Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Npcap 0.04 call for test

From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Mon, 17 Aug 2015 08:55:36 +0800
Hi Pascal,

Thanks for test. It's my typo mistake for the BSoD word, what I meant is the loopback interface didn't show problem, in fact they share the same cause. Because I didn't handle the error correctly in 0.03 r5 and r6, so it turns to a BSoD.


On Sun, Aug 16, 2015 at 11:55 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


Le 16 août 2015 3:39 PM, "Pascal Quantin" <pascal.quantin@xxxxxxxxx> a écrit :
>
> Hi Yang,
>
> 2015-08-16 14:18 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
>>
>> Hi Pascal,
>>
>> I think this BSoD is caused by the Winsock Kernel init code in Npcap driver (NPF_WSKStartup call or NPF_WSKInitSockets call failed). I can't reproduce it on my Win8.1 VM, Win10 VM and Win10 physical host. I used VMware Workstation 11.1.2 for my VMs. I don't know which type your VM is? There shouldn't be pretty much hardware difference between VMs. What special software has you installed on your VM? The boldest idea is that you provide a VM image that occurs this problem if you like.
>
>
> I'm running a Windows 10 x64 VM running on Virtualbox 5.0 (with extension pack) with just Wireshark 1.99.9 development version and Nmap installed. No other specific software installed. In the VM system settings, I have checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2 processors. The network adapter is using the default setting (NAT).
> The VM is 41Gb so I will not be able to upload it unfortunately. But maybe you could reproduce it with Virtualbox instead of VMware?

I have the latest VirtualBox 5.0.2 r102096 installed on my Win10 x64 host, installed Win10 x64 VM on it, with Wireshark 1.99.8 and Npcap 0.04. I also checked IO-APIC, PAE/NX, VT-x/AMD-V and nested paging options with 2 processors. Network is default NAT. But the result turns out that I could see and capture on the Npcap loopback adapter, everything is fine. I think maybe you'd like to upgrade your VirtualBox to latest 5.0.2 to see what happens. If this isn't fixed, perhaps a brand new VM is needed.
 

I just gave a try to Npcap 0.04 on a Windows 10 x64 host and everything is working fine (no BSoD, loop back interface present and capturing data). So it could be a bug on VirtualBox side (I just saw that they released version 5.0.2 and claim that Windows 10 is not officially supported yet due to issues remaining) .

I noticed that, in fact my VirtualBox VM just crashed when I dragged and dropped a file from host to it, so it should still has compatibility issue with Win10. But like what I mentioned above, Npcap seems to be already compatible with VirtualBox on Win10 VM for latest 5.0.2 version.
 

The ultimate test will be on the Windows 7 PC that was crashing before but I cannot give it a try before the 1st of September.
BTW Npcap 0.04 still reports version 0.03 in the version string retrieved by Wireshark.


I have confirmed the wrong 0.03 version still shows, which will be fixed on next release.


Cheers,
Yang