or a large
amount of calling I think.
Cheers,
Yang
On Sat, Oct 8, 2016 at 1:37 PM, Yang Luo wrote:
> Hi Guy,
>
> Thanks for the clarification! I still have one question.
>
> *I can't find a way to check which 802.11 operation modes an adapter
> supports without querying OID
rris wrote:
> On Oct 7, 2016, at 8:20 AM, Yang Luo wrote:
>
> > What value should PacketGetNetType() return for a wireless adapter?
> NdisMedium802_3 or NdisMediumRadio80211?
> >
> > This value reflects on Wireshark Capture Options's "Link-layer header",
c it is provided is raw 802.11.
The two interface implementation doesn't have this issue. Because the
"standard" interface can have the *NdisMedium802_3 *link-layer header, and
the "wifi" interface can have *NdisMediumRadio80211.*
Cheers,
Yang
On Fri, Oct 7, 2016 at
Hi list,
I'm working on the new raw 802.11 capture feature with Npcap on Windows
these days. This new raw 802.11 feature doesn't need to install different
versions of Npcap to turn on/off the raw 802.11 mode. In Wireshark, Npcap
will provide two interfaces which can be chosen for each wireless ada
I have released Npcap 0.09 r12 which has this issue fixed. Please try it at:
https://github.com/nmap/npcap/releases
Thanks!
Cheers,
Yang
On Thu, Sep 15, 2016 at 11:59 AM, Guy Harris wrote:
> On Sep 14, 2016, at 8:20 PM, Guy Harris wrote:
>
> > I'll fix this up; for now, just keep using 24 -
Hi Guy,
Thanks! If we choose to change libpcap, I think both Wireshark and Npcap
driver are not required to be modified any more then. I will test it when
the code is submitted:)
Cheers,
Yang
On Thu, Sep 15, 2016 at 11:20 AM, Guy Harris wrote:
> On Sep 13, 2016, at 10:03 PM, Yang Luo wr
Hi list,
We currently found an issue about the DLT_NULL (thanks to Dan): the pcap
filters do not work for IPv6 traffic over Npcap Loopback Adapter (with
DLT_NULL option enabled). If I specify a filter like "ip6" in Wireshark and
capture on Npcap Loopback Adapter, it turns out that there won't be a
Hi list,
I recently got an issue about Npcap's Admin-only mode. It's actually a
pretty old question:
I updated to the latest available release (Npcap 0.07 r17) and checked the
> option to only allow > admin user to use it. When starting Wireshark, I had
> about 10 requests one after the other fro
Hi list,
In the past few months, Npcap (https://github.com/nmap/npcap) has gone
through many versions to reach a relatively stable release now (Npcap 0.07
R9). An obvious clue is that there're no such many BSoDs found as before,
nearly only one BSoD-level bug for a month. Also we have got nearly a
Hi Pascal,
On Sat, Jun 4, 2016 at 3:08 AM, Pascal Quantin
wrote:
> Hi Yang,
>
> 2016-06-03 18:28 GMT+02:00 Pascal Quantin :
>
>>
>> Le 3 juin 2016 18:24, "Yang Luo" a écrit :
>> >
>> > Hi Pascal,
>> >
>> > On Fri, Jun 3,
Hi Gerald,
On Sat, Jun 4, 2016 at 12:05 AM, Gerald Combs wrote:
> On 6/3/16 8:03 AM, Yang Luo wrote:
> > Hi list,
> >
> > I made a post on this list several months ago about compile errors of
> > Wireshark on Windows:. http://seclists.org/wireshark/2015/Dec/125
>
Hi Pascal,
On Fri, Jun 3, 2016 at 11:12 PM, Pascal Quantin
wrote:
> Hi Yang
>
> 2016-06-03 17:03 GMT+02:00 Yang Luo :
>
>> Hi list,
>>
>> I made a post on this list several months ago about compile errors of
>> Wireshark on Windows:. http://seclists.org/wir
Hi list,
I made a post on this list several months ago about compile errors of
Wireshark on Windows:. http://seclists.org/wireshark/2015/Dec/125
The errors are something like:
91>J:\github_repos\wireshark-win64-libs\gtk2\include\glib-2.0\gobject/gsignal.h:
warning C4819: The file contains a char
Or is there any USB adapter that acts exactly like a built-in wireless
adapter (uses NDIS miniport as the driver) and supports features like
monitor mode, channel setting, etc. So I can buy one for development.
Cheers,
Yang
On Mon, May 30, 2016 at 11:51 PM, Yang Luo wrote:
> Hi list,
&g
Hi list,
I have switched to a new laptop as my workstation (the original one is
inaccessable any more). The wireless card is:
Intel(R) Dual Band Wireless-AC 3165
Unfortunately, I found I can't switch to monitor mode on this machine using
my WlanHelper.exe tool.
--
Hi Guy,
On Wed, May 25, 2016 at 2:05 AM, Guy Harris wrote:
> On May 20, 2016, at 6:46 PM, Yang Luo wrote:
>
> > On Sat, May 21, 2016 at 3:28 AM, Guy Harris wrote:
> >> On May 18, 2016, at 11:41 AM, Yang Luo wrote:
> >>
> >>> I just released Npcap 0.
Hi Guy,
On Sat, May 21, 2016 at 3:28 AM, Guy Harris wrote:
> On May 18, 2016, at 11:41 AM, Yang Luo wrote:
>
> > I just released Npcap 0.07 R4:
> > https://github.com/nmap/npcap/releases
> >
> > This version Npcap already supports monitor mode setting using W
Hi list,
I just released Npcap 0.07 R4:
https://github.com/nmap/npcap/releases
This version Npcap already supports monitor mode setting using Wireshark
GUI or command line.
1) For GUI, if you check the "Capture packets in monitor mode" option in
"Edit Interface Settings", your adapter will turn
sidering that most of wireless adapters support monitor mode (at
least I didn't know anyone said his adapter doesn't support it), we can
just safely return TRUE in pcap_can_set_rfmon_win32() for any wireless
adapter. So the "Query" OID request is no longer needed.
Cheers,
Yang
Hi Gerald,
My wiki username is YangLuo, please add me to the editor. I want to modify
the Loopback and WLAN pages in the future. Thanks!
Cheers,
Yang
On Tue, May 17, 2016 at 10:53 AM, Gerald Combs wrote:
> Due to the high volume of spam we have received on wiki.wireshark.org
> recently I hav
Hi list,
I'm using Wireshark 2.1.0-3054-gad4d0b8. I found that after I made
pcap_can_set_rfmon() function in Npcap always return 1. The Capture
Interfaces window still shows "n/a" in "Monitor Mode" column.
J:\npcap\wpcap\libpcap\pcap.c:
/*
* Returns 1 if rfmon mode can be set on the pcap_t, 0 i
Hi Guy, Alexis,
I have seen the monitor mode column in the latest development
version: Wireshark-win64-2.1.0-3054-gad4d0b8.exe. Thanks!
Cheers,
Yang
On Mon, May 16, 2016 at 4:32 AM, Guy Harris wrote:
> On May 15, 2016, at 10:49 AM, Yang Luo wrote:
>
> > On Sun, May 15, 2016 at
Hi Guy,
On Sun, May 15, 2016 at 4:29 AM, Guy Harris wrote:
> On May 9, 2016, at 9:31 AM, Yang Luo wrote:
>
> > I want to enable monitor mode column for Windows. Based on this post:
> https://www.wireshark.org/lists/wireshark-dev/201601/msg2.html, we
> need to undefine
Hi, are there any updates on this issue?
Cheers,
Yang
On Tue, May 10, 2016 at 12:31 AM, Yang Luo wrote:
> Hi list,
>
> I want to enable monitor mode column for Windows. Based on this post:
> https://www.wireshark.org/lists/wireshark-dev/201601/msg2.html, we
> need
Hi list,
I want to enable monitor mode column for Windows. Based on this post:
https://www.wireshark.org/lists/wireshark-dev/201601/msg2.html, we need
to undefine the HAVE_PCAP_OPEN macro when building Wireshark for Windows.
As Guy said, it seems that the drawback for this patch is acceptable
Hi list,
I'm adding set wireless adapter operation mode function to WlanHelper tool
(shipped with Npcap). I called PacketRequest in packet.dll to do the OID
setting and getting.
The code is here:
https://github.com/nmap/npcap/blob/master/packetWin7/WlanHelper/WlanHelper/Tool.cpp#L257-L301
My sys
Hi Guy,
On Wed, Apr 27, 2016 at 11:33 AM, Guy Harris wrote:
> On Apr 24, 2016, at 8:33 PM, Yang Luo wrote:
>
> > On Mon, Apr 25, 2016 at 7:56 AM, Guy Harris wrote:
> >> On Apr 19, 2016, at 7:24 PM, Yang Luo wrote:
> >>
> >>> First there's a
Hi Graham,
On Wed, Apr 27, 2016 at 1:40 AM, Graham Bloice
wrote:
>
>
> On 25 April 2016 at 04:33, Yang Luo wrote:
>
>> Hi Guy,
>>
>> On Mon, Apr 25, 2016 at 7:56 AM, Guy Harris wrote:
>>
>>> On Apr 19, 2016, at 7:24 PM, Yang Luo wrote:
>>&g
Hi Guy,
On Mon, Apr 25, 2016 at 7:56 AM, Guy Harris wrote:
> On Apr 19, 2016, at 7:24 PM, Yang Luo wrote:
>
> > First there's a little background here: Npcap uses a build-time
> configuration to choose whether the driver sees fake Ethernet packets or
> raw 802.11 p
7;s possible. I don't know how NWIFI gets the needed
parameters to fill in the blanks when doing the translation from fake
Ethernet to 802.11.
Any ideas? Thanks.
Cheers,
Yang
On Wed, Apr 20, 2016 at 12:34 AM, Guy Harris wrote:
> On Apr 19, 2016, at 7:09 AM, Yang Luo wrote:
>
>
On Tue, Apr 19, 2016 at 8:35 PM, Dario Lombardo wrote:
>
>
> On Tue, Apr 19, 2016 at 1:44 PM, Yang Luo wrote:
>
>>
>> I found I can push using https, but the reminds me it lacks change-id.
>>
>> I'm not sure I got your point, but you can get rid of a
Hi list,
There is an opinion that packet capture library should provide:
1) fake Ethernet packets on managed mode
2) 802.11 packets on monitor mode.
And Npcap currently can supply Radiotap + 802.11 headers for packets
captured on wireless adapter for managed mode. Whether supplying 802.11 or
not
types (probably encrypted ones) although the actual
payload has been decrypted by the NIC. So you can see the plaintext
contents in the hex dump but the dissection says just "Data".
So it seems that Wireshark doesn't quite support option 3)?
On Tue, Apr 19, 2016 at 10:07 PM, Yang Luo
simplifies a lot
> of Gerrit\git interactions.
>
> On 19 April 2016 at 12:44, Yang Luo wrote:
>
>> Hi all,
>>
>> I found I can push using https, but the reminds me it lacks change-id.
>> I fnished cloning via https and got this done:)
>>
>> My patch is:
> the https one.
>
> On Tue, Apr 19, 2016 at 1:02 PM, Yang Luo wrote:
>
>> Hi Dario,
>>
>> I got this error.
>>
>> J:\github_repos\wireshark>git push ssh://
>> yang...@code.wireshark.org:29418/wireshark
>> HEAD:refs/for/master/dot11-support-on
eful to check that the github repo is aligned to master as you
> expect.
>
> But if you're experiencing problems downloading from wireshark, it is very
> likely that you will have issues uploading to it.
> Dario.
>
> On Tue, Apr 19, 2016 at 10:45 AM, Yang Luo wrote:
>
&g
> https://yang...@code.wireshark.org/review/wireshark (may be you need to
> generated a HTTP password on Gerrit Option)
>
> On Tue, Apr 19, 2016 at 10:45 AM, Yang Luo wrote:
>
>> Hi list,
>>
>> I want to submit a patch to Wireshark. I'm using SmartGit on Win10.
Hi list,
I want to submit a patch to Wireshark. I'm using SmartGit on Win10. My
location is Beijing. I followed the guide here:
https://wiki.wireshark.org/Development/SubmittingPatches
And I always fails this step:
git clone ssh://yang...@code.wireshark.org:29418/wireshark
Because the speed is 20
April 2016 at 11:01, Graham Bloice
> wrote:
>
>>
>>
>> On 14 April 2016 at 01:07, Yang Luo wrote:
>>
>>> Hi Graham,
>>>
>>> On Thu, Apr 14, 2016 at 12:50 AM, Graham Bloice <
>>> graham.blo...@trihedral.com> wrote:
>>>
Hi Guy,
On Thu, Apr 14, 2016 at 5:41 AM, Guy Harris wrote:
> On Apr 12, 2016, at 9:57 PM, Yang Luo wrote:
>
> > On Wed, Apr 13, 2016 at 10:11 AM, Guy Harris wrote:
> >
> >> On Apr 12, 2016, at 6:27 PM, Yang Luo wrote:
> >>
> >>> The even I don&
Hi Gianluca,
On Thu, Apr 14, 2016 at 2:06 AM, Gianluca Varenni <
gianluca.vare...@riverbed.com> wrote:
> The underlying problem is integrating remote capture support, I don’t know
> what the latest is there.
>
I didn't touch that part of code before. It seems to be a Windows-only
feature.
>
>
Hi Graham,
On Thu, Apr 14, 2016 at 12:50 AM, Graham Bloice wrote:
>
>
> On 13 April 2016 at 17:26, Yang Luo wrote:
>
>> Hi Graham,
>>
>> On Wed, Apr 13, 2016 at 6:11 PM, Graham Bloice <
>> graham.blo...@trihedral.com> wrote:
>>
>&g
Hi Graham,
On Wed, Apr 13, 2016 at 6:11 PM, Graham Bloice
wrote:
>
>
> On 13 April 2016 at 06:07, Yang Luo wrote:
>
>> Hi Guy,
>>
>> As you know, Npcap/WinPcap is currently based on libpcap 1.0 branch
>> 1_0_rel0b (20091008), which is a very old version.
&g
, 2016 at 10:23 AM, Guy Harris wrote:
> On Apr 12, 2016, at 6:39 PM, Yang Luo wrote:
>
> > On Wed, Apr 13, 2016 at 1:47 AM, Alexis La Goutte <
> alexis.lagou...@gmail.com> wrote:
> >
> >> Awesome !
> >>
> >> Need to include support of directly sw
Hi Guy,
On Wed, Apr 13, 2016 at 10:11 AM, Guy Harris wrote:
> On Apr 12, 2016, at 6:27 PM, Yang Luo wrote:
>
> > The even I don't switch on Monitor Mode,
>
> Monitor mode is off, but you're getting 802.11 headers?
>
Yeah. Maybe this is a difference between Wind
Hi Alexis,
On Wed, Apr 13, 2016 at 1:47 AM, Alexis La Goutte wrote:
>
>
> On Tue, Apr 12, 2016 at 7:53 AM, Yang Luo wrote:
>
>> Hi list,
>>
>> I have enabled 802.11 control and management frames capture on Windows
>> using Npcap. I found that the Be
Hi Guy,
On Wed, Apr 13, 2016 at 1:01 AM, Guy Harris wrote:
> On Apr 12, 2016, at 12:06 AM, Yang Luo wrote:
>
> > So the question is how to determine if the 802.11 packet has FCS or not?
> >
> > In that capture file, I found that only Beacon (like Frame 40) and
> R
Hi Graham,
This way works! Thanks!
Cheers,
Yang
On Tue, Apr 12, 2016 at 4:30 PM, Graham Bloice
wrote:
>
>
> On 12 April 2016 at 06:53, Yang Luo wrote:
>
>> Hi list,
>>
>> I have enabled 802.11 control and management frames capture on Windows
>> using N
ss adapter, this behavior
might change. And it's inappropriate for Npcap to parse the contents of a
packet so deep.
Cheers,
Yang
On Tue, Apr 12, 2016 at 2:18 PM, Guy Harris wrote:
> On Apr 11, 2016, at 10:53 PM, Yang Luo wrote:
>
> > I'm not an expert of 802.11 protoco
Hi list,
I have enabled 802.11 control and management frames capture on Windows
using Npcap. I found that the Beacon frames are marked as "Malformed
Packet" by Wireshark 2.0.2.
The false trace of the No. 40 packet is here:
(BTW, is there any simple copy text method for a packet in Wireshark, like
Hi Guy,
On Sun, Apr 10, 2016 at 10:22 AM, Guy Harris wrote:
> On Apr 9, 2016, at 7:15 PM, Yang Luo wrote:
>
> > And there's also a truncation from usDataRateValue (16 bits) to Radiotap
> "Rate" field (8 bits). I hope a direct assignment is OK:
> > *((UCHAR*
Hi Guy,
On Sun, Apr 10, 2016 at 2:53 AM, Guy Harris wrote:
> On Apr 9, 2016, at 9:11 AM, Yang Luo wrote:
>
> > On Sat, Apr 9, 2016 at 5:33 PM, Guy Harris wrote:
> >> On Apr 9, 2016, at 1:09 AM, Yang Luo wrote:
> >>
> >>> However, most information
x27;s somewhat meaningful too.
AFAIK, the radiotap feature is finished now. The software is:
https://github.com/nmap/npcap/releases/download/v0.06-r14/npcap-nmap-0.06-r14-wifi2.exe
Cheers,
Yang
On Sat, Apr 9, 2016 at 3:32 PM, Guy Harris wrote:
> On Apr 8, 2016, at 9:25 P
Hi Guy,
On Sat, Apr 9, 2016 at 5:33 PM, Guy Harris wrote:
> On Apr 9, 2016, at 1:09 AM, Yang Luo wrote:
>
> > However, most information of the radiotap header is zero like below. The
> most commonly seen TSFT field (I thought) is not there. Although I didn't
> implement
s,
Yang
On Sat, Apr 9, 2016 at 3:39 PM, Guy Harris wrote:
> On Apr 9, 2016, at 12:24 AM, Yang Luo wrote:
>
> > I have added Radiotap header to Windows. Currently only Flags, Channel
> and Antenna Signal are supported.
> >
> > The whole header with Radiotap data is 14
Hi list,
I have added Radiotap header to Windows. Currently only Flags, Channel and
Antenna Signal are supported.
The whole header with Radiotap data is 14 bytes:
8 bytes header + 1 byte Flags + 4 bytes Channel + 1 byte Antenna Signal.
This looks good to me. But Wireshark 2.0.2 warns like below
Hi Guy,
On Thu, Apr 7, 2016 at 9:37 AM, Guy Harris wrote:
> On Apr 6, 2016, at 5:41 PM, Yang Luo wrote:
>
> > I wonder why this mail went to my spam.. I don't know anything about
> radiotap header so I'm afraid i'm not supplying it.
>
> It's a way to
the alike
manner as other systems.
Cheers,
Yang
On Thu, Apr 7, 2016 at 9:37 AM, Guy Harris wrote:
> On Apr 6, 2016, at 5:41 PM, Yang Luo wrote:
>
> > I wonder why this mail went to my spam.. I don't know anything about
> radiotap header so I'm afraid i'm not s
will just use this value. Thanks!
Cheers,
Yang
On Thu, Mar 31, 2016 at 10:59 AM, Guy Harris wrote:
> On Mar 30, 2016, at 5:09 PM, Yang Luo wrote:
>
> > I'm adding Native 802.11 capture support to Npcap and demonstrate it on
> Wireshark. (See:
> https://github.com/nmap/n
Hi list,
I'm adding Native 802.11 capture support to Npcap and demonstrate it on
Wireshark. (See:
https://github.com/nmap/npcap/releases/download/v0.06-r13/npcap-nmap-0.06-r13-wifi.exe).
I found that the there are two 802.11 related values to show the adapter
type: NdisMediumBare80211 and NdisMedi
ue is closed
now but if someone could tell me the reason it would be better.
Cheers,
Yang
On Thu, Feb 4, 2016 at 2:21 AM, Yang Luo wrote:
> OK. I decided to build wpcap.dll with VS2013 at least. And the same issue.
> (mentioned in the first two posts). It will cause Wireshark on Win8.1/10
Quantin
> *Sent:* den 3 februari 2016 17:27
> *To:* Developer support list for Wireshark
> *Subject:* Re: [Wireshark-dev] Wireshark fails to start with wpcap.dll
> built by Visual Studio 2010
>
>
>
>
>
>
>
> 2016-02-03 16:16 GMT+01:00 Yang Luo :
>
> Hi list,
&g
; 2016-02-03 16:16 GMT+01:00 Yang Luo :
>
>> Hi list,
>>
>> After several months, I retried updating wpcap project from VS 2005 to VS
>> 2010) and encountered the same issue, under Wireshark 2.0.1 x64, Win10 x64.
>>
>> The Wireshark UI said "Child dumpcap
Hi list,
This is a help request to me about traffic forwarding between two adapters
based on WinPcap/Npcap. I am stuck on an issue. There're more talented
minds familiar with WinPcap here, so I hope you could help.
Let me summarize the question if you don't want to see the details in the
previous
Hi Guy,
On Thu, Jan 14, 2016 at 2:00 AM, Guy Harris wrote:
>
> On Jan 13, 2016, at 8:16 AM, Yang Luo wrote:
>
> > I want to implement a feature that Npcap can send packets to Rx (receive
> path) instead of the current Tx (send path).
>
> What do you mean by "sen
Hi list,
I want to implement a feature that Npcap can send packets to Rx (receive
path) instead of the current Tx (send path). I know how to implement
this in the driver layer. But I don't know how to add this interface to
wpcap.dll. I don't want to change too much like adding a function
call. Wha
On Tue, Jan 12, 2016 at 9:56 AM, Guy Harris wrote:
>
> On Jan 11, 2016, at 5:42 PM, Yang Luo wrote:
>
> > AFAIK, Npcap/WinPcap works on the data link level and it sees the
> Ethernet frames.
>
> It sees data link frames, whatever they might happen to be; it's not
e a
higher-level sniffer like Fiddler is more suitable for this task? Any other
opinions?
Cheers,
Yang
On Tue, Jan 12, 2016 at 4:14 AM, Alexis La Goutte wrote:
>
>
> On Mon, Jan 11, 2016 at 6:16 PM, Yang Luo wrote:
>
>> Hi Alexis,
>>
>> Thanks to what Guy ha
On Thu, Jan 7, 2016 at 1:08 PM, Guy Harris wrote:
>
> On Jan 4, 2016, at 12:12 PM, Guy Harris wrote:
>
> > On Jan 4, 2016, at 4:08 AM, Anders Broman
> wrote:
> >
> >> As a test I tried to compile Wireshark with HAVE_PCAP_CREATE set using
> nmake
> >>
> >> Linking dumpcap.exe
> >> link @C:
uess under this
condition Wireshark is not necessary to know anything about the monitor
mode? This is kind of like Airpcap, I saw it also provides such a panel and
supports Wireshark. Is this viable?
Cheers,
Yang
On Thursday, December 31, 2015, Guy Harris wrote:
>
> On Dec 29, 2015,
Hi, Guy
On Thursday, December 31, 2015, Guy Harris wrote:
>
> On Dec 29, 2015, at 11:29 PM, Yang Luo >
> wrote:
>
> > 2) pcap_cant_set_rfmon function in wpcap\libpcap\pcap.c:
> > https://github.com/nmap/npcap/blob/master/wpcap/libpcap/pcap.c
> > Line 98
> >
the column will look no available on Windows...
>
> Cheers
>
>
> On Wed, Dec 30, 2015 at 8:29 AM, Yang Luo wrote:
>
>> Hi list,
>>
>> I am considering adding native 802.11 packet capturing support (including
>> management and control frames) in Npcap.
r" column on Wireshark but need to have
> SHOW_MONITOR_COLUMN (HAVE_PCAP_CREATE) enable (see
> ui/qt/capture_interfaces_dialog.cpp )
>
> But the column will look no available on Windows...
>
> Cheers
>
>
> On Wed, Dec 30, 2015 at 8:29 AM, Yang Luo wrote:
>
>&g
Hi list,
I am considering adding native 802.11 packet capturing support (including
management and control frames) in Npcap. This is possible because Microsoft
Network Monitor already implements this feature for Vista and later.
To enable these packets' capturing, we need to switch on the Wi-Fi
ad
Hi,
Starting from 0.05 r3, Npcap supports Vista in the same way with Win7,
Win8, Win10, as Vista also uses NDIS 6. Vista uses NDIS 6.0 binaries and
Win7 and later systems uses NDIS 6.2 binaries. Try installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.05-r3.exe
I hope this woul
Hi,
I'm a bit confused about the phrase PPP used here, does it mean to capture
on a physical WAN adapter, or capture the decrypted PPTP or L2TP packets
(using VPN)? If the option goes to the former, is there a way to emulate
such a hardware? because I don't have a WAN adapter, and it's important
x27;s official page in the future. I will update the link of
this page as soon as the site is on line.
Cheers,
Yang
On Fri, Sep 4, 2015 at 10:44 PM, Pascal Quantin
wrote:
> Hi Yang,
>
> 2015-09-01 4:09 GMT+02:00 Yang Luo :
>
>> Hi Pascal,
>>
>> On Fri, Aug 28, 2015 a
someone
could reproduce this, it would be easier to have a fix about it.
Cheers,
Yang
On Wed, Sep 2, 2015 at 10:44 PM, Pascal Quantin
wrote:
>
>
> 2015-09-02 8:38 GMT+02:00 Yang Luo :
>
>> Hi Pascal,
>>
>> On Wed, Sep 2, 2015 at 1:57 AM, Pascal Quantin
>> wrote:
Hi Pascal,
On Wed, Sep 2, 2015 at 1:57 AM, Pascal Quantin
wrote:
>
>
> 2015-09-01 17:23 GMT+02:00 Pascal Quantin :
>
>>
>>
>> 2015-09-01 3:19 GMT+02:00 Yang Luo :
>>
>>> Hi Pascal,
>>>
>>> Thanks for this bug. This bug is because
Hi Pascal,
On Fri, Aug 28, 2015 at 2:54 AM, Pascal Quantin
wrote:
>
> Le 25 août 2015 3:41 PM, "Yang Luo" a écrit :
> >
> > Hi list,
> >
> > I noticed that "Loopback capture setup" (
> https://wiki.wireshark.org/CaptureSetup/Loopback) has s
heers,
Yang
On Fri, Aug 28, 2015 at 4:17 AM, Pascal Quantin
wrote:
>
> 2015-08-25 12:00 GMT+02:00 Yang Luo :
>
>> Hi Guy,
>>
>> Now PCAP_IF_LOOPBACK flag in pcap_if_t struct will be set for "Npcap
>> Loopback Adapter" both for DLT_NULL mode and Fake
Hi list,
I noticed that "Loopback capture setup" (
https://wiki.wireshark.org/CaptureSetup/Loopback) has some discussions
about loopback capturing on Windows, and it is not updated these months. As
Npcap can capture and send loopback traffic now, I hope that someone could
add Npcap as one of the s
ris wrote:
>
> On Aug 24, 2015, at 11:19 PM, Yang Luo wrote:
>
> > Npcap 0.04 r7 is released.
> >
> > 1) One change is that PCAP_IF_LOOPBACK is set for "Npcap Loopback
> Adapter" in DLT_NULL mode
>
> It should be set in *both* modes - it's a l
d traffic, hope any test
about this feature or any ideas about how to test it.
Latest installer is at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r7.exe
Cheers,
Yang
On Tue, Aug 25, 2015 at 1:12 AM, Guy Harris wrote:
>
> On Aug 24, 2015, at 6:08 AM, Yang Luo wrote:
>
Hi Guy,
I have looked at all occurrences of PCAP_IF_LOOPBACK in Npcap's wpcap.dll
code at
https://github.com/nmap/npcap/search?utf8=%E2%9C%93&q=PCAP_IF_LOOPBACK, it
seems that this property is never effectively used inside wpcap.dll's code. In
Wireshark's WinPcap official trunk, it is totally unus
it seems that Npcap loopback adapter will
continue to use the "NdisMediumNull - DLT_NULL" pair for now.
On Mon, Aug 24, 2015 at 7:00 PM, Pascal Quantin
wrote:
>
>
> 2015-08-24 12:30 GMT+02:00 Yang Luo :
>
>> Hi Pascal,
>>
>> On Mon, Aug 24, 2015 at 5:4
Hi Pascal,
On Mon, Aug 24, 2015 at 5:46 PM, Pascal Quantin
wrote:
>
>
>> I personally think data returned by OID_GEN_MEDIA_IN_USE should be
>> identical with the one returned by OID_GEN_MEDIA_SUPPORTED for our loopback
>> condition based on MSDN explanation, and it's "media" instead of "medium",
Hi Pascal,
On Mon, Aug 24, 2015 at 4:19 PM, Pascal Quantin
wrote:
>
>
> Hi Yang,
>
> any reason for not using NdisMediumLoopback that is defined since Vista
> according to
> https://msdn.microsoft.com/en-us/library/windows/hardware/ff565910%28v=vs.85%29.aspx
> ? Maybe it would make sense to swit
think the display string should be modified to "Media in use" instead
of "Medium in use".
Cheers,
Yang
On Mon, Aug 24, 2015 at 4:29 PM, Pascal Quantin
wrote:
>
>
> 2015-08-24 10:19 GMT+02:00 Pascal Quantin :
>
>> 2015-08-24 3:38 GMT+02:00 Yang Luo :
>
Hi list,
In latest 0.04 r6 version, I have used 0x02, 0x00, 0x00, 0x00 for an IPv4
packet and 0x18, 0x00, 0x00, 0x00 for an IPv6 packet (tell me if you have
better value for IPv6). The driver can return NdisMediumNull now for
loopback interface. Wireshark seems to work now, one little issue is tha
packets correctly, I think
Windows is little-endian system, so "02 00 00 00" protocol header should be
right. Hope any helpful answers.
Latest install is at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r5.exe
Cheers,
Yang
On Thu, Aug 20, 2015 at 2:17 PM, Yang Luo wrote:
Hi list,
I have updated Npcap to 0.04-r4. This version modified "Npcap Loopback
Adapter"'s MTU to 65536, so the maximum packet size is 65550 (65536 +
eth_hdr_size).
But I found weird result in Wireshark's "Interface Details" dialog.
1) Npcap Loopback Adapter:
Transmit Buffer Space 1514
Receive B
et header before
sending it. How to make Nmap construct a DLT_NULL/DLT_LOOP header instead
of an Ethernet header?
Cheers,
Yang
On Wed, Aug 19, 2015 at 2:33 PM, Guy Harris wrote:
>
> On Aug 18, 2015, at 9:50 PM, Yang Luo wrote:
>
> > Current fake Ethernet encapsulation of Npcap refer
Hi Jim,
Current fake Ethernet encapsulation of Npcap refers to the Linux
implementation (actually is Ubuntu, as I am only familiar with it for a
Linux system). I don't own a OS X computer now so I can't test or use it.
One question is is NULL/Loopback encapsulation a widespread protocol
standard l
here was no loopback adapter. I let DebugTest run for a few
> minutes before grabbing the attached log file.
>
>
> I hope you find something useful in the log.
>
>
> Jim Y.
>
>
> --
> *From:* wireshark-dev-boun...@wireshark.org <
>
antin
wrote:
> Hi Yang,
>
> 2015-08-18 3:27 GMT+02:00 Yang Luo :
>
>> Hi Pascal,
>>
>> Sorry that 0.04 r2 lacks some message, I added some extra trace in latest
>> version, please try this and give me the log,
>>
>> https://svn.nmap.org/nmap-exp/ya
can provide the .vbox file of your VM.
Cheers,
Yang
On Tue, Aug 18, 2015 at 1:30 AM, Pascal Quantin
wrote:
>
> 2015-08-17 18:52 GMT+02:00 Pascal Quantin :
>
>>
>>
>> 2015-08-17 2:55 GMT+02:00 Yang Luo :
>>
>>> Hi Pascal,
>>>
>>> T
Hi Guy,
On Mon, Aug 17, 2015 at 11:02 AM, Guy Harris wrote:
>
> On Aug 16, 2015, at 7:39 PM, Jim Young wrote:
>
> > But unlike the earlier versions, the NPcap Loopback Adapter does no
> longer shows up in the list of interfaces available to Wireshark.
>
> I suspect the most likely reason for th
Hi Jim,
Did you also use a VirtualBox guest to test Npcap 0.04? I think the cause
is the same with Pascal: I added Winsock Kernel init code to loopback
interface's OpenAdapter op, if the init fails, the adapter fails to be
opened. There're also two ways, first provide me the reproduce steps if you
1:55 PM, Pascal Quantin
wrote:
>
> Le 16 août 2015 3:39 PM, "Pascal Quantin" a
> écrit :
> >
> > Hi Yang,
> >
> > 2015-08-16 14:18 GMT+02:00 Yang Luo :
> >>
> >> Hi Pascal,
> >>
> >> I think this BSoD is caused by the Win
1 - 100 of 151 matches
Mail list logo