Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: npcap filter bug

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Sat, 9 Jan 2016 23:36:02 +0800
Hi Darrell,

First, thanks for the report. I'm sorry that I didn't reproduce this error.

My environment:
Npcap 0.05-r4, Wireshark 2.0.1, Windows 10 TH2 10586.
Capture filter: "port 443"
Adapter: Atheros AR 9485 Wireless Network Adapter


Here's my result (the pic), it shows that I can see both traffic from and
to remote 443.

[image: Inline image 1]

So I guess the only difference between us is the adapter. Theoretically
this shouldn't make any difference. So can you try it on a different
computer or a different adapter (like your LAN adapter)? or provide me
access to your malfunctioned machine? Thanks.


Cheers,
Yang

On Sat, Jan 9, 2016 at 3:06 AM, Darrell Enns <darrell () darrellenns com>
wrote:


There seems to be an issue in npcap and certain capture filters. When I
use a capture filter like "port 443", I only get half of the conversation.
Packets from the remote port 443 to local random port are captured, but
packets from local random port to remote 443 are not captured. This was
using npcap 0.05-r4 and Wireshark 2.0.1 on Windows 10. The network
interface is an Intel 82579V. If I just switch to winpcap (no other
changes), it correctly captures both sides of the conversation.

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: