<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">2015-03-25 16:45 GMT+01:00 Pascal Quantin <span dir="ltr"><<a href="mailto:pascal.quantin@gmail.com" target="_blank">pascal.quantin@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hi all,<br><br></div>as reported on this blog post: <a href="http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html" target="_blank">http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html</a>, network interfaces are no more showing up on the latest Windows 10 build (I see the same thing on my virtual machine).<br></div>I could not find any clear information yet, but I fear it could imply that Microsoft is gonna drop the NDIS 5 backward compatibility mode sooner or later (which should be expected at some point as NDIS 6 was introduced in Vista). Given the number of products / projects that rely on WinPcap (Wireshark being one of them), having it not working anymore in the latest Microsoft OS would be a drama.<br></div><div>I know that the project is more or less stalling since a few years. An "emergency" fix was done for Windows 8 support, but I have no idea whether having it working on Windows 10 requires a small fix or a full rewrite.<br></div><div>Could one of the developer kindly have a look and provide some info regarding the Windows 10 compatibility / WinPCAP future?<br></div></div></blockquote><div><br></div><div>Hi all,<br><br></div><div>as indicated by Jakub Zawadzki, there was a Nmap GSoc 2013 project porting Winpcap to NDIS 6, with the source code found here: <span class="im"> <a href="https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/installer/winpcap-nmap-4.1.3-NDIS6-1.2.0.exe" target="_blank">https://svn.nmap.org/nmap-exp/yang/NPcap-LWF</a><br></span></div><div><span class="im">After a quick test, I can confirm that:<br></span></div><div><span class="im">- interfaces are now seen and can be selected for capture<br></span><div>- ethernet frames containing TCP packets are seen with a size of
2048 bytes (while I have a MTU set to 1500) and the extra data is seen
as ethernet trailer of 570 bytes + a FCS of 4 bytes<br></div>- DNS queries are truncated (only the first 8 bytes of UDP datagram are captured)<br></div><div>So this is not yet usable but seems to be a good starting point.<br><a href="http://seclists.org/nmap-dev/2013/q4/108">http://seclists.org/nmap-dev/2013/q4/108</a> suggests that the code was shared with WinPcap development team (or at least this was the intention). Did this ever happened?<br><br></div><div>Best regards,<br></div><div>Pascal.<br></div></div></div></div>