If you want to debug the winpcap driver (npf.sys) you will need two machines (or eventually a virtual machine supporting your device) and WinDbg for kernel debugging.
Have a nice day GV ----- Original Message ----- From: "Joshua (Shiwei) Zhao" <[email protected]> To: <[email protected]>; "Developer support list for Wireshark" <[email protected]> Sent: Tuesday, September 01, 2009 5:54 PM Subject: Re: [Wireshark-dev] [Winpcap-users] how Wireshark get linktype? Is there a way to debug winpcap at runtime when Wireshark calls it? Many thanks, Joshua On Tue, Sep 1, 2009 at 5:37 PM, Guy Harris<[email protected]> wrote: > > On Sep 1, 2009, at 5:31 PM, Joshua (Shiwei) Zhao wrote: > >> 2) Since I already set the driver to monitor mode, I thought winpcap >> should return that as the default. >> In fact, winpcap doesn't even return DLT_IEEE802_11_RADIO as an >> option. It only gives the default linke types. That's why I wonder >> whether there is compatibility issue between winpcap and the driver >> and whether winpcap uses those two OIDs for linktype queries. > > WinPcap knows nothing about monitor mode; it's a NDIS 5.x driver, and > there's no notion of "monitor mode" in NDIS 5.x. It also has no > notion of DLT_IEEE802_11_RADIO or even DLT_IEEE802_11, as there's no > notion of a device returning 802.11 headers in NDIS 5.x. > > _______________________________________________ > Winpcap-users mailing list > [email protected] > https://www.winpcap.org/mailman/listinfo/winpcap-users > ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe _______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
