Re: Npcap 0.01 call for test (2nd)

[Pascal Quantin <pascal.quantin () gmail com>]

2015-07-22 6:45 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
> Hi all,
>
> I think I have completely solved the "System error 2" thing, this error
is because current Npcap uses WFP technique for handling loopback traffic
and WFP will cause the "System error 2" if it is started by OS from boot,
so I removed the "Automatically start the Npcap driver at boot time"
support. As now Wireshark or Nmap always try to start the service
themselves. This should be no big issue.
> Use this latest installer:
> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.02.exe

Hi Yang,

I just gave a try to this new installer:
- still my rename issue of the loop back installer (as expected ;)). Is
there some debug log / test I could do on my side? I will double check if
the rename works fine on a French Win 7.
- driver can be started after reboot (manually or with Wireshark)
- for those having User Account Control activated, you need to start
Wireshark as administrator (even without restricting Npcap to admin during
installation) to have the driver started. Unfortunate... If this is the
loopback adapter that triggers the issue at startup, should its
installation be optional?
- I finally got the opportunity to test with a MBIM WWAN device (long due
task on my side ;)). The interface is not listed unfortunately.

Regards,
Pascal.

> Cheers,
> Yang
>
>
> On Mon, Jul 20, 2015 at 11:14 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:
> > 2015-07-20 17:03 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:
> >
> >
> > > 2015-07-20 16:22 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
> > > > Hi Pascal,
> > > >
> > > > On Mon, Jul 20, 2015 at 8:36 PM, Pascal Quantin <
pascal.quantin () gmail com> wrote:
> > > > > Hi Yang,
> > > > >
> > > > > I gave another try to a second Win10 x64 French virtual machine and
it was not renamed either. The 'ver' command typed in a console does work
like in your picture.
> > > > This is so weird. I guess the only difference between our systems is
the language, and I don't think a UI language could lead to this diverging.
It has no other possibility but to be a bug for Windows beta. Maybe we
should set aside this issue and wait for Win10 RTM.
> > > AFAIK 10240 is the candidate for RTM. Wait and see :)
> > >
> > > > > For your information GetVersionEx API can work on Windows 10 (that's
what we use in Wireshark). But you need to embed a manifest in your
application indicating that Windows 10 is supported by adding its GUID (see
https://code.wireshark.org/review/gitweb?p=wireshark.git;a=blob;f=image/wireshark.exe.manifest.in;h=9a3f32c912aae5ec8f05266f4ac28f14446025a1;hb=refs/heads/master
that we use for Wireshark).
> > > > >
> > > >
> > > > I saw this in MSDN too, but I don't know if this manifest way is the
ultimate solution even for Win10 RTM? If GetVersionEx API works on Win10
RTM without this special manifest, then I preferred not to add it.
> > > This is mandatory (as it was mandatory for Windows 8.1 with its own
GUID) and I expect this to work in RTM (it has been working like this very
long time, even when Windows 10 was identifying itself as 6.4 and not 10).
See this Microsoft blog post for details:
http://blogs.msdn.com/b/chuckw/archive/2013/09/10/manifest-madness.aspx
> > > > > Yes that's what happens with WinPcap. The driver starts automatically
when calling p_pcap_findalldevs() from wpcap.dll but it does not seem to
work with Npcap.
> > > > I tried to first stop the service using "net stop npf", then start
latest stable version Wireshark 64 bit (Version 1.12.6 (v1.12.6-0-gee1fce6
from master-1.12)) . I can see the interface list in fact. So I don't know
what's wrong here. I have modified the installer a little to start the
service when installation finishes. And make sure you checked
"Automatically start the Npcap driver at boot time" option in the last page
of installer.
> > > > https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe
> > >
> > >
> > > I was already checking this option box.
> > >
> > >
> > > With this new installer (unfortunately still named r2 which is
confusing ;) ), the service was running after installation and I can
manually stop and restart it. But after reboot it does not start and typing
'sc start npf' now gives an error stating that the specified file cannot be
found.
> > Regarding the automatic start of npf.sys service when calling
p_pcap_findalldevs() I realize that I was not launching Wireshark with
admin rights. With elevated privileges, it launches NPF if previously
manually stopped. Sorry for the confusion.
> > Pascal.
___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe
>
___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe