[Winpcap-users] WinPcap 4.1.3 not working anymore on Windows 10 build 10041

Daniel Miller bonsaiviking+winpcap at gmail.com
Sun Mar 29 12:58:09 UTC 2015


On Sun, Mar 29, 2015 at 5:24 AM, Pascal Quantin <pascal.quantin at gmail.com>
wrote:

> 2015-03-25 16:45 GMT+01:00 Pascal Quantin <pascal.quantin at gmail.com>:
>
>> Hi all,
>>
>> as reported on this blog post:
>> http://netscantools.blogspot.fr/2015/03/winpcap-and-wireshark-problems-on.html,
>> network interfaces are no more showing up on the latest Windows 10 build (I
>> see the same thing on my virtual machine).
>> I could not find any clear information yet, but I fear it could imply
>> that Microsoft is gonna drop the NDIS 5 backward compatibility mode sooner
>> or later (which should be expected at some point as NDIS 6 was introduced
>> in Vista). Given the number of products / projects that rely on WinPcap
>> (Wireshark being one of them), having it not working anymore in the latest
>> Microsoft OS would be a drama.
>> I know that the project is more or less stalling since a few years. An
>> "emergency" fix was done for Windows 8 support, but I have no idea whether
>> having it working on Windows 10 requires a small fix or a full rewrite.
>> Could one of the developer kindly have a look and provide some info
>> regarding the Windows 10 compatibility / WinPCAP future?
>>
>
> Hi all,
>
> as indicated by Jakub Zawadzki, there was a Nmap GSoc 2013 project porting
> Winpcap to NDIS 6, with the source code found here:
> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF
> <https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/installer/winpcap-nmap-4.1.3-NDIS6-1.2.0.exe>
> After a quick test, I can confirm that:
> - interfaces are now seen and can be selected for capture
> - ethernet frames containing TCP packets are seen with a size of 2048
> bytes (while I have a MTU set to 1500) and the extra data is seen as
> ethernet trailer of 570 bytes + a FCS of 4 bytes
> - DNS queries are truncated (only the first 8 bytes of UDP datagram are
> captured)
> So this is not yet usable but seems to be a good starting point.
> http://seclists.org/nmap-dev/2013/q4/108 suggests that the code was
> shared with WinPcap development team (or at least this was the intention).
> Did this ever happened?
>
> Best regards,
> Pascal.
>
>
Pascal,

I haven't seen a reply from a WinPcap developer on this list for a long
time, but I can confirm that Nmap is looking to revive the Npcap project.
It's one of our "official ideas" for GSOC 2015, and we have several
applicants for the position, including the student who did the original
work. If you want to stay engaged with that effort, continue to watch the
dev at nmap.org mailing list over the summer; I'm sure we would appreciate
feedback as the project progresses.

Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20150329/e3a0a595/attachment.html>


More information about the Winpcap-users mailing list