q​A