Wireshark mailing list archives

Re: Npcap 0.04 call for test

From: Pascal Quantin <pascal.quantin () gmail com>
Date: Wed, 19 Aug 2015 00:09:09 +0200

Hi Yang,

like Jim, I confirm that this version is working fine both on my Windows 10
guest and host OS.

Cheers,
Pascal.

2015-08-18 18:22 GMT+02:00 Jim Young <jyoung () gsu edu>:

Hello Yang,


With Npcap 0.04-r3 the Npcap Loopback Adapter is again visible and usable
as a sniffable interface to Wireshark. [image: 😊]


I hope to do more extensive testing later today or tomorrow (especially
regarding throughput and packet drops).


I have a question regarding the encapsulation type for packets captured on
the Npcap Loopback Adapter.


Instead of supplying an ethernet header with the mac addresses of all
zeros, would it make more sense to supply a NULL/Loopback
encapsulation type to packets captured in the Npcap LoopBack Interface?


I've attached two small 4 packet traces.  One is taken on a Windows 8.1
system with the Npcap adapter.  This file has an encapsulation type of
ethernet with an ethernet header with all zero mac addresses.  The second
trace was taken on an OS X 10.10.4 system with a NULL/Loopback
encapsulation type.  For some fun take a look at Wireshark's
epan/dissectors/packet-null.c for some interesting comments about the magic
associated with loopback encapsulation detection.

Take care,

Jim Y.

------------------------------
*From:* wireshark-dev-bounces () wireshark org <
wireshark-dev-bounces () wireshark org> on behalf of Yang Luo <
hsluoyb () gmail com>
*Sent:* Tuesday, August 18, 2015 11:08
*To:* Developer support list for Wireshark
*Subject:* Re: [Wireshark-dev] Npcap 0.04 call for test

Hi Jim,

The log points to the same issue with Pascal, and please try the latest
installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r3.exe

Cheers,
Yang


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.04 call for test, (continued)
- - - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Yang Luo (Aug 24)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 24)
    - Re: Npcap 0.04 call for test Guy Harris (Aug 22)
    - Re: Npcap 0.04 call for test Pascal Quantin (Aug 18)