Wireshark mailing list archives
Re: Capture PPP on Windows Vista
From: Guy Harris <guy () alum mit edu>
Date: Mon, 23 Nov 2015 10:57:36 -0800
On Nov 23, 2015, at 10:41 AM, Michal Labedzki <michal.labedzki () tieto com> wrote:
One user (maybe more...) complains that Wireshark does not support capturing PPP on Windows Vista. WinPcap does not support it for unknown reason: https://www.winpcap.org/misc/faq.htm#Q-5
The reason is that unless you:
But I found that: https://msdn.microsoft.com/en-us/library/windows/desktop/bb404173%28v=vs.85%29.aspx
pretend to be Microsoft Network Monitor ("netmon" refers to Network Monitor, and "bh" refers to the codename for
Network Monitor, "Bloodhound"), you don't get access to PPP frames.
Of course:
Note Each Windows Vista machine permits the installation of only one driver entity that has the "ms_netmon" hardware identity. To install another driver with this identity, the first driver must be uninstalled. A driver that is installed without using the "ms_netmon" hardware identity cannot perform the binding needed to capture PPP frames.
means that, if WinPcap is changed to do that, if you install anything using WinPcap, it won't work if Network Monitor is already installed unless you uninstall it, and if you install Network Monitor afterwards, it won't work unless you uninstall WinPcap. Now, given that Microsoft Message Analyzer is the Hot New Thing, maybe fewer people will be installing Network Monitor (although people also install Network Monitor to capture in monitor mode on 802.11 adapters, so we might also have to add support for that to WinPcap), so maybe that's not an issue.
My question is: Is there anyone interested to add missing feature or maybe it is not possible? I not sure what for other Windows.
I don't know whether Microsoft still has the special "recognize the Network Monitor driver" hack in their networking stack in releases later than Vista, but they might. "This information only applies to drivers on a Windows Vista machine." could mean "this doesn't work on anything after Vista" or it could mean "we wrote this for Vista when Vista was the current Windows release, and we're saying it doesn't work on XP or anything earlier". ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Capture PPP on Windows Vista Michal Labedzki (Nov 23)
- Re: Capture PPP on Windows Vista Alexis La Goutte (Nov 23)
- Re: Capture PPP on Windows Vista Pascal Quantin (Nov 23)
- Re: Capture PPP on Windows Vista Yang Luo (Nov 24)
- Re: Capture PPP on Windows Vista Yang Luo (Nov 25)
- Re: Capture PPP on Windows Vista Pascal Quantin (Nov 23)
- Re: Capture PPP on Windows Vista Guy Harris (Nov 23)
- Re: Capture PPP on Windows Vista Alexis La Goutte (Nov 23)