UPDATED: 05/28/2019
HOLD THE PRESSES!!! So, as of Wireshark 3.0, you can do RF Monitor mode captures in Windows using inexpensive NICs. Specifically, the Netgear A6210. Here’s write up on how to set this up, but nothing special is required other than Wireshark 3.0, or newer, and a supported NIC (Netgear A6210).
So, of course, this comes with some caveats. The main one is that this does not support channel information. So, while you CAN set the channel you want to capture on, there will be no data in the capture confirming you are indeed on that channel.
WiFiXax has a blog post on howe to do it.
You can go ahead and read the rest of this post, but at this point, why would you? ¯\_(ツ)_/¯
In Windows, you cannot effectively analyze wireless frames, because you are unable to put the wireless NIC in "RF Monitor Mode" - that is the mode in which the wireless NIC can see ALL 802.11 frames in the air, not just ones intended for itself.
Historically, it's been an expensive proposition. There are some great tools out there like OmniPeek (which I use), the gold standard for Windows packet analysis. And for years, AirPcap Nx was the main NIC folks used for pcap'ing WLANs with Wireshark. Unfortunately, both options are pricey. And the AirPcap NX is no longer manufactured. You’d be lucky to find a used one on eBay. Linux and MacOS have been the only ways to cheaply get access to RF Monitor mode without spendy software and hardware, like Omnipeek and the AirPcap Nx.
But, not everyone uses Linux, or Mac OS. Fortunately, and fairly recently, there are more and more ways to get RF Monitor mode in Windows. Here are some relatively inexpensive options (NOT an exhaustive list) to perform an RF Monitor Mode wireless packet capture in Windows using relatively inexpensive hardware.
Acrylic Wi-Fi Pro ($45)
TamoSoft CommView ($499 US) (Thanks @pj_teeter!)
MetaGeek Eye P.A. now supports native Windows Monitor Mode! - (List of supported NICs) ($800.00 US) Also, will soon have support for WLAN-Pi!
OmniPeek ($2k +)
@WiFiNigel shows how to use a WLANPi as an external packet capture device for Windows ($75 US). WLANPi can be purchased here.
OR, you could just get a Mac and do it natively. 😉
Lastly, if you have access to an Ekahau Sidekick, and you have an Ekahau Connect account, you can use the Sidekick to perform offline packet captures, and you can even have each NIC capture on a difference channel! Cool!
* If anyone has additional relatively inexpensive options for this list please DM me @HeyEddie.
"relatively inexpensive"
def.
I don't know. Less than a grand? Less than $500? Please don't get all pedantic on me. 😉