Re: Plan to make NPcap available for Wireshark

[Yang Luo <hsluoyb () gmail com>]

Good question, Graham. This is simply because WinPcap has taken the
System32\SysWow64
dirs and NPcap wants to coexist with WinPcap. As NPcap has the same file
names (wpcap.dll and packet.dll) for compatibility, we just can't put the
the-same-name files in the same folder with WinPcap. Though I personally
prefer the way to "Make NPcap and WinPcap mutually exclusive" (this needs
user softwares like Wireshark and Nmap nothing to change),  coexisting way
has also its benefits, and finally we chose the latter.

Cheers,
Yang

On Sun, Jul 5, 2015 at 1:28 AM, Graham Bloice <graham.bloice () trihedral com>
wrote:

> Out of interest why does NPcap not place its DLL's in System32\SysWow64 as
> that is on the standard DLL search path?
>
>
>
> On 4 July 2015 at 17:28, Yang Luo <hsluoyb () gmail com> wrote:
>
> > Hi Pascal, I hold the same opinion with you, because a user installing
> > NPcap implies that he wants to use it, I think I will make it this way:)
> >
> > Cheers,
> > Yang
> >
> > On Sat, Jul 4, 2015 at 6:07 PM, Pascal Quantin <pascal.quantin () gmail com>
> > wrote:
> >
> > > Le 4 juil. 2015 4:26 AM, "Yang Luo" <hsluoyb () gmail com> a écrit :
> > > > Hi list,
> > > >
> > > > Given that current Wireshark can't make use of NPcap because of the
> > > DLL search path problem mentioned in
> > > https://www.wireshark.org/lists/wireshark-dev/201506/msg00030.html, I'd
> > > like to make a patch for Wireshark. As it is a security consideration that
> > > Wireshark don't want to search the DLLs in the Windows way. My plan is to
> > > explicitly add the NPcap path to Wireshark's DLL search logic. NPcap uses
> > > the "C:\Windows\System32\NPcap" and "C:\Windows\SysWow64\NPcap" to store
> > > its DLLs (WinPcap uses "C:\Windows\System32" and "C:\Windows\SysWow64"
> > > directly). As it is a sub directory of System32 folder. Its access control
> > > policy is the same with System32, and there should be no security problem I
> > > think. The second question is if WinPcap and NPcap are both available in a
> > > system, which will be loaded first? I'd like to hear your opinions:)
> > > > Cheers,
> > > > Yang
> > >
> > > Hi Yang,
> > >
> > > As WinPcap is older and could be installed for other programs, on my
> > > side I would consider NPcap has having higher precedence and be loaded
> > > first.
> > >
> > > Best regards,
> > > Pascal.
> > >
> > >
> > > ___________________________________________________________________________
> > > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> > >              mailto:wireshark-dev-request () wireshark org
> > > ?subject=unsubscribe
> >
> >
> >
> > ___________________________________________________________________________
> > Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> > Archives:    https://www.wireshark.org/lists/wireshark-dev
> > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> >              mailto:wireshark-dev-request () wireshark org
> > ?subject=unsubscribe
>
>
>
> --
> Graham Bloice
> Software Developer
> Trihedral UK Limited
>
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe