Nmap Development mailing list archives
Re: [Bulk] Use of npcap in automation system
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Tue, 6 Oct 2015 01:03:25 +0800
Hi Ferreira, First allow me to paste PCAP_OPENFLAG_NOCAPTURE_LOCAL's description here from winpcap's source: /*! \brief Defines if the local adapter will capture its own generated traffic. This flag tells the underlying capture driver to drop the packets that were sent by itself. This is usefult when building applications like bridges, that should ignore the traffic they just sent. */ #define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8 I have tested the *WinPcap 4.1.3*'s PCAP_OPENFLAG_NOCAPTURE_LOCAL flag of *pcap_open* against my* Win 8.1 x64 VM* and *Win10 RTM x64 VM*. Both conditions work as expected (I mean the packet sender will not receive his sent packets), other WinPcap's clients (like Wireshark) will still see the sent packets, which is also expected according to the explanation above. So I can't reproduce the failure you mentioned, could you provide a sample? For another thing, AFAIK, NDIS 6 is available since Vista, 6.2 for Win7, 6.3 for Win8 ( https://msdn.microsoft.com/en-us/library/windows/hardware/ff567893(v=vs.85).aspx). And there isn't quite much difference of NDIS between Win7 and Win8. /* disable loopback capture if requested */ if(flags & PCAP_OPENFLAG_NOCAPTURE_LOCAL) { if(!PacketSetLoopbackBehavior(fp->adapter, NPF_DISABLE_LOOPBACK)) { snprintf(errbuf, PCAP_ERRBUF_SIZE, "Unable to disable the capture of loopback packets."); pcap_close(fp); return NULL; } } And what Gisle said is iterally right, because PCAP_OPENFLAG_NOCAPTURE_LOCAL flag is just implemented by PacketSetLoopbackBehavior (adapter, 1), so these two ways are totally identical. pcap_open() is not standard API but I don't think this is your problem. Cheers, Yang On Mon, Oct 5, 2015 at 4:46 PM, Gisle Vanem <gvanem () yahoo no> wrote:
Nuno Antonio Dias Ferreira wrote: I am software developer of automation systems. Last year I develop anapplication to allow network redundancy where I was using WinPcap 4.1.3, that application is running well in Windows XP and Windows 7 but is not working in Windows ( and above because of changes in NDIS 6. In my application I am opening Pcap handler with the flag PCAP_OPENFLAG_NOCAPTURE_LOCAL and that’s the reason why I can’t use my app in Windows 8. Can you tell me if your pcap has this feature implemented?The flag PCAP_OPENFLAG_NOCAPTURE_LOCAL is AFAICS a parameter to 'pcap_open()' which is not present in standard libpcap (unless the REMOTE-stuff is added). But the same feature can be enabled using: PacketSetLoopbackBehavior (adapter, 1); Works fine under Win 8.1. -- --gv _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Use of npcap in automation system Nuno Antonio Dias Ferreira (Oct 04)
- Re: [Bulk] Use of npcap in automation system Gisle Vanem (Oct 05)
- Re: [Bulk] Use of npcap in automation system 食肉大灰兔V5 (Oct 05)
- Message not available
- Re: [Bulk] Use of npcap in automation system 食肉大灰兔V5 (Oct 07)
- Re: [Bulk] Use of npcap in automation system 食肉大灰兔V5 (Oct 05)
- Re: [Bulk] Use of npcap in automation system Gisle Vanem (Oct 05)