Wireshark mailing list archives
Re: Npcap 0.01 call for test (2nd)
From: Tyson Key <tyson.key () gmail com>
Date: Sun, 19 Jul 2015 19:30:53 +0100
Sorry for the further spam, but this is an interesting (and annoying!) development... After rebooting from the last BSOD, I tried running Wireshark, and received the usual error about the NPF server not running. However, after quitting it, I decided to try disabling the "Microsoft Network Monitor 3 Driver" (which seems to coexist with regular WinPCap, without problems), and ran "sc start npf": C:\WINDOWS\system32>sc start npf SERVICE_NAME: npf TYPE : 1 KERNEL_DRIVER STATE : 4 RUNNING (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 (0x0) SERVICE_EXIT_CODE : 0 (0x0) CHECKPOINT : 0x0 WAIT_HINT : 0x0 PID : 0 FLAGS : C:\WINDOWS\system32> After waiting a little while, I started wireshark-gtk.exe, and discovered that the interface list was populated. However, after about 45 seconds, I received yet another BSOD: ================================================== Dump File : 071915-30828-01.dmp Crash Time : 19/07/2015 07:18:16 pm Bug Check String : BAD_POOL_CALLER Bug Check Code : 0x000000c2 Parameter 1 : 00000000`00000099 Parameter 2 : ffffe001`e8f04148 Parameter 3 : 00000000`00000000 Parameter 4 : 00000000`00000000 Caused By Driver : tm.sys Caused By Address : tm.sys+e29ef9 File Description : Kernel Transaction Manager Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.3.9600.16384 (winblue_rtm.130821-1623) Processor : x64 Crash Address : ntoskrnl.exe+150ca0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\WINDOWS\Minidump\071915-30828-01.dmp Processors Count : 4 Major Version : 15 Minor Version : 9600 Dump File Size : 281,520 Dump File Time : 19/07/2015 07:20:06 pm ================================================== Would be interesting to know why the BSOD occurs in the Kernel Transaction Manager, this time... Tyson. 2015-07-19 19:13 GMT+01:00 Tyson Key <tyson.key () gmail com>:
...and after rebooting, and reinstalling the various components using NPFInstall, and launching Wireshark, no interfaces are detected. However, after trying "sc start npf", and waiting a while, I'm greeted with another BSOD, of the same kind as last time: ================================================== Dump File : 071915-35687-01.dmp Crash Time : 19/07/2015 07:03:01 pm Bug Check String : BAD_POOL_CALLER Bug Check Code : 0x000000c2 Parameter 1 : 00000000`00000007 Parameter 2 : 00000000`00001200 Parameter 3 : 00000000`00000003 Parameter 4 : ffffe000`99fa1008 Caused By Driver : tcpip.sys Caused By Address : tcpip.sys+1c2180 File Description : TCP/IP Driver Product Name : Microsoft® Windows® Operating System Company : Microsoft Corporation File Version : 6.3.9600.16384 (winblue_rtm.130821-1623) Processor : x64 Crash Address : ntoskrnl.exe+150ca0 Stack Address 1 : Stack Address 2 : Stack Address 3 : Computer Name : Full Path : C:\WINDOWS\Minidump\071915-35687-01.dmp Processors Count : 4 Major Version : 15 Minor Version : 9600 Dump File Size : 281,520 Dump File Time : 19/07/2015 07:04:09 pm ================================================== Tyson. 2015-07-19 17:05 GMT+01:00 Pascal Quantin <pascal.quantin () gmail com>:Hi Yang, 2015-07-19 15:55 GMT+02:00 Yang Luo <hsluoyb () gmail com>:Hi Jim, Thanks for testing! On Sun, Jul 19, 2015 at 12:25 AM, Jim Young <jyoung () gsu edu> wrote:Hello Yang, Two comments on all for 2nd test. 1 - Should the name of the newer package reflect that this is a different Npcap package from the 1st one? The 2nd package is named identical to the 1st one of npcap-nmap-0.01.exe. The newly downloaded one was saved by the browser as npcap-nmap-0.01(1).exe to avoid clobbering the 1st one still in the Download folder.From now on, I will use installer name such as npcap-nmap-0.01-r2.exe, which means revision 2 under version 0.01. I don't want to change version numbers, as current Npcap has many bugs and can't be released as a stable version yet.2 - After uninstalling WinPcap, but not rebooting, I started installing the newest Npcap package but the new install is hung at the step: Execute: "C:\Program Files\Npcpa\NPFInstall.exe" -ilI have improved this part logic, plz test the latest installer: https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe This operation takes some time indeed, but should be less than 20s.I just gave a quick test to 0.1-r2 version on my Windows 10 virtual machine. - I uninstalled WinPcap and installed Npcap in Winpcap mode without reboot. I got the same warning as Tyson regarding the upgrade of npf.sys file, presumably because yours as version 0.1.0.710 against Winpcap that uses version 4.1.0.2980. Maybe you should advice to reboot the PC after uninstalling Winpcap. - The loopback interface is still named 'Ethernet 2'. I run on Windows 10.0.10240 with French local in case this matters. - After reboot, Wireshark could not see any interface. I doubled checked the driver state and saw that it was stopped. Manually starting it with 'sc npf start' command allowed Wireshark to see interfaces. After reboot the service does not start automatically. I will try to test the WWAN capture beginning of next week. Pascal. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe-- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844
-- Fight Internet Censorship! http://www.eff.org http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Npcap 0.01 call for test (2nd) Yang Luo (Jul 18)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 18)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 21)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 18)