Wireshark mailing list archives

Re: Npcap 0.04 call for test

From: Jim Young <jyoung () gsu edu>
Date: Tue, 18 Aug 2015 16:22:39 +0000

Hello Yang,


With Npcap 0.04-r3 the Npcap Loopback Adapter is again visible and usable as a sniffable interface to Wireshark. [😊]


I hope to do more extensive testing later today or tomorrow (especially regarding throughput and packet drops).


I have a question regarding the encapsulation type for packets captured on the Npcap Loopback Adapter.


Instead of supplying an ethernet header with the mac addresses of all zeros, would it make more sense to supply a 
NULL/Loopback encapsulation type to packets captured in the Npcap LoopBack Interface?


I've attached two small 4 packet traces.  One is taken on a Windows 8.1 system with the Npcap adapter.  This file has 
an encapsulation type of ethernet with an ethernet header with all zero mac addresses.  The second trace was taken on 
an OS X 10.10.4 system with a NULL/Loopback encapsulation type.  For some fun take a look at Wireshark's 
epan/dissectors/packet-null.c for some interesting comments about the magic associated with loopback encapsulation 
detection.

Take care,

Jim Y.

________________________________
From: wireshark-dev-bounces () wireshark org <wireshark-dev-bounces () wireshark org> on behalf of Yang Luo <hsluoyb () 
gmail com>
Sent: Tuesday, August 18, 2015 11:08
To: Developer support list for Wireshark
Subject: Re: [Wireshark-dev] Npcap 0.04 call for test

Hi Jim,

The log points to the same issue with Pascal, and please try the latest installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r3.exe

Cheers,
Yang

Attachment: os-x.ping-to-loopback.pcapng
Description: os-x.ping-to-loopback.pcapng

Attachment: win8.1-with-npcap.ping-to-loopback.pcapng
Description: win8.1-with-npcap.ping-to-loopback.pcapng

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.04 call for test, (continued)
- - - Re: Npcap 0.04 call for test Yang Luo (Aug 17)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 18)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 18)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 18)
- Re: Npcap 0.04 call for test Jim Young (Aug 16)
  - Re: Npcap 0.04 call for test Guy Harris (Aug 16)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 16)
  - Re: Npcap 0.04 call for test Yang Luo (Aug 16)
    - Re: Npcap 0.04 call for test Jim Young (Aug 18)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 18)
    - Re: Npcap 0.04 call for test Jim Young (Aug 18)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 18)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 18)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 18)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 19)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 21)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 22)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 22)
    - Re: Npcap 0.04 call for test Graham Bloice (Aug 23)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 23)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 23)

(Thread continues...)