On 18 October 2017 at 11:08, Pascal Quantin <[email protected]> wrote:
> > > 2017-10-18 11:54 GMT+02:00 Graham Bloice <[email protected]>: > >> >> >> On 18 October 2017 at 09:45, Pascal Quantin <[email protected]> >> wrote: >> >>> Hi list, >>> >>> when we introduced Npcap support back in 2015/2016, we decided that >>> WinPcap driver should have higher precedence due to its known stability >>> (and despite issues with newer Windows versions). By that time, you could >>> get a BSoD with Npcap. >>> >>> Time has elapsed since, and Npcap is now bundled with Nmap. The number >>> of commits in Npcap repository (https://github.com/nmap/npcap/) have >>> also decreased, which hopefully means that the product is more mature (the >>> list of opened issues can be found here: https://github.com/nmap/nmap/i >>> ssues?q=is%3Aissue+is%3Aopen+label%3ANpcap). >>> >>> Nmap team filled bug 14134 regarding a library loading issue they >>> spotted. We are gonna fix it, but it raises the question of which capture >>> driver (between WinPcap and Npcap) should be attempted to be loaded first. >>> Note that for now I do not want to change the driver bundled with our >>> Windows installers (the Npcap license restriction must be solved before >>> even thinking about it). So this only concerns people having installed both >>> WinPcap and Npap. Moreover, if we agree on the change, I would suggest to >>> apply it only in development branch. >>> >>> Thoughts? >>> >>> Regards, >>> Pascal. >>> >>> >> I'm generally in agreement with all the above, but I'm torn on >> hard-coding a preference for one capture library over another. If a system >> has both, who are we to say which one will be used to the exclusion of the >> other. >> >> I guess I'm implying we should expose a preference to allow the user to >> choose which is definitely more work but does give control back. >> > > Unfortunately a Wireshark preference is not doable, as wpcap.dll is also > loaded by dumpcap that does not use our preferences module. A registry key > might do the trick. Presumably tshark should also have a command flag > allowing you to configure it. > I guess the underlying question is: what kind of power users would have > both Npcap and WinPcap installed? Either it's a personal choice because > Npcap features are required (and in that case it would make sense to favor > it), or you have Nmap installed (or any other software that migth rely on > it). And if it works for Nmap, any reason it would fail for Wireshark? > > Presumably dumpcap could also have a command flag to select which to use. > Note also that when both are installed but you are uwing WinPcap, you can > see Npcap loopback interface in the list but if you select it no packets > are capture at all. A bit confusing. > Thinking about my own workflow, when capturing "oddities" occur, and Npcap is installed, a remedial option is to uninstall it. Having a switch in Wireshark would make life easier. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
