@Yang: It is not possible to get notifications of media state changes by the API which you proposed in your previous post. It provides only notifications about IP table changes. Am 04.02.2016 16:31 schrieb "Sven Kerschbaum" <[email protected]>:
> Hi Yang, > > thanks for providing me the detailed information about Npcap. I will > definitively have a look at it and try it. > > Cheers, > SK > > > 2016-02-04 13:04 GMT+01:00 食肉大灰兔V5 <[email protected]>: > >> Hi Sven, >> >> Npcap (https://github.com/nmap/npcap) has better performance because of >> NDIS 6. It also has several new features: >> >> >> 1. *NDIS 6 Support*: Npcap makes use of new LWF driver in Windows >> Vista and later (the legacy driver is used on XP). It's faster than the >> legacy *NDIS 5 Intermediate* >> >> <https://msdn.microsoft.com/en-us/library/windows/hardware/ff557012(v=vs.85).aspx> >> technique. >> One reason is that packet data stucture has changed (fromNDIS_PACKET >> to NET_BUFFER_LIST) since Vista and NDIS 5 needs to handle extra >> packet structure conversion. >> 2. *"Admin-only Mode" Support*: Npcap supports to restrict its use to >> Administrators for safety purpose. If Npcap is installed with the option >> *Restrict >> Npcap driver's access to Administrators only* checked, when a >> non-Admin user tries to start a user software (Nmap, Wireshark, etc), the >> *User >> Account Control (UAC)* >> >> <http://windows.microsoft.com/en-us/windows/what-is-user-account-control#1TC=windows-7> >> dialog >> will prompt asking for Administrator privilege. Only when the end user >> chooses Yes, the driver can be accessed. This is similar to UNIX >> where you need root access to capture packets. >> 3. *"WinPcap Compatible Mode" Support*: "WinPcap Compatible Mode" is >> used to decide whether Npcap should coexist With WinPcap or be compatible >> with WinPcap. With "WinPcap Compatible Mode" OFF, Npcap can coexist >> with WinPcap and share the DLL binary interface with WinPcap. So the >> applications unaware of Npcap *SHOULD* be able to use Npcap >> automatically if WinPcap is unavailable. The applications who knows >> Npcap's >> existence can choose to use Npcap or WinPcap first. The key about which is >> loaded first is *DLL Search Path* >> >> <https://msdn.microsoft.com/en-us/library/windows/desktop/ms682586(v=vs.85).aspx>. >> With "WinPcap Compatible Mode" OFF, Npcap installs its DLLs into >> C:\Windows\System32\Npcap\ instead of WinPcap's C:\Windows\System32\. >> So applications who want to load Npcap first must make >> C:\Windows\System32\Npcap\ precedent to other paths in ways such as >> calling*SetDllDirectory* >> <https://msdn.microsoft.com/en-us/library/ms686203.aspx>, etc. >> Another point is Npcap uses service name npcap instead of WinPcap's >> npf with "WinPcap Compatible Mode" OFF. So applications using net >> start npf for starting service must use net start npcap instead. If >> you want 100% compatibility with WinPcap, you should install Npcap >> choosing >> "WinPcap Compatible Mode" (Install Npcap in WinPcap API-compatible Mode). >> In this mode, Npcap will install its Dlls in WinPcap's >> C:\Windows\System32\and use the npf service name. It's notable that >> before installing in this mode, you must uninstall WinPcap first (the >> installer wizard will prompt you that). >> 4. *Loopback Packets Capture Support*: Now Npcap is able to see >> Windows loopback packets using *Windows Filtering Platform (WFP)* >> >> <https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx> >> technique. >> After installation, Npcap will create an adapter named Npcap Loopback >> Adapter for you. If you are a Wireshark user, choose this adapter to >> capture, you will see all loopback traffic the same way as other >> non-loopback adapters. Try it by typing in commands like ping >> 127.0.0.1 (IPv4) or ping ::1 (IPv6). >> 5. *Loopback Packets Send Support*: Besides loopback packets >> capturing, Npcap can also send out loopback packets based on *Winsock >> Kernel (WSK)* >> >> <https://msdn.microsoft.com/en-us/library/windows/hardware/ff556958(v=vs.85).aspx> >> technique. >> A user software (e.g. Nmap) can just send packets out using Npcap >> Loopback Adapter like other adapters. Npcap Loopback Adapter will >> automatically remove the packet's Ethernet header and inject the payload >> into Windows TCP/IP stack, so this kind of loopback packet never go out of >> the machine. >> >> >> I actually didn't add a function about making user software getting >> notified about media state changes. From my knowledge I don't know there's >> any support of such a function in libpcap. libpcap is an interface standard >> followed by WinPcap/Npcap. However, I think you can do it using native >> Windows APIs (like Receiving Notification of Network Events in >> https://msdn.microsoft.com/en-us/library/windows/desktop/aa366334(v=vs.85).aspx >> ). And if you have any improvement advice about Npcap, I will consider >> it:) >> >> >> Cheers, >> Yang >> >> >> On Thu, Feb 4, 2016 at 7:18 PM, Sven Kerschbaum <[email protected]> wrote: >> >>> Oh, I have to admit that I did not try it on an update to date Windows >>> 10 system... Thanks for the hint that this was only an issue in early >>> Windows 10 versions. >>> >>> I was also not aware of the Npcap. Thanks for pointing me to this fork! >>> How does Npcap differ from WinPcap with respect to performance, feature? At >>> least I am missing the possibility to get notified about media state >>> changes (connected, disconnected) in WinPcap. Does Npcap offer such a >>> functionality? >>> >>> Furthermore: Is WinPcap still under active development? Its last release >>> was in 2013. Or I am better advised to rely on Npcap? >>> >>> Thank you! >>> Best regards, >>> SK >>> >>> >>> >>> >>> 2016-02-04 11:08 GMT+01:00 Gisle Vanem <[email protected]>: >>> >>>> Sven Kerschbaum wrote: >>>> >>>> > is there already effort for getting WinPcap ready for Windows 10? As >>>> Pascal Quantin already pointed out WinPcap does not >>>> > run on Windows 10 due to the fact that the WinPcap driver is not an >>>> NDIS 6 driver. Please find more information here: >>>> > http://www.winpcap.org/pipermail/winpcap-users/2015-March/004936.html >>>> >>>> Really? All my WinPcap-based programs works fine here. >>>> From 'sigcheck c:\WINDOWS\sysnative\drivers\npf.sys': >>>> >>>> Verified: Signed >>>> Signing date: 02.49 01.03.2013 >>>> Publisher: Riverbed Technology >>>> Company: Riverbed Technology, Inc. >>>> Description: npf.sys (NT5/6 AMD64) Kernel Driver >>>> Product: WinPcap >>>> Prod version: 4.1.0.2980 >>>> File version: 4.1.0.2980 >>>> MachineType: 64-bit >>>> >>>> >>>> The version and 'Signing date' is in accordance with what's on >>>> winpcap.org. >>>> An also: >>>> >>>> F:\> windump -Dv >>>> 1. \Device\NPF_{E069AC87-4219-4F7E-9CA5-DE3FBA031CEF} Descr: >>>> Microsoft >>>> Addr 0: 10.0.0.11 (mask 255.255.255.0) >>>> MAC-addr: 00:18:4D:00:DE:17, MTU 1514, link-type 802.3 over >>>> Native802_11, DOWN, 54Mb/s (NDIS) >>>> >>>> 2. \Device\NPF_{990D25A5-6071-4C67-AC14-A5380B0FFDEC} Descr: >>>> Microsoft >>>> Addr 0: fe80::8089:b86f:1ef6:347e (mask ::) >>>> Addr 1: fe80::8089:b86f:1ef6:347e (mask ::) >>>> MAC-addr: 00:15:83:12:37:2F, MTU 1514, link-type 802.3 over >>>> Bluetooth, DOWN, 3Mb/s (NDIS) >>>> >>>> 3. \Device\NPF_{7BA27187-146B-4FB6-B4BA-DC5D218FB607} Descr: Realtek >>>> Ethernet Controller >>>> Addr 0: 10.0.0.10 (mask 255.255.255.0) >>>> MAC-addr: E0:3F:49:81:2E:EA, MTU 1514, link-type 802.3, UP, 100Mb/s >>>> (NDIS) >>>> >>>> -------------- >>>> >>>> I'm on Win 10. Version 1511 (OS-Build 10586.71). >>>> Windows 10 build 10041 (as mention in that mail) is pretty old. >>>> >>>> >>>> >>>> -- >>>> --gv >>>> _______________________________________________ >>>> Winpcap-users mailing list >>>> [email protected] >>>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>>> >>> >>> >>> _______________________________________________ >>> Winpcap-users mailing list >>> [email protected] >>> https://www.winpcap.org/mailman/listinfo/winpcap-users >>> >>> >> >> _______________________________________________ >> Winpcap-users mailing list >> [email protected] >> https://www.winpcap.org/mailman/listinfo/winpcap-users >> >> >
_______________________________________________ Winpcap-users mailing list [email protected] https://www.winpcap.org/mailman/listinfo/winpcap-users
