Wireshark mailing list archives
Re: Npcap 0.04 call for test
From: Yang Luo <hsluoyb () gmail com>
Date: Mon, 24 Aug 2015 21:08:45 +0800
Hi Guy, I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's wpcap.dll code at https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK, it seems that this property is never effectively used inside wpcap.dll's code. In Wireshark's WinPcap official trunk, it is totally unused except some prints. See: https://github.com/wireshark/winpcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK. So currently PCAP_IF_LOOPBACK is never set in any pcap_if_t struct for WinPcap and Npcap. And It seems to work fine without setting it. Where would Wireshark use this PCAP_IF_LOOPBACK for? I know Nmap does use IPHelper API to list the interfaces and get the loopback type, PCAP_IF_LOOPBACK appears in Nmap's code but it is used in other unimportant places. Cheers, Yang On Mon, Aug 24, 2015 at 4:46 PM, Guy Harris <guy () alum mit edu> wrote:
On Aug 24, 2015, at 1:32 AM, Pascal Quantin <pascal.quantin () gmail com> wrote:2015-08-24 10:28 GMT+02:00 Guy Harris <guy () alum mit edu>:Note that, if all packets are IPv4 or IPv6 packets, you could also useNdisMediumIP, if that means "received and transmitted packets begin with an IP header and have no link-layer header", and map that to DLT_RAW.Correct, but I was finding the NdisMediumLoopback type maybe morerepresentative as there can be other interfaces using raw IP (liek MBIM USB class). At least with such DLT we have no doubt regarding the fact that it is a loopback capture :) Using the LINKTYPE_/DLT_ value to determine *anything* other than the format of the data at the beginning of the packet is an error. In particular, using it to determine the interface type is an error. You might, for example, have: LINKTYPE_ETHERNET/DLT_EN10MB as the link-layer header type for packets captured from an 802.11 interface that's not in monitor mode (and, yes, the data at the beginning of the packet will be an Ethernet header); LINKTYPE_ETHERNET/DLT_EN10MB as the link-layer header type for packets captured from a loopback device on Linux (and, yes, the data at the beginning of the packet will be an Ethernet header); LINKTYPE_NULL/DLT_NULL as the link-layer header type for packets captured from a loopback device on a BSD-flavord-but-not-OpenBSD system; LINKTYPE_LOOP/DLT_LOOP as the link-layer header type for packets captured from a loopback device on OpenBSD; LINKTYPE_IPNET/DLT_IPNET as the link-layer header type for packets captured from a loopback device on Solaris; etc.. If you want to know whether a device is a loopback device, check the PCAP_IF_LOOPBACK flag in the flags member of the pcap_if_t structure supplied for the device in a pcap_findalldevs() or pcap_findalldevs_ex() call. And, yes, if Npcap isn't setting that flag for the loopback device, it must be changed to do so. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.04 call for test, (continued)
- Re: Npcap 0.04 call for test Yang Luo (Aug 21)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 22)
- Re: Npcap 0.04 call for test Guy Harris (Aug 22)
- Re: Npcap 0.04 call for test Graham Bloice (Aug 23)
- Re: Npcap 0.04 call for test Guy Harris (Aug 23)
- Re: Npcap 0.04 call for test Yang Luo (Aug 23)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
- Re: Npcap 0.04 call for test Guy Harris (Aug 24)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
- Re: Npcap 0.04 call for test Guy Harris (Aug 24)
- Re: Npcap 0.04 call for test Yang Luo (Aug 24)
- Re: Npcap 0.04 call for test Guy Harris (Aug 24)
- Re: Npcap 0.04 call for test Yang Luo (Aug 24)
- Re: Npcap 0.04 call for test Guy Harris (Aug 25)
- Re: Npcap 0.04 call for test Yang Luo (Aug 25)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 27)
- Re: Npcap 0.04 call for test Yang Luo (Aug 31)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
- Re: Npcap 0.04 call for test Yang Luo (Aug 24)
- Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)