Hi Yang,
Come to think of it, I got exactly the same BSoD error as Jim (
BAD_POOL_CALLER).
However, my configuration is different (I have a bunch of VMware
interfaces, and an Atheros AR9485WB-EG WLAN adaptor, which is also
semi-supported by Acrylic Wi-Fi - but BSoDs for a different reason (seems
to be related to NDIS drivers, with that)), and multiple loopback adaptors
were created on my machine (named "Microsoft KM-TEST Loopback Adaptor",
instead of "NPCap Loopback", if memory serves correctly).
Bizarrely, even after uninstalling NPCap, and replacing it with WinPCap,
these KM-TEST adaptors still persist across reboots:
[image: 埋め込み画像 1]
I assume that these are a side-effect of manually installing the .ini file,
after attempting to run the set-up tool ("npfinstall -r", "npfinstall -li",
and then "npfinstall -i") via a batch script with Administrator privileges.
I also found that although I could see packets containing a MAC address
with the mnemonic "LOOP", I could not capture any ICMP traffic, when trying
to ping 127.0.0.1, or ::1 (using both Microsoft Network Monitor, and
Wireshark - the latter of which would not detect any interfaces, after
reinstalling NPCap a few times, before eventually replacing it with
WinPCap, until I rebooted).
If I get time, I'm going to see if I can reproduce the BSoD, and try
writing down the steps involved.
Tyson.
2015-07-16 10:56 GMT+01:00 Yang Luo <[email protected]>:
> Hi Tyson,
>
> Thanks for testing Npcap and I already knew what to do about the service
> not start issue. It would be better if you can provide the BSOD issue
> reproduce steps because I never encountered this. I also encountered the
> connection loss problem sometimes, but it happens in a random way and I
> still don't know how to reproduce it.
>
> Cheers,
> Yang
>
>
> On Wed, Jul 15, 2015 at 7:03 PM, Tyson Key <[email protected]> wrote:
>
>> Hi Yang,
>>
>> Thank you for looking into implementing this. Sadly, I tried your package
>> on my Win8.1 x86-64 machine, and found that not only did the new NPF
>> service not start after uninstalling "real" WinPCap (running the
>> installation tool manually, with the -il, and -i options didn't seem to do
>> anything, until rebooting), and then your new NPCap in "compatibility
>> mode", I had problems connecting to my WLAN, after rebooting (and I also
>> received a BSOD, at one stage whilst trying to capture on multiple
>> interfaces).
>>
>> Unfortunately, I don't know if I can reproduce these issues, or provide
>> any logging information, this time - but if I get chance, I'll have another
>> look.
>>
>> Take care,
>>
>> Tyson.
>>
>> 2015-07-11 10:15 GMT+01:00 Yang Luo <[email protected]>:
>>
>>> Hi list,
>>>
>>> In order not to diverge with WinPcap interfaces, I have made a "WinPcap
>>> Mode" for Npcap, it uses the same system32 directory to put DLLs and has
>>> the same "npf" service and driver name. So it can be directly used in
>>> Wireshark without any patch.
>>>
>>> Another news is that I have finished Windows loopback packet capture
>>> feature in Npcap, Npcap will install an adapter named "Npcap Loopback
>>> Adapter". And I can see the loopback traffic using Wireshark now (See the
>>> attached pic). It seems to still have problems, like the "(no response
>>> found!)" in the ICMPv6 packets (ping ::1) in the pic. I don't know why
>>> Wireshark shows like this, perhaps you guys can provide me a clue.
>>>
>>> The latest Npcap installer is:
>>> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe
>>>
>>> I have tested this version Npcap under Wireshark 1.12.6 x64, in Windows
>>> 8.1 x64 and Windows Server 2016 TP2.
>>>
>>> Notice: You need to try it under Win7 and later, and no need to change
>>> the installation options, just click the "Next"s. Npcap installed in
>>> "WinPcap Mode" is exclusive with WinPcap, so you must uninstall WinPcap
>>> first (installer will prompt you this).
>>>
>>> The README is:
>>> https://github.com/nmap/npcap
>>>
>>> The implementation internal about loopback traffic feature is:
>>> http://seclists.org/nmap-dev/2015/q3/35
>>>
>>>
>>> Cheers,
>>> Yang
>>>
>>>
>>> ___________________________________________________________________________
>>> Sent via: Wireshark-dev mailing list <[email protected]>
>>> Archives: https://www.wireshark.org/lists/wireshark-dev
>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>>> mailto:[email protected]
>>> ?subject=unsubscribe
>>>
>>
>>
>>
>> --
>> Fight Internet Censorship!
>> http://www.eff.org
>> http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
>> 00447934365844
>>
>>
>> ___________________________________________________________________________
>> Sent via: Wireshark-dev mailing list <[email protected]>
>> Archives: https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>> mailto:[email protected]
>> ?subject=unsubscribe
>>
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <[email protected]>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:[email protected]
> ?subject=unsubscribe
>
--
Fight Internet Censorship!
http://www.eff.org
http://vmlemon.wordpress.com | Twitter/FriendFeed/Skype: vmlemon |
00447934365844
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
