If you want to debug the winpcap driver (npf.sys) you will need two machines
(or eventually a virtual machine supporting your device) and WinDbg for
kernel debugging.
Have a nice day
GV
----- Original Message -----
From: "Joshua (Shiwei) Zhao" <swzhao@xxxxxxxxx>
To: <winpcap-users@xxxxxxxxxxx>; "Developer support list for Wireshark"
<wireshark-dev@xxxxxxxxxxxxx>
Sent: Tuesday, September 01, 2009 5:54 PM
Subject: Re: [Wireshark-dev] [Winpcap-users] how Wireshark get linktype?
Is there a way to debug winpcap at runtime when Wireshark calls it?
Many thanks,
Joshua
On Tue, Sep 1, 2009 at 5:37 PM, Guy Harris<guy@xxxxxxxxxxxx> wrote:
On Sep 1, 2009, at 5:31 PM, Joshua (Shiwei) Zhao wrote:
2) Since I already set the driver to monitor mode, I thought winpcap
should return that as the default.
In fact, winpcap doesn't even return DLT_IEEE802_11_RADIO as an
option. It only gives the default linke types. That's why I wonder
whether there is compatibility issue between winpcap and the driver
and whether winpcap uses those two OIDs for linktype queries.
WinPcap knows nothing about monitor mode; it's a NDIS 5.x driver, and
there's no notion of "monitor mode" in NDIS 5.x. It also has no
notion of DLT_IEEE802_11_RADIO or even DLT_IEEE802_11, as there's no
notion of a device returning 802.11 headers in NDIS 5.x.
_______________________________________________
Winpcap-users mailing list
Winpcap-users@xxxxxxxxxxx
https://www.winpcap.org/mailman/listinfo/winpcap-users
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
