winpcap和airpcap

winpcap只能抓取Ethernet包，不能抓取无线的包。请看： http://www.winpcap.org/misc/faq.htm#Q-16

Q16Which network adapters are supported by WinPcap?

A: The WinPcap device driver was developed to work primarily with Ethernet (10/100/1000) adapters. Support for other MACs was added during the development, but Ethernet remains the most tested one. 
The overall situation is:

• Windows 95/98/ME: the packet driver works ok on Ethernet networks. It works also on PPP WAN links, but with some limitations (for example it is not able to capture the LCP and NCP packets). FDDI, ARCNET, ATM and Token Ring should be supported, however we did not test them because we do not have the hardware.
• Windows NT4/2000/XP/2003/Vista/2008/Win7/2008R2: the packet driver works ok on Ethernet networks. As for dial-up adapters and VPN connections, read Q5 and Q6.  As in Win9x,  FDDI, ARCNET, ATM and Token Ring are supported, but not tested by us.
• Wireless adapters: these adapters may present problems, because they are not properly supported by the Windows Kernel. Some of them are not detected, other don't support promiscuous mode. In the best case, WinPcap is able to see an Ethernet emulation and not the real transiting packets: this means that the 802.11 frames are transformed into fake Ethernet frames before being captured, and that control frames are not received. 
  
  For real wireless capture, CACE Technologies offers the AirPcap adapter, specifically designed to sniff 802.11 traffic, including control frames, management frames and power information. AirPcap at this time is the only solution for capturing raw 802.11 traffic with WinPcap. More details can be found on the AirPcap product page.

AirpCap可以抓取无线的数据包，请看： http://baike.baidu.com/view/2830482.htm
AirPcap系列产品是由美国CACE公司设计一种专门用于无线网络分析的工具，主要应用于windows平台。它以硬件形式发布（分USB，Cardbus1,Minicard几种），和开放源码的WireShark（以前叫Ethereal，是和Sniffer齐名的嗅探器，但现在sniffer已转为商用。WireShark具备优异的底层协议分析能力，超过了Sniffer）配合,提供广泛的802.11WLAN解决方案。

还是用wireShark来分析数据包吧！最强大，且免费!