Wireshark-dev: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
Hi Pascal,
I just gave a quick test to 0.1-r2 version on my Windows 10 virtual machine.- I uninstalled WinPcap and installed Npcap in Winpcap mode without reboot. I got the same warning as Tyson regarding the upgrade of npf.sys file, presumably because yours as version 0.1.0.710 against Winpcap that uses version 4.1.0.2980. Maybe you should advice to reboot the PC after uninstalling Winpcap.
This is WinPcap's bug as it doesn't delete installed npf.sys file in system drivers directory. And Npcap's version 0.1.0.710 is smaller than WinPcap's 4.1.0.2980 as you said, so you can just choose overwrite the existed files, and I will advise this in next Npcap call for test.
- The loopback interface is still named 'Ethernet 2'. I run on Windows 10.0.10240 with French local in case this matters.
The version of Win10 I used before is 10102, so I just installed a Win10 10240 x64 Pro English (en_windows_10_pro_10240_x64_dvd.iso) on my virtual machine. I tried Npcap and the loopback interface was successfully renamed to "Npcap Loopback Adapter" (I mean the topmost name beside ncpa.cpl's icons). In fact, Npcap first uses "ver" command to decide whether it is run on a Win10 machine, if yes, Npcap will rename the adapter in the way only for Win10. When Npcap gets the "Microsoft Windows [Version 10.0.10240]" output string from "ver" command, it parses out the string after "Version " and before ".", so Npcap will get a "10", then Npcap thinks it is run on a Win10. GetVersionEx API doesn't work on Win10, so Npcap has to use this "not standard" way. But it should be reliable enough, as "ver" is a built-in command.
- After reboot, Wireshark could not see any interface. I doubled checked the driver state and saw that it was stopped. Manually starting it with 'sc npf start' command allowed Wireshark to see interfaces. After reboot the service does not start automatically.
I have already confirmed the bug that Npcap fails to start the driver when installation finishes. But it's weird for WIreshark to see no interfaces. Because as far as I know, Wireshark will try to start the npf service when it starts.
Cheers,
Yang
- Follow-Ups:
- Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- From: Pascal Quantin
- Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- References:
- [Wireshark-dev] Npcap 0.01 call for test (2nd)
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- From: Jim Young
- Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- From: Yang Luo
- Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- From: Pascal Quantin
- [Wireshark-dev] Npcap 0.01 call for test (2nd)
- Prev by Date: Re: [Wireshark-dev] Windows CMake, multiple copies of libffi-6.dll
- Next by Date: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- Previous by thread: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- Next by thread: Re: [Wireshark-dev] Npcap 0.01 call for test (2nd)
- Index(es):
- Get Wireshark
- Download
- Code of Conduct