Wireshark · Wireshark-dev: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)

[Tyson Key <tyson.key@xxxxxxxxx>]

...and after rebooting, and reinstalling the various components using NPFInstall, and launching Wireshark, no interfaces are detected. However, after trying "sc start npf", and waiting a while, I'm greeted with another BSOD, of the same kind as last time:

==================================================

Dump File         : 071915-35687-01.dmp

Crash Time        : 19/07/2015 07:03:01 pm

Bug Check String  : BAD_POOL_CALLER

Bug Check Code    : 0x000000c2

Parameter 1       : 00000000`00000007

Parameter 2       : 00000000`00001200

Parameter 3       : 00000000`00000003

Parameter 4       : ffffe000`99fa1008

Caused By Driver  : tcpip.sys

Caused By Address : tcpip.sys+1c2180

File Description  : TCP/IP Driver

Product Name      : Microsoft® Windows® Operating System

Company           : Microsoft Corporation

File Version      : 6.3.9600.16384 (winblue_rtm.130821-1623)

Processor         : x64

Crash Address     : ntoskrnl.exe+150ca0

Stack Address 1   : 

Stack Address 2   : 

Stack Address 3   : 

Computer Name     : 

Full Path         : C:\WINDOWS\Minidump\071915-35687-01.dmp

Processors Count  : 4

Major Version     : 15

Minor Version     : 9600

Dump File Size    : 281,520

Dump File Time    : 19/07/2015 07:04:09 pm

==================================================

Tyson.

2015-07-19 17:05 GMT+01:00 Pascal Quantin <pascal.quantin@xxxxxxxxx>:

Hi Yang,

2015-07-19 15:55 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:

Hi Jim,

Thanks for testing!

On Sun, Jul 19, 2015 at 12:25 AM, Jim Young <jyoung@xxxxxxx> wrote:

Hello Yang,

Two comments on all for 2nd test.

1 - Should the name of the newer package reflect that this is a different Npcap package from the 1st one?  The 2nd package is named identical to the 1st one of npcap-nmap-0.01.exe.  The newly downloaded one was saved by the browser as npcap-nmap-0.01(1).exe to avoid clobbering the 1st one still in the Download folder.

 

From now on, I will use installer name such as npcap-nmap-0.01-r2.exe, which means revision 2 under version 0.01. I don't want to change version numbers, as current Npcap has many bugs and can't be released as a stable version yet.

 

2 - After uninstalling WinPcap, but not rebooting, I started installing the newest Npcap package but the new install is hung at the step:  

Execute: "C:\Program Files\Npcpa\NPFInstall.exe" -il

 

I have improved this part logic, plz test the latest installer:

https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01-r2.exe

This operation takes some time indeed, but should be less than 20s.

I just gave a quick test to 0.1-r2 version on my Windows 10 virtual machine.

- I uninstalled WinPcap and installed Npcap in Winpcap mode without reboot. I got the same warning as Tyson regarding the upgrade of npf.sys file, presumably because yours as version 0.1.0.710 against Winpcap that uses version 4.1.0.2980. Maybe you should advice to reboot the PC after uninstalling Winpcap.

- The loopback interface is still named 'Ethernet 2'. I run on Windows 10.0.10240 with French local in case this matters.

- After reboot, Wireshark could not see any interface. I doubled checked the driver state and saw that it was stopped. Manually starting it with 'sc npf start' command allowed Wireshark to see interfaces. After reboot the service does not start automatically.

I will try to test the WWAN capture beginning of next week.

Pascal.

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

--

                                          Fight Internet Censorship! http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon | 00447934365844