Wireshark mailing list archives
Re: Npcap 0.01 call for test (2nd)
From: Yang Luo <hsluoyb () gmail com>
Date: Mon, 20 Jul 2015 19:07:10 +0800
Hi Pascal,
I just gave a quick test to 0.1-r2 version on my Windows 10 virtual machine. - I uninstalled WinPcap and installed Npcap in Winpcap mode without reboot. I got the same warning as Tyson regarding the upgrade of npf.sys file, presumably because yours as version 0.1.0.710 against Winpcap that uses version 4.1.0.2980. Maybe you should advice to reboot the PC after uninstalling Winpcap.
This is WinPcap's bug as it doesn't delete installed npf.sys file in system drivers directory. And Npcap's version 0.1.0.710 is smaller than WinPcap's 4.1.0.2980 as you said, so you can just choose overwrite the existed files, and I will advise this in next Npcap call for test.
- The loopback interface is still named 'Ethernet 2'. I run on Windows 10.0.10240 with French local in case this matters.
The version of Win10 I used before is 10102, so I just installed a Win10 10240 x64 Pro English (en_windows_10_pro_10240_x64_dvd.iso) on my virtual machine. I tried Npcap and the loopback interface was successfully renamed to "Npcap Loopback Adapter" (I mean the topmost name beside ncpa.cpl's icons). In fact, Npcap first uses "ver" command to decide whether it is run on a Win10 machine, if yes, Npcap will rename the adapter in the way only for Win10. When Npcap gets the "Microsoft Windows [Version 10.0.10240]" output string from "ver" command, it parses out the string after "Version " and before ".", so Npcap will get a "10", then Npcap thinks it is run on a Win10. GetVersionEx API doesn't work on Win10, so Npcap has to use this "not standard" way. But it should be reliable enough, as "ver" is a built-in command. [image: Inline image 1]
- After reboot, Wireshark could not see any interface. I doubled checked the driver state and saw that it was stopped. Manually starting it with 'sc npf start' command allowed Wireshark to see interfaces. After reboot the service does not start automatically.
I have already confirmed the bug that Npcap fails to start the driver when installation finishes. But it's weird for WIreshark to see no interfaces. Because as far as I know, Wireshark will try to start the npf service when it starts. Cheers, Yang
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Npcap 0.01 call for test (2nd) Yang Luo (Jul 18)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 18)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Tyson Key (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 20)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 21)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 19)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 18)