Re: Use Npcap as the default Windows capture library for Wireshark

[Alexis La Goutte <alexis.lagoutte () gmail com>]

On Mon, Jun 6, 2016 at 11:31 AM, Graham Bloice <graham.bloice () trihedral com>
wrote:

> On 4 June 2016 at 04:27, Yang Luo <hsluoyb () gmail com> wrote:
>
> > Hi list,
> >
> > In the past few months, Npcap (https://github.com/nmap/npcap) has gone
> > through many versions to reach a relatively stable release now (Npcap 0.07
> > R9). An obvious clue is that there're no such many BSoDs found as before,
> > nearly only one BSoD-level bug for a month. Also we have got nearly all
> > necessary parts as a product. We have official site (http://npcap.org/),
> > documentation, SDK, paid technical support, etc.
> >
> > As I have patched Wireshark to fully support Npcap mode, there's no issue
> > for Wireshark no matter whether Npcap is installed in Npcap mode or
> > WinPcap-API compatible mode. However, I recommend installing in Npcap mode
> > directly because this is the default option in the installer.
> >
> > Since Wireshark has dropped XP/Win2003 support long ago, so the fact that
> > Npcap only works for Vista and later systems won't be an issue. Plus that
> > Npcap also installs the original WinPcap 4.1.3 when running in XP.
> >
> > Currently, we have already integrated Npcap 0.07 into Nmap 7.20 beta
> > version, and soon there will be an official Npcap 1.0 release. So I think
> > this is also a good time for Wireshark to integrate it. What're your
> > opinions?
> I think this will come up in discussions at SharkFest which you can't
> unfortunately attend.  We might be able to organise an on-line meeting in
> some form.
>
> My own personal opinion is that we're not quite ready yet for general
> release, I think the plan is to release Wireshark 2.2 around SharkFest so
> attention will then switch to the development version 2.3.
>
> The areas I would like to see completed in npcap, as capture is a critical
> usage part of Wireshark, before we make it the default capture library in
> Wireshark (for Windows) are (in no particular order, and some of these may
> have been done already):
>
>    - Ensure that Visual Studio Code Analysis builds of npcap are free
>    from all warnings.
>    - Ensure that all possible Microsoft Driver tests run without
>    warnings. i.e. SDV, HLK tests, whatever is applicable to npcap.
>    - Attempt to produce a build and test environment (i.e. build + code
>    analysis + tests, preferably on a "clean" install).
>    - Update libpcap interface to the current libpcap master\trunk.  This
>    might also encompass the build env setup with the current libpcap
>    install\patch approach.
>    - Ensure all current\planned libpcap wireless reporting and control
>    mechanisms are supported.
>    - Some performance\profiling analysis to ensure no degradations from
>    WinPcap, and\or areas to improve.
>    - Other stuff I haven't thought of yet.
>
> Note that I'm not trying to be negative, just trying to make sure we offer
> Wireshark users the best possible software.
>
> +1 with Graham (and Yes, it is one of topic of Sharkfest)
But may be possible to add also npcap in preview on Wireshark installer ?
(like usbpcap) Pascal ?



> --
> Graham Bloice
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe