Wireshark mailing list archives
Re: Npcap 0.01 call for test (2nd)
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Fri, 24 Jul 2015 19:56:30 +0200
2015-07-24 15:14 GMT+02:00 Yang Luo <hsluoyb () gmail com>:
Hi Parscal, I think I have added the "flpp4" and "flpp6" to Npcap, but I don't know if this works, you could try latest installer: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.02-r3.exe
Hi Yang, I can see the interface listed now. I will not be able to try capturing traffic before next Thursday unfortunately as I'm traveling. Regards, Pascal.
On Thu, Jul 23, 2015 at 4:18 PM, Pascal Quantin <pascal.quantin () gmail com> wrote:2015-07-22 21:39 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:2015-07-22 18:25 GMT+02:00 Yang Luo <hsluoyb () gmail com>:Hi Pascal, On Wed, Jul 22, 2015 at 11:33 PM, Pascal Quantin < pascal.quantin () gmail com> wrote:I just gave a try to this new installer: - still my rename issue of the loop back installer (as expected ;)). Is there some debug log / test I could do on my side? I will double check if the rename works fine on a French Win 7.I think I perhaps know why this doesn't work on your French Win10. It can be language related. Because the Win10 renaming way uses string parsing again. This is the mechanism: 1) First Npcap runs "netsh.exe interface show interface" to get all interfaces before install "Npcap Loopback Adapter", you will get something like below in English language (but I don't know if my code adapts to French, this is the key point). Admin State State Type Interface Name ------------------------------------------------------------------------- Enabled Connected Dedicated VMware Network Adapter VMnet1 Enabled Connected Dedicated VMware Network Adapter VMnet8 Enabled Connected Dedicated VMware Network Adapter VMnet2 Enabled Connected Dedicated VMware Network Adapter VMnet3 Enabled Connected Dedicated Wi-Fi Disabled Disconnected Dedicated Ethernet Npcap will parse this output to get all interface names, the method is first going to the third line, then find the line feed char '\n', if '\n' found, then reverse-find the two continuous space char " ". Then we can get a name like "VMware Network Adapter VMnet1", the same for other names. Save them to a vector<string>. 2) After "Npcap Loopback Adapter" installed, Npcap will run "netsh.exe interface show interface" again, to get the updated interface list, like below: Admin State State Type Interface Name ------------------------------------------------------------------------- Enabled Connected Dedicated VMware Network Adapter VMnet1 Enabled Connected Dedicated VMware Network Adapter VMnet8 Enabled Connected Dedicated VMware Network Adapter VMnet2 Enabled Connected Dedicated VMware Network Adapter VMnet3 Enabled Connected Dedicated Wi-Fi Disabled Disconnected Dedicated Ethernet Enabled Connected Dedicated Ethernet 2 We can get another vector<string> from above output, compare these two vectors, find the new name, which is "Ethernet 2". 3) Then Npcap will rename this new adapter using "netsh.exe interface set interface name=\"%s\" newname=\"%s\", the first %s is previous "Ethernet 2", and the second %s is "Npcap Loopback Adapter". So I think this way possibly fail in a different language system than English, because the output of "netsh.exe interface show interface" can be language specific. You can try these commands manually to see whether this method works.Indeed the command output is localized. Before installing Npcap, I have: État admin État Type Nom de l'interface ------------------------------------------------------------------------- Activé Connecté Dédié Ethernet After the installation, I have: État admin État Type Nom de l'interface ------------------------------------------------------------------------- Activé Connecté Dédié Ethernet Activé Connecté Dédié Ethernet 2 Executing manually the command netsh.exe interface set interface name="Ethernet 2" newname="Npcap Loopback Adapter" does work.- driver can be started after reboot (manually or with Wireshark)Good for this.- for those having User Account Control activated, you need to start Wireshark as administrator (even without restricting Npcap to admin during installation) to have the driver started. Unfortunate... If this is the loopback adapter that triggers the issue at startup, should its installation be optional?I don't know whether there are many people using Wireshark in a non-Admin privilege? If yes, then I think the lacking boot start support needs a solution. Making loopback code optional is kind of difficult, because its code is deep in the driver and has tight connection with other parts.- I finally got the opportunity to test with a MBIM WWAN device (long due task on my side ;)). The interface is not listed unfortunately.This is weird, because in the driver's INF file, I have specified: HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, wlan, bluetooth, ndis5, vwifi, nolower" It should have includes WAN interfaces. Perhaps you would like to find out if this WAN device has appeared in registry, because Npcap or WinPcap only sees interfaces that appears in registry, registry path is: \\HKLM\\System\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}.I will try to get my hands on the PC again (gave it back to my colleague) to verify this.I got access to the PC. There are 2 Mobile Broadband interfaces being listed on the PC and not seen by Npcap. You will find attached the corrresponding registry key dumps. Cheers, Pascal.Cheers, Yang ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.01 call for test (2nd), (continued)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 26)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 26)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)