<div dir="ltr"><br><div class="gmail_extra"><br><div class="gmail_quote">On Sun, Mar 29, 2015 at 5:24 AM, Pascal Quantin <span dir="ltr"><<a href="mailto:pascal.quantin@gmail.com" target="_blank">pascal.quantin@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_extra"><div class="gmail_quote"><div><div>2015-03-25 16:45 GMT+01:00 Pascal Quantin <span dir="ltr"><<a href="mailto:pascal.quantin@gmail.com" target="_blank">pascal.quantin@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div><div><div>Hi all,<br><br></div>as reported on this blog post: <a href="http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html" target="_blank">http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html</a>, network interfaces are no more showing up on the latest Windows 10 build (I see the same thing on my virtual machine).<br></div>I could not find any clear information yet, but I fear it could imply that Microsoft is gonna drop the NDIS 5 backward compatibility mode sooner or later (which should be expected at some point as NDIS 6 was introduced in Vista). Given the number of products / projects that rely on WinPcap (Wireshark being one of them), having it not working anymore in the latest Microsoft OS would be a drama.<br></div><div>I know that the project is more or less stalling since a few years. An "emergency" fix was done for Windows 8 support, but I have no idea whether having it working on Windows 10 requires a small fix or a full rewrite.<br></div><div>Could one of the developer kindly have a look and provide some info regarding the Windows 10 compatibility / WinPCAP future?<br></div></div></blockquote><div><br></div></div></div><div>Hi all,<br><br></div><div>as indicated by Jakub Zawadzki, there was a Nmap GSoc 2013 project porting Winpcap to NDIS 6, with the source code found here: <span> <a href="https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/installer/winpcap-nmap-4.1.3-NDIS6-1.2.0.exe" target="_blank">https://svn.nmap.org/nmap-exp/yang/NPcap-LWF</a><br></span></div><div><span>After a quick test, I can confirm that:<br></span></div><div><span>- interfaces are now seen and can be selected for capture<br></span><div>- ethernet frames containing TCP packets are seen with a size of
2048 bytes (while I have a MTU set to 1500) and the extra data is seen
as ethernet trailer of 570 bytes + a FCS of 4 bytes<br></div>- DNS queries are truncated (only the first 8 bytes of UDP datagram are captured)<br></div><div>So this is not yet usable but seems to be a good starting point.<br><a href="http://seclists.org/nmap-dev/2013/q4/108" target="_blank">http://seclists.org/nmap-dev/2013/q4/108</a> suggests that the code was shared with WinPcap development team (or at least this was the intention). Did this ever happened?<br><br></div><div>Best regards,<br></div><div>Pascal.<br></div></div></div></div>
<br></blockquote><div> </div></div><div>Pascal,<br><br></div><div>I haven't seen a reply from a WinPcap
developer on this list for a long time, but I can confirm that Nmap is
looking to revive the Npcap project. It's one of our "official ideas"
for GSOC 2015, and we have several applicants for the position,
including the student who did the original work. If you want to stay
engaged with that effort, continue to watch the <a href="mailto:dev@nmap.org" target="_blank">dev@nmap.org</a> mailing list over the summer; I'm sure we would appreciate feedback as the project progresses.<br><br></div>Dan </div></div>