Re: Npcap 0.01 call for test about Windows loopback traffic capture feature

[Yang Luo <hsluoyb () gmail com>]

Hi Pascal,

I can see several WAN miniports in my machine's registry, but they can't be
captured by Npcap. I had reported this issue to MSDN, so let's wait the
answer.

> From the link you provided, it seems that a NDIS filter (on which Npcap is
based) can see the MB Miniport, so I think it's theoretically a yes to
capture on it. After the above problem solved, maybe we can get to this
issue a bit.

Yang


On Wed, Jul 15, 2015 at 10:30 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:

> Le 15 juil. 2015 5:14 AM, "Yang Luo" <hsluoyb () gmail com> a écrit :
> > Hi Pascal,
> >
> > I am not very familiar about dialup/PPP interfaces, perhaps you mean
> capturing on adapters like below?
> > WAN Miniport (SSTP)
> > WAN Miniport (IPv6)
> > WAN Miniport (IP)
> > WAN Miniport (L2TP)
> > WAN Miniport (PPPOE)
> > WAN Miniport (PPTP)
> > WAN Miniport (Network Monitor)
> > WAN Miniport (IKEv2)
> >
> > These adapters are listed on my machine, theoretically should be able to
> be opened by Npcap driver.
>
> Hi Yang,
>
> I guess the corresponding miniport should be PPPoE but I cannot verify it
> as I do not have such device. I was asking just in case as this is a
> question we have from time to time on http://ask.wireshark.org.
>
> But I do have access to a MBIM (USB class used to control wireless modems
> starting from Windows 8) which is not listed by WinPcap either (for now I'm
> using USBPcap to capture the traffic).
> According to
> https://msdn.microsoft.com/en-us/library/windows/hardware/ff557177(v=vs.85).as
> pu it should be listed as a WWAN (or MB) miniport driver. Do you see such
> miniport or only the WAN family? Eventually I could give it a try if you
> can add its support.
>
> Later tonight I will try Nmap on a Windows 8.1 x64 box and see whether I
> can reproduce the issue reported by Tyson.
>
> Pascal.
>
> > Cheers,
> > Yang
> >
> >
> > On Wed, Jul 15, 2015 at 3:16 AM, Pascal Quantin <
> pascal.quantin () gmail com> wrote:
> > > 2015-07-11 11:15 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
> > > > Hi list,
> > > >
> > > > In order not to diverge with WinPcap interfaces, I have made a
> "WinPcap Mode" for Npcap, it uses the same system32 directory to put DLLs
> and has the same "npf" service and driver name. So it can be directly used
> in Wireshark without any patch.
> > > > Another news is that I have finished Windows loopback packet capture
> feature in Npcap, Npcap will install an adapter named "Npcap Loopback
> Adapter". And I can see the loopback traffic using Wireshark now (See the
> attached pic). It seems to still have problems, like the "(no response
> found!)" in the ICMPv6 packets (ping ::1) in the pic. I don't know why
> Wireshark shows like this, perhaps you guys can provide me a clue.
> > > > The latest Npcap installer is:
> > > > https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe
> > > >
> > > > I have tested this version Npcap under Wireshark 1.12.6 x64, in
> Windows 8.1 x64 and Windows Server 2016 TP2.
> > > > Notice: You need to try it under Win7 and later, and no need to change
> the installation options, just click the "Next"s. Npcap installed in
> "WinPcap Mode" is exclusive with WinPcap, so you must uninstall WinPcap
> first (installer will prompt you this).
> > > > The README is:
> > > > https://github.com/nmap/npcap
> > > >
> > > > The implementation internal about loopback traffic feature is:
> > > > http://seclists.org/nmap-dev/2015/q3/35
> > > >
> > > >
> > > > Cheers,
> > > > Yang
> > >
> > >
> > > Hi Yang,
> > >
> > > I just gave a quick try to Npcap 0.0.1 on my Windows 7 x64 box and it
> seems to work pretty well. Congratulations and thanks for your work!
> > > Any chance to add support for dialup / PPP interfaces? This is one of
> the WinPcap feature that got lost when transitioning from Windows XP to
> Vista (http://www.winpcap.org/misc/faq.htm#Q-5).
> > > Regards,
> > > Pascal.
> ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
> >
> ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe