Nmap Development mailing list archives
Re: npcap filter bug
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Sat, 9 Jan 2016 23:36:02 +0800
Hi Darrell, First, thanks for the report. I'm sorry that I didn't reproduce this error. My environment: Npcap 0.05-r4, Wireshark 2.0.1, Windows 10 TH2 10586. Capture filter: "port 443" Adapter: Atheros AR 9485 Wireless Network Adapter Here's my result (the pic), it shows that I can see both traffic from and to remote 443. [image: Inline image 1] So I guess the only difference between us is the adapter. Theoretically this shouldn't make any difference. So can you try it on a different computer or a different adapter (like your LAN adapter)? or provide me access to your malfunctioned machine? Thanks. Cheers, Yang On Sat, Jan 9, 2016 at 3:06 AM, Darrell Enns <darrell () darrellenns com> wrote:
There seems to be an issue in npcap and certain capture filters. When I use a capture filter like "port 443", I only get half of the conversation. Packets from the remote port 443 to local random port are captured, but packets from local random port to remote 443 are not captured. This was using npcap 0.05-r4 and Wireshark 2.0.1 on Windows 10. The network interface is an Intel 82579V. If I just switch to winpcap (no other changes), it correctly captures both sides of the conversation. _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- npcap filter bug Darrell Enns (Jan 08)
- Re: npcap filter bug 食肉大灰兔V5 (Jan 09)
- npcap filter bug Darrell Enns (Jan 11)
- Re: npcap filter bug 食肉大灰兔V5 (Jan 09)