Wireshark-dev: Re: [Wireshark-dev] Npcap 0.01 call for test about Windows loopback traffic capt
From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Wed, 15 Jul 2015 11:14:01 +0800
Hi Pascal,

I am not very familiar about dialup/PPP interfaces, perhaps you mean capturing on adapters like below?
WAN Miniport (SSTP)
WAN Miniport (IPv6)
WAN Miniport (IP)
WAN Miniport (L2TP)
WAN Miniport (PPPOE)
WAN Miniport (PPTP)
WAN Miniport (Network Monitor)
WAN Miniport (IKEv2)

These adapters are listed on my machine, theoretically should be able to be opened by Npcap driver.



Cheers,
Yang


On Wed, Jul 15, 2015 at 3:16 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


2015-07-11 11:15 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi list,

In order not to diverge with WinPcap interfaces, I have made a "WinPcap Mode" for Npcap, it uses the same system32 directory to put DLLs and has the same "npf" service and driver name. So it can be directly used in Wireshark without any patch. 

Another news is that I have finished Windows loopback packet capture feature in Npcap, Npcap will install an adapter named "Npcap Loopback Adapter". And I can see the loopback traffic using Wireshark now (See the attached pic). It seems to still have problems, like the "(no response found!)" in the ICMPv6 packets (ping ::1) in the pic. I don't know why Wireshark shows like this, perhaps you guys can provide me a clue.


I have tested this version Npcap under Wireshark 1.12.6 x64, in Windows 8.1 x64 and Windows Server 2016 TP2.

Notice: You need to try it under Win7 and later, and no need to change the installation options, just click the "Next"s. Npcap installed in "WinPcap Mode" is exclusive with WinPcap, so you must uninstall WinPcap first (installer will prompt you this).

The README is:

The implementation internal about loopback traffic feature is:


Cheers,
Yang

Hi Yang,

I just gave a quick try to Npcap 0.0.1 on my Windows 7 x64 box and it seems to work pretty well. Congratulations and thanks for your work!
Any chance to add support for dialup / PPP interfaces? This is one of the WinPcap feature that got lost when transitioning from Windows XP to Vista (http://www.winpcap.org/misc/faq.htm#Q-5).

Regards,
Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe