Nmap Development mailing list archives
Re: Replicable problem with later versions of npcap
From: "Kurt Buff - GSEC, GCIH" <kurt.buff () gmail com>
Date: Wed, 17 Apr 2019 11:51:28 -0700
All, I just noticed that I had only replied to Daniel previously. I've sent to him the output of DiagReport and the minidump generated by Driver Verifier - it forced a BSOD when I tried to uninstall npcap. If there's anything else I can do to help this along, please let me know. Thanks, Kurt On Thu, Apr 11, 2019 at 11:23 AM Daniel Miller <bonsaiviking () gmail com> wrote:
Kurt, We've done some initial investigation into this issue, but we haven't identified a cause yet. We'll be doing our own testing with VMware soon, but if you can provide a bit more information, it would be very helpful. First, we need the output of DiagReport for your system (https://nmap.org/npcap/guide/npcap-issues.html#npcap-issues-diagreport). Next, we'd like to see if we can leverage built-in Windows diagnostic tools to force a bugcheck (BSoD) which would point directly to the problem. This is preferable to differential diagnosis based on behavior which can take a long time. To do this, we need you to run Driver Verifier and create default settings for npcap.sys and/or npf.sys. Here is the information about Driver Verifier: https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/driver-verifier Thanks! Dan On Thu, Apr 4, 2019 at 12:09 PM Daniel Miller <bonsaiviking () gmail com> wrote:Kurt, Thanks for reporting this. We'll look into it, and will be tracking the issue at http://issues.nmap.org/1541 Dan On Wed, Mar 27, 2019 at 1:58 PM Kurt Buff - GSEC, GCIH <kurt.buff () gmail com> wrote:All, Found a problem with npcap .0.99-r8 (and possibly r7, but I'm not sure of that) up to and including 0.992, with suspended VMs under VMware Workstation Pro. Configuration: -Lenovo T460p, 32gb RAM with Intel Dual Band Wireless AC 8260 adapter (I do not use the wired adapter, but it is, for completeness sake, an Intel 1219-LM), all current drivers (per the Lenovo update utility) -Win10 1709, fully patched except for this month's patches, coming soon. - VMWare Workstation Pro, 14.1.6 build-12368378 - A VM running Win10 1709 (I have a couple of other VMs, but have not tested them, as I use them infrequently) in bridged mode. - I normally access the VM via RDP from the host. On the laptop host OS, I upgraded Wireshark to 3.0.0 yesterday (bear with me) and accepted the upgrade of npcap to 0.99-r8, and all seemed well. However, per my normal practice, I suspended the VM, then hibernated the laptop and found upon arriving home that evening that my Win10 1709 VM could not touch the network. The VM was unchanged, no upgrades (it has npcap 0.99-r8, but I don't believe it's involved). Once home, I woke up the laptop and unsuspended the VM, and I could not ping the VM from the laptop, nor could the VM see the network when I logged into the console via VMware. I then uninstalled Wireshark and npcap, and the VM saw the network immediately. I was then able to install npcap, and the VM still functioned. I didn't install either Wireshark or nmap, just npcap. At the end of the evening, I suspended the VM again, and hibernated the laptop. I then tried again, suspending/unsuspending the VM and again npcap prevented the newly unsuspended VM from seeing the network, and uninstalling npcap gave immediate access to the network for the VM. I was able to replicate the problem again today, as I fired up the laptop from hibernation, then unsuspended the VM, and the VM wasn't able to connect to the network. Again, as soon as I removed npcap 0.992, the VM was on the network. In all cases, the host OS had no problems with networking, other than not being able to see the VM, and the VM not being able to see its network. If any more info is needed, please let me know, as i'd like to help resolve this problem. Thanks, Kurt _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Replicable problem with later versions of npcap Daniel Miller (Apr 04)
- Re: Replicable problem with later versions of npcap Daniel Miller (Apr 11)
- Re: Replicable problem with later versions of npcap Kurt Buff - GSEC, GCIH (Apr 13)
- Re: Replicable problem with later versions of npcap Kurt Buff - GSEC, GCIH (Apr 17)
- Re: Replicable problem with later versions of npcap Daniel Miller (Apr 11)