Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Npcap 0.04 call for test

From: Yang Luo <hsluoyb () gmail com>
Date: Tue, 18 Aug 2015 23:04:01 +0800
Hi Pascal,

 I have analyzed your log and it shows that WSK_CLIENT_DISPATCH::WskSocket
function fails with STATUS_ACCESS_DENIED. The result turns out to be a bug:
If you launch Wireshark with no Admin right, the WSK code fails to init, so
Npcap loopback adapter can't be opened. I think you launched Wireshark with
no Admin right in both machines. So I have moved WSK init code to Driver
start routine and get this issue fixed, please try the latest installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r3.exe


Cheers,
Yang


On Tue, Aug 18, 2015 at 5:23 PM, Pascal Quantin <pascal.quantin () gmail com>
wrote:


Hi Yang,

2015-08-18 3:27 GMT+02:00 Yang Luo <hsluoyb () gmail com>:


Hi Pascal,

Sorry that 0.04 r2 lacks some message, I added some extra trace in latest
version, please try this and give me the log,

https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r2-debug-2.exe
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r2-debug-2.exe>

Also it's weird that our VirtualBox guests have different behaviors. Our
hardware for the VM should be mostly the same. The Win10 image I installed
is en_windows_10_multiple_editions_x64_dvd_6846432.iso, and I chose Pro
edition to install. What edition did you install? Also it would be good if
you can provide the .vbox file of your VM.



My Windows 10 x64 VM was initially installed from a Technical Preview
(probably version 10052 but I'm not completely sure) and then upgraded to
the RTM version (and up-to-date with all updates). It's a Pro edition. You
will find attached the DebugView log and the .vbox file.
My Windows 10 x64 host was upgraded from Windows 8.1 and is the Family
edition. You will also find attached the corresponding log.

Pascal.



Cheers,
Yang


On Tue, Aug 18, 2015 at 1:30 AM, Pascal Quantin <pascal.quantin () gmail com

wrote:




2015-08-17 18:52 GMT+02:00 Pascal Quantin <pascal.quantin () gmail com>:




2015-08-17 2:55 GMT+02:00 Yang Luo <hsluoyb () gmail com>:


Hi Pascal,

Thanks for test. It's my typo mistake for the BSoD word, what I meant
is the loopback interface didn't show problem, in fact they share the same
cause. Because I didn't handle the error correctly in 0.03 r5 and r6, so it
turns to a BSoD.


On Sun, Aug 16, 2015 at 11:55 PM, Pascal Quantin <
pascal.quantin () gmail com> wrote:



Le 16 août 2015 3:39 PM, "Pascal Quantin" <pascal.quantin () gmail com>
a écrit :


Hi Yang,

2015-08-16 14:18 GMT+02:00 Yang Luo <hsluoyb () gmail com>:


Hi Pascal,

I think this BSoD is caused by the Winsock Kernel init code in

Npcap driver (NPF_WSKStartup call or NPF_WSKInitSockets call failed). I
can't reproduce it on my Win8.1 VM, Win10 VM and Win10 physical host. I
used VMware Workstation 11.1.2 for my VMs. I don't know which type your VM
is? There shouldn't be pretty much hardware difference between VMs. What
special software has you installed on your VM? The boldest idea is that you
provide a VM image that occurs this problem if you like.



I'm running a Windows 10 x64 VM running on Virtualbox 5.0 (with

extension pack) with just Wireshark 1.99.9 development version and Nmap
installed. No other specific software installed. In the VM system settings,
I have checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2
processors. The network adapter is using the default setting (NAT).

The VM is 41Gb so I will not be able to upload it unfortunately.

But maybe you could reproduce it with Virtualbox instead of VMware?


I have the latest VirtualBox 5.0.2 r102096 installed on my Win10 x64
host, installed Win10 x64 VM on it, with Wireshark 1.99.8 and Npcap 0.04. I
also checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2
processors. Network is default NAT. But the result turns out that I could
see and capture on the Npcap loopback adapter, everything is fine. I think
maybe you'd like to upgrade your VirtualBox to latest 5.0.2 to see what
happens. If this isn't fixed, perhaps a brand new VM is needed.



Still no luck :(.  You will find attached the DebugView log taken with
0.04r2.



Hi Yang,

my Windows 10 x64 host does not reliably succeed to open the loopback
interface either (I just tried it once before and it was working fine, but
on next reboot it was not). You will find attached the log of version
0.04r2.

Pascal.



___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe





___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: