Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] Win10Pcap - WinPcap-compatible NDIS 6.x capture driver

From: Daiyuu Nobori <nobori.daiyu@xxxxxxxxx>
Date: Thu, 11 Jun 2015 01:48:25 +0900
Hi all,

Please let me introduce my WinPcap-compatible NDIS 6.x open source driver.

WinPcap is implemented in the NDIS 5.x driver model. The WinPcap dev
team seems not working recently to integrate the WinPcap kernel-mode
driver to NDIS 6.x driver model. As the result, recently WinPcap does
not work in some builds of Windows 10 correctly (while it does work in
some builds of Windows 10.) Additionally, WinPcap cannot capture 802.1Q
tagged VLAN headers received by NDIS 6.x NICs in Windows 7, 8 and 10.
I had desire to improve these problems with WinPcap.

As my personal project on my Ph.D course in the university (actually as
my hobby), I tried to write my own WinPcap-based and WinPcap-compatible
packet capture driver for Windows in the NDIS 6.x driver model.
I tested my implementation on some desktops and laptops with
Windows 10 beta builds, and my driver seems works quite well.
I also add the code to capture 802.1Q VLAN tags correctly.

Finally I named it 'Win10Pcap', prepared the installer package, and
released it on the GitHub repository, and on the web site as open source.
URLs are as below.
http://www.win10pcap.org/
https://github.com/SoftEtherVPN/Win10Pcap

I believe that Win10Pcap is complying with the NDIS 6.x driver model.
It can be expected to work well with Windows 10's future builds. It can
also capture 802.1Q tagged VLAN headers which original WinPcap drops.
I hope that my program would help someone who are in a trouble running
Wireshark in Windows 10 environments, or someone who has a hard-time
dealing with capturing tagged VLAN packets.

--
Daiyuu Nobori
Computer Science, University of Tsukuba, Japan