Nmap Development mailing list archives

Re: [Bulk] Use of npcap in automation system

From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Tue, 6 Oct 2015 01:03:25 +0800

Hi Ferreira,

First allow me to paste PCAP_OPENFLAG_NOCAPTURE_LOCAL's description here
from winpcap's source:
/*!
\brief Defines if the local adapter will capture its own generated traffic.

This flag tells the underlying capture driver to drop the packets that were
sent by itself.
This is usefult when building applications like bridges, that should ignore
the traffic
they just sent.
*/
#define PCAP_OPENFLAG_NOCAPTURE_LOCAL 8

I have tested the *WinPcap 4.1.3*'s PCAP_OPENFLAG_NOCAPTURE_LOCAL flag of
*pcap_open* against my* Win 8.1 x64 VM* and *Win10 RTM x64 VM*. Both
conditions work as expected (I mean the packet sender will not receive his
sent packets), other WinPcap's clients (like Wireshark) will still see the
sent packets, which is also expected according to the explanation above. So
I can't reproduce the failure you mentioned, could you provide a sample?

For another thing, AFAIK, NDIS 6 is available since Vista, 6.2 for Win7,
6.3 for Win8 (
https://msdn.microsoft.com/en-us/library/windows/hardware/ff567893(v=vs.85).aspx).
And there isn't quite much difference of NDIS between Win7 and Win8.

/* disable loopback capture if requested */
if(flags & PCAP_OPENFLAG_NOCAPTURE_LOCAL)
{
if(!PacketSetLoopbackBehavior(fp->adapter, NPF_DISABLE_LOOPBACK))
{
snprintf(errbuf, PCAP_ERRBUF_SIZE, "Unable to disable the capture of
loopback packets.");
pcap_close(fp);
return NULL;
}
}

And what Gisle said is iterally right, because
PCAP_OPENFLAG_NOCAPTURE_LOCAL flag is just implemented
by PacketSetLoopbackBehavior (adapter, 1), so these two ways are totally
identical. pcap_open() is not standard API but I don't think this is your
problem.


Cheers,
Yang


On Mon, Oct 5, 2015 at 4:46 PM, Gisle Vanem <gvanem () yahoo no> wrote:

Nuno Antonio Dias Ferreira wrote:

I am software developer of automation systems. Last year I develop an

application to allow network redundancy where I
was using WinPcap 4.1.3, that application is running well in Windows XP
and Windows 7 but is not working in Windows (
and above because of changes in NDIS 6. In my application I am opening
Pcap handler with the flag
PCAP_OPENFLAG_NOCAPTURE_LOCAL and that’s the reason why I can’t use my
app in Windows 8. Can you tell me if your pcap has
this feature implemented?


The flag PCAP_OPENFLAG_NOCAPTURE_LOCAL is AFAICS a parameter to
'pcap_open()' which is not present in standard libpcap (unless the
REMOTE-stuff is added).

But the same feature can be enabled using:
  PacketSetLoopbackBehavior (adapter, 1);

Works fine under Win 8.1.

--
--gv
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Use of npcap in automation system Nuno Antonio Dias Ferreira (Oct 04)
- Re: [Bulk] Use of npcap in automation system Gisle Vanem (Oct 05)
  - Re: [Bulk] Use of npcap in automation system 食肉大灰兔V5 (Oct 05)
    - Message not available
    - Re: [Bulk] Use of npcap in automation system 食肉大灰兔V5 (Oct 07)