Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Replicable problem with later versions of npcap

From: "Kurt Buff - GSEC, GCIH" <kurt.buff () gmail com>
Date: Wed, 27 Mar 2019 11:58:08 -0700
All,

Found a problem with npcap .0.99-r8 (and possibly r7, but I'm not sure
of that) up to and including 0.992, with suspended VMs under VMware
Workstation Pro.

Configuration:
-Lenovo T460p, 32gb RAM with Intel Dual Band Wireless AC 8260 adapter
(I do not use the wired adapter, but it is, for completeness sake, an
Intel 1219-LM), all current drivers (per the Lenovo update utility)
-Win10 1709, fully patched except for this month's patches, coming soon.
- VMWare Workstation Pro, 14.1.6 build-12368378
- A VM running Win10 1709 (I have a couple of other VMs, but have not
tested them, as I use them infrequently) in bridged mode.
- I normally access the VM via RDP from the host.

On the laptop host OS, I upgraded Wireshark to 3.0.0 yesterday (bear
with me) and accepted the upgrade of npcap to 0.99-r8, and all seemed
well. However, per my normal practice, I suspended the VM, then
hibernated the laptop and found upon arriving home that evening that
my Win10 1709 VM could not touch the network. The VM was unchanged, no
upgrades (it has npcap 0.99-r8, but I don't believe it's involved).
Once home, I woke up the laptop and unsuspended the VM, and I could
not ping the VM from the laptop, nor could the VM see the network when
I logged into the console via VMware.

I then uninstalled Wireshark and npcap, and the VM saw the network
immediately. I was then able to install npcap, and the VM still
functioned. I didn't install either Wireshark or nmap, just npcap. At
the end of the evening, I suspended the VM again, and hibernated the
laptop.

I then tried again, suspending/unsuspending the VM and again npcap
prevented the newly unsuspended VM from seeing the network, and
uninstalling npcap gave immediate access to the network for the VM.

I was able to replicate the problem again today, as I fired up the
laptop from hibernation, then unsuspended the VM, and the VM wasn't
able to connect to the network. Again, as soon as I removed npcap
0.992, the VM was on the network.

In all cases, the host OS had no problems with networking, other than
not being able to see the VM, and the VM not being able to see its
network.

If any more info is needed, please let me know, as i'd like to help
resolve this problem.

Thanks,

Kurt
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: