Wireshark-dev: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
From: Tyson Key <[email protected]>
Date: Sun, 19 Jul 2015 19:13:51 +0100
...and after rebooting, and reinstalling the various components using NPFInstall, and launching Wireshark, no interfaces are detected. However, after trying "sc start npf", and waiting a while, I'm greeted with another BSOD, of the same kind as last time:

Dump File         : 071915-35687-01.dmp
Crash Time        : 19/07/2015 07:03:01 pm
Bug Check String  : BAD_POOL_CALLER
Bug Check Code    : 0x000000c2
Parameter 1       : 00000000`00000007
Parameter 2       : 00000000`00001200
Parameter 3       : 00000000`00000003
Parameter 4       : ffffe000`99fa1008
Caused By Driver  : tcpip.sys
Caused By Address : tcpip.sys+1c2180
File Description  : TCP/IP Driver
Product Name      : Microsoft® Windows® Operating System
Company           : Microsoft Corporation
File Version      : 6.3.9600.16384 (winblue_rtm.130821-1623)
Processor         : x64
Crash Address     : ntoskrnl.exe+150ca0
Stack Address 1   : 
Stack Address 2   : 
Stack Address 3   : 
Computer Name     : 
Full Path         : C:\WINDOWS\Minidump\071915-35687-01.dmp
Processors Count  : 4
Major Version     : 15
Minor Version     : 9600
Dump File Size    : 281,520
Dump File Time    : 19/07/2015 07:04:09 pm


2015-07-19 17:05 GMT+01:00 Pascal Quantin <[email protected]>:
Hi Yang,

2015-07-19 15:55 GMT+02:00 Yang Luo <[email protected]>:
Hi Jim,

Thanks for testing!

On Sun, Jul 19, 2015 at 12:25 AM, Jim Young <[email protected]> wrote:
Hello Yang,

Two comments on all for 2nd test.

1 - Should the name of the newer package reflect that this is a different Npcap package from the 1st one?  The 2nd package is named identical to the 1st one of npcap-nmap-0.01.exe.  The newly downloaded one was saved by the browser as npcap-nmap-0.01(1).exe to avoid clobbering the 1st one still in the Download folder.

From now on, I will use installer name such as npcap-nmap-0.01-r2.exe, which means revision 2 under version 0.01. I don't want to change version numbers, as current Npcap has many bugs and can't be released as a stable version yet.
2 - After uninstalling WinPcap, but not rebooting, I started installing the newest Npcap package but the new install is hung at the step:  

Execute: "C:\Program Files\Npcpa\NPFInstall.exe" -il

I have improved this part logic, plz test the latest installer:

This operation takes some time indeed, but should be less than 20s.

I just gave a quick test to 0.1-r2 version on my Windows 10 virtual machine.
- I uninstalled WinPcap and installed Npcap in Winpcap mode without reboot. I got the same warning as Tyson regarding the upgrade of npf.sys file, presumably because yours as version against Winpcap that uses version Maybe you should advice to reboot the PC after uninstalling Winpcap.
- The loopback interface is still named 'Ethernet 2'. I run on Windows 10.0.10240 with French local in case this matters.
- After reboot, Wireshark could not see any interface. I doubled checked the driver state and saw that it was stopped. Manually starting it with 'sc npf start' command allowed Wireshark to see interfaces. After reboot the service does not start automatically.

I will try to test the WWAN capture beginning of next week.


Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844