Hi everyone,
It would appear that this post on technet is correct:
http://social.technet.microsoft.com/Forums/en-US/4dc4d3d2-b47c-4297-b089-5f11e9c2ff8c/10041-and-winpcap-413-anyone-using-this
Windows 10 build 10074 does appear to be working again with WinPcap 4.1.3.
Chris.
On 29/03/2015 13:58, Daniel Miller wrote:
On Sun, Mar 29, 2015 at 5:24 AM, Pascal Quantin
<[email protected] <mailto:[email protected]>> wrote:
2015-03-25 16:45 GMT+01:00 Pascal Quantin
<[email protected] <mailto:[email protected]>>:
Hi all,
as reported on this blog post:
http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html,
network interfaces are no more showing up on the latest
Windows 10 build (I see the same thing on my virtual machine).
I could not find any clear information yet, but I fear it
could imply that Microsoft is gonna drop the NDIS 5 backward
compatibility mode sooner or later (which should be expected
at some point as NDIS 6 was introduced in Vista). Given the
number of products / projects that rely on WinPcap (Wireshark
being one of them), having it not working anymore in the
latest Microsoft OS would be a drama.
I know that the project is more or less stalling since a few
years. An "emergency" fix was done for Windows 8 support, but
I have no idea whether having it working on Windows 10
requires a small fix or a full rewrite.
Could one of the developer kindly have a look and provide some
info regarding the Windows 10 compatibility / WinPCAP future?
Hi all,
as indicated by Jakub Zawadzki, there was a Nmap GSoc 2013 project
porting Winpcap to NDIS 6, with the source code found here:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/installer/winpcap-nmap-4.1.3-NDIS6-1.2.0.exe>
After a quick test, I can confirm that:
- interfaces are now seen and can be selected for capture
- ethernet frames containing TCP packets are seen with a size of
2048 bytes (while I have a MTU set to 1500) and the extra data is
seen as ethernet trailer of 570 bytes + a FCS of 4 bytes
- DNS queries are truncated (only the first 8 bytes of UDP
datagram are captured)
So this is not yet usable but seems to be a good starting point.
http://seclists.org/nmap-dev/2013/q4/108 suggests that the code
was shared with WinPcap development team (or at least this was the
intention). Did this ever happened?
Best regards,
Pascal.
Pascal,
I haven't seen a reply from a WinPcap developer on this list for a
long time, but I can confirm that Nmap is looking to revive the Npcap
project. It's one of our "official ideas" for GSOC 2015, and we have
several applicants for the position, including the student who did the
original work. If you want to stay engaged with that effort, continue
to watch the [email protected] <mailto:[email protected]> mailing list over the
summer; I'm sure we would appreciate feedback as the project progresses.
Dan
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
--
*Chris Thomas*
Chief Technical Officer - Idappcom Ltd
*Watch the video series for our latest software "The Easy Rules
Manager (Snort)"
<https://www.youtube.com/channel/UCzel4u3CGsQmgncCtfKq4lA>*
Office: +44(0)203-355-6804 x 4201 - Fax: +44(0)203-393-9950
Web: *www.idappcom.com <http://www.idappcom.com>* and
*www.ipssecurityrules.co.uk <http://www.ipssecurityrules.co.uk>*
Mail: Idappcom Ltd, 6 Rural Enterprise Centre, Eco Park Road, Ludlow,
Shropshire, SY8 1FF, UK.
idappcom ltd
Registered in England No. 06829932. 11 Welbeck Street, London,
W1G 9XZ
IMPORTANT: The information contained in this e-mail and
attachment (if any) is intended for the person to whom it is
addressed and may contain confidential and/or privileged
information. The contents of this message may contain personal
views which are not the views of Idappcom Ltd, unless
specifically stated. You should not copy, retain, forward or
disclose its contents to anyone else, or take any action based
upon it, if it is not addressed to you personally. If you have
received this e-mail in error please contact the sender
immediately.
Please don't print this e-mail unless you really need to.
_______________________________________________
Winpcap-users mailing list
[email protected]
https://www.winpcap.org/mailman/listinfo/winpcap-users
