ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Npcap 0.04 call for test

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Mon, 24 Aug 2015 17:39:25 +0800
Hi Pascal,

"Medium in use" value corresponds to OID_GEN_MEDIA_IN_USE, not OID_GEN_PHYSICAL_MEDIUM, Just below "Medium in use" text, you can see "Physical medium" line, this one is related to OID_GEN_PHYSICAL_MEDIUM, and it's a "Unspecified" for Npcap Loopback Adapter, which I think is a suitable value.

I personally think data returned by OID_GEN_MEDIA_IN_USE should be identical with the one returned by OID_GEN_MEDIA_SUPPORTED for our loopback condition based on MSDN explanation, and it's "media" instead of "medium", so I think the display string should be modified to "Media in use" instead of "Medium in use".

Cheers,
Yang


On Mon, Aug 24, 2015 at 4:29 PM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


2015-08-24 10:19 GMT+02:00 Pascal Quantin <pascal.quantin@xxxxxxxxx>:
2015-08-24 3:38 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi list,

In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4 packet and 0x18, 0x00, 0x00, 0x00 for an IPv6 packet (tell me if you have better value for IPv6). The driver can return NdisMediumNull now for loopback interface. Wireshark seems to work now, one little issue is that in the "Characteristics" tab in loopback interface's "Interface Details", "Media supported" and "Medium in use" shows (0xffffffff) instead of a understandable string, this is because that the source code lacks the -1 to string mapping.

Latest installer is at:

Cheers,
Yang

Hi Yang,

any reason for not using NdisMediumLoopback that is defined since Vista according to https://msdn.microsoft.com/en-us/library/windows/hardware/ff565910%28v=vs.85%29.aspx ? Maybe it would make sense to switch to DLT_LOOPBACK in that case (in that case the packet type must be put in network order).
Note that Wireshark would still display the raw value: I'm gonna update the array.
Any reason for not making the NULL/loopback mode default instead of the fake ethernet header?

Cheers,
Pascal.


BTW for the "Medium in use" value (that corresponds to OID_GEN_PHYSICAL_MEDIUM) should not you report NdisPhysicalMediumUnspecified instead of -1?


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube