2015-07-24 15:14 GMT+02:00 Yang Luo <[email protected]>: > Hi Parscal, > > I think I have added the "flpp4" and "flpp6" to Npcap, but I don't know if > this works, you could try latest installer: > https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.02-r3.exe >
Hi Yang, I can see the interface listed now. I will not be able to try capturing traffic before next Thursday unfortunately as I'm traveling. Regards, Pascal. > > On Thu, Jul 23, 2015 at 4:18 PM, Pascal Quantin <[email protected]> > wrote: > >> >> >> 2015-07-22 21:39 GMT+02:00 Pascal Quantin <[email protected]>: >> >>> >>> >>> 2015-07-22 18:25 GMT+02:00 Yang Luo <[email protected]>: >>> >>>> Hi Pascal, >>>> >>>> On Wed, Jul 22, 2015 at 11:33 PM, Pascal Quantin < >>>> [email protected]> wrote: >>>> >>>>> >>>>> I just gave a try to this new installer: >>>>> - still my rename issue of the loop back installer (as expected ;)). >>>>> Is there some debug log / test I could do on my side? I will double check >>>>> if the rename works fine on a French Win 7. >>>>> >>>> I think I perhaps know why this doesn't work on your French Win10. It >>>> can be language related. Because the Win10 renaming way uses string parsing >>>> again. This is the mechanism: >>>> 1) First Npcap runs "netsh.exe interface show interface" to get all >>>> interfaces before install "Npcap Loopback Adapter", you will get something >>>> like below in English language (but I don't know if my code adapts to >>>> French, this is the key point). >>>> Admin State State Type Interface Name >>>> >>>> ------------------------------------------------------------------------- >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet1 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet8 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet2 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet3 >>>> Enabled Connected Dedicated Wi-Fi >>>> Disabled Disconnected Dedicated Ethernet >>>> >>>> Npcap will parse this output to get all interface names, the method is >>>> first going to the third line, then find the line feed char '\n', if '\n' >>>> found, then reverse-find the two continuous space char " ". Then we can >>>> get a name like "VMware Network Adapter VMnet1", the same for other names. >>>> Save them to a vector<string>. >>>> >>>> 2) After "Npcap Loopback Adapter" installed, Npcap will run "netsh.exe >>>> interface show interface" again, to get the updated interface list, like >>>> below: >>>> Admin State State Type Interface Name >>>> >>>> ------------------------------------------------------------------------- >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet1 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet8 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet2 >>>> Enabled Connected Dedicated VMware Network Adapter >>>> VMnet3 >>>> Enabled Connected Dedicated Wi-Fi >>>> Disabled Disconnected Dedicated Ethernet >>>> Enabled Connected Dedicated Ethernet 2 >>>> >>>> We can get another vector<string> from above output, compare these two >>>> vectors, find the new name, which is "Ethernet 2". >>>> >>>> 3) Then Npcap will rename this new adapter using "netsh.exe interface >>>> set interface name=\"%s\" newname=\"%s\", the first %s is previous >>>> "Ethernet 2", and the second %s is "Npcap Loopback Adapter". >>>> >>>> So I think this way possibly fail in a different language system than >>>> English, because the output of "netsh.exe interface show interface" can be >>>> language specific. You can try these commands manually to see whether this >>>> method works. >>>> >>> >>> Indeed the command output is localized. Before installing Npcap, I have: >>> État admin État Type Nom de l'interface >>> ------------------------------------------------------------------------- >>> Activé Connecté Dédié Ethernet >>> >>> After the installation, I have: >>> État admin État Type Nom de l'interface >>> ------------------------------------------------------------------------- >>> Activé Connecté Dédié Ethernet >>> Activé Connecté Dédié Ethernet 2 >>> >>> Executing manually the command netsh.exe interface set interface >>> name="Ethernet 2" newname="Npcap Loopback Adapter" >>> does work. >>> >>> >>>> - driver can be started after reboot (manually or with Wireshark) >>>>> >>>> Good for this. >>>> >>>> >>>>> - for those having User Account Control activated, you need to start >>>>> Wireshark as administrator (even without restricting Npcap to admin during >>>>> installation) to have the driver started. Unfortunate... If this is the >>>>> loopback adapter that triggers the issue at startup, should its >>>>> installation be optional? >>>>> >>>> I don't know whether there are many people using Wireshark in a >>>> non-Admin privilege? If yes, then I think the lacking boot start support >>>> needs a solution. Making loopback code optional is kind of difficult, >>>> because its code is deep in the driver and has tight connection with other >>>> parts. >>>> >>>> >>>>> - I finally got the opportunity to test with a MBIM WWAN device (long >>>>> due task on my side ;)). The interface is not listed unfortunately. >>>>> >>>> This is weird, because in the driver's INF file, I have specified: >>>> HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, wlan, >>>> bluetooth, ndis5, vwifi, nolower" >>>> It should have includes WAN interfaces. Perhaps you would like to find >>>> out if this WAN device has appeared in registry, because Npcap or WinPcap >>>> only sees interfaces that appears in registry, registry path is: >>>> \\HKLM\\System\\CurrentControlSet\\Control\\Class\\{4D36E972-E325-11CE-BFC1-08002BE10318}. >>>> >>> >>> I will try to get my hands on the PC again (gave it back to my >>> colleague) to verify this. >>> >>> >> >> I got access to the PC. There are 2 Mobile Broadband interfaces being >> listed on the PC and not seen by Npcap. You will find attached the >> corrresponding registry key dumps. >> >> Cheers, >> Pascal. >> >> >>>> >>>> Cheers, >>>> Yang >>>> >>>> >>>> >>>> ___________________________________________________________________________ >>>> Sent via: Wireshark-dev mailing list <[email protected]> >>>> Archives: https://www.wireshark.org/lists/wireshark-dev >>>> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >>>> mailto:[email protected] >>>> ?subject=unsubscribe >>>> >>> >>> >> >> >> ___________________________________________________________________________ >> Sent via: Wireshark-dev mailing list <[email protected]> >> Archives: https://www.wireshark.org/lists/wireshark-dev >> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev >> mailto:[email protected] >> ?subject=unsubscribe >> > > > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <[email protected]> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev > mailto:[email protected] > ?subject=unsubscribe >
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
