Wireshark mailing list archives

Re: Npcap 0.03 call for test

From: Tyson Key <tyson.key () gmail com>
Date: Tue, 28 Jul 2015 08:08:09 +0100

Hi Yang,

Thanks for looking into this.

I can't remember when/how I installed Win10PCap (guessing that I briefly
had a look, but couldn't get it to do anything on my machine, and just
removed it), but I'm using VMware Player 6.0.7 build-2844087 (haven't got
Workstation/Server installed); and I tried a dance of
upgrading/downgrading/upgrading my AR9485WB-EG WLAN driver (first by
downloading the package from
http://support.lenovo.com/us/en/downloads/ds032333, to take me from
10.0.0.242, to 10.0.0.75; and then using Device Manager's driver update
function, to take me to 3.0.1.155 (which I'm guessing is probably older
than 242 - I'm just guessing from the sketchy build dates) - which gave me
a different type of BSoD, initially, after starting Wireshark, but let me
capture traffic for a little while, after rebooting.

Here's all of the MiniDump summaries that I could find:

==================================================
Dump File         : 072715-31968-01.dmp
Crash Time        : 27/07/2015 07:02:32 pm
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff801`1be5d485
Parameter 3       : ffffd000`2324e980
Parameter 4       : 00000000`00000000
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-31968-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 07:03:33 pm
==================================================

==================================================
Dump File         : 072715-32078-01.dmp
Crash Time        : 27/07/2015 06:47:01 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000099
Parameter 2       : ffffe000`7d4b31b8
Parameter 3       : 00000000`00000000
Parameter 4       : 00000000`00000000
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+42856
File Description  : TCP/IP Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.16384 (winblue_rtm.130821-1623)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-32078-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 06:48:04 pm
==================================================

==================================================
Dump File         : 072715-32468-01.dmp
Crash Time        : 27/07/2015 06:34:37 pm
Bug Check String  : SYSTEM_SERVICE_EXCEPTION
Bug Check Code    : 0x0000003b
Parameter 1       : 00000000`c0000005
Parameter 2       : fffff801`962a446e
Parameter 3       : ffffd001`1bd0f980
Parameter 4       : 00000000`00000000
Caused By Driver  : ndis.sys
Caused By Address : ndis.sys+546e
File Description  : Network Driver Interface Specification (NDIS)
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.16384 (winblue_rtm.130821-1623)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-32468-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 06:35:48 pm
==================================================

==================================================
Dump File         : 072715-33859-01.dmp
Crash Time        : 27/07/2015 05:11:25 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`00000000
Parameter 4       : ffffe000`8d01cbf8
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-33859-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 05:12:34 pm
==================================================

==================================================
Dump File         : 072715-48062-01.dmp
Crash Time        : 27/07/2015 05:00:25 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`00000000
Parameter 4       : ffffe000`4bc1b4c8
Caused By Driver  : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+150ca0
File Description  : NT Kernel & System
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.17736 (winblue_r9.150322-1500)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   :
Stack Address 2   :
Stack Address 3   :
Computer Name     :
Full Path         : C:\WINDOWS\Minidump\072715-48062-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 27/07/2015 05:01:58 pm
==================================================

Frustratingly, since there are so many variables involved (unscientific
method!), it seems like I'm playing a Jenga game with trying to make this
work, since if I remove, or change something, it works for a little while,
and then crashes in a creative, new way. (And I don't want to reinstall
everything, since I don't have a disk big enough to back everything up). :(

I've uploaded a copy of the Nurago Web Meter to
https://dl.dropboxusercontent.com/u/670345/nurago%20web%20meter.exe, and I
seem to also have an older installer for it in my "Downloads" directory,
which may exercise the LSP architecture of WinSock differently.

The SYSTEM_SERVICE_EXCEPTION error is interesting, as it is one of the few
that reveals a problem in WinSock/NDIS...

I would try it in a virtual machine - but it wouldn't get us any closer to
diagnosing why it fails to work, with my not-so-unique configuration.

Tyson.

2015-07-28 7:27 GMT+01:00 Yang Luo <hsluoyb () gmail com>:



On Mon, Jul 27, 2015 at 10:42 PM, Tyson Key <tyson.key () gmail com> wrote:

After rebooting from uninstalling MS NetMon, I restarted Wireshark, and
got the usual "NPF service not running; no interfaces available" note. This
persists, even if I try "NPFInstall -r", and Wireshark still claims that no
interfaces are available.

"*NPFInstall -r*" isn't used in Npcap. "*NPF service not running; no
interfaces available*" is a common problem for Npcap previous versions.
And I think it should disappear if you have uninstalled previous versions
totally.

Eventually, after uninstalling NPCap, removing all of the loopback
interfaces, and running CCleaner to remove any residual registry data, and
then rebooting yet again, I could start Wireshark, and list the installed
interfaces - but unsurprisingly, a few moments later, I received another
BSoD.

If it helps, my Wireshark version is:

Version 1.99.8-492-g3f0f49d (v1.99.8rc0-492-g3f0f49d from master)

Copyright 1998-2015 Gerald Combs <gerald () wireshark org> and contributors.
License GPLv2+: GNU GPL version 2 or later <
http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango
1.36.8, with
WinPcap (unknown), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with
c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with
MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 22 2015), with
AirPcap.

Running on 64-bit Windows 8.1, build 9600, with locale English_United
Kingdom.1252, with Npcap version 0.01 (packet.dll version 0.03), based on
WinPcap version 4.1.3 (packet.dll version 4.1.0.3001), based on libpcap
version
1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without
AirPcap.
AMD A6-5200 APU with Radeon(TM) HD Graphics     (with SSE4.2), with
5577MB of
physical memory.


Built using Microsoft Visual C++ 12.0 build 31101

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.


I used Wireshark latest stable version: Version 1.12.6 (v1.12.6-0-gee1fce6
from master-1.12). But I don't think it makes a difference by using stable
version or development version, as its WinPcap related low-level code
rarely changed between these two versions.


Other than NetMon (which I've removed), the only other things that I
think could be causing a conflict are either the VMware host-only
networking filters; the networking components included with whatever
Bluetooth stack Lenovo shipped; the massive pile of hacks installed by the
Gacela component of "Nurago Web Meter", or my Atheros WLAN drivers (which
caused Acrylic Wi-Fi's NDIS filters to crash, when I briefly had that
installed, a while ago).


What version VMware are you using? Workstation or just Player? I used
VMware Workstation 11.1.2 build-2780323 on my host, but I didn't install it
on my test VM yet.


Cheers,
Yang

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org
?subject=unsubscribe




-- 
                                          Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Npcap 0.03 call for test Yang Luo (Jul 27)
- Re: Npcap 0.03 call for test Yang Luo (Jul 27)
  - Re: Npcap 0.03 call for test Tyson Key (Jul 27)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 27)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 27)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 27)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 27)
    - Re: Npcap 0.03 call for test Yang Luo (Jul 27)
    - Re: Npcap 0.03 call for test Yang Luo (Jul 27)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 28)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 28)
    - Re: Npcap 0.03 call for test Yang Luo (Jul 28)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 28)
    - Re: Npcap 0.03 call for test Tyson Key (Jul 28)
- Re: Npcap 0.03 call for test Pascal Quantin (Jul 29)