Wireshark · Ethereal-users: [Ethereal-users] ANNOUNCE: WinPcap 3.1 beta has been released

Ethereal-users: [Ethereal-users] ANNOUNCE: WinPcap 3.1 beta has been released

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Gianluca Varenni" <varenni@xxxxxxxxx>

Date: Tue, 3 Feb 2004 16:43:41 +0100

The beta of WinPcap 3.1 is available from today in the download section of
the WinPcap site.

WinPcap 3.1 beta is a main update, with a good number of bug fixes and new
features.
The most important is the support for NdisWan connections (dial-up and VPN)
by means of the NetMon API. Please note that this feature is experimental,
and that we will be glad to hear comments from people that use it.
Another new functionality is the support for Endace Dag cards
(http://www.endace.com), based on the Windows Driver that Endace developed
in conjunction with the WinPcap team during 2003.
pcap_findalldevs() and pcap_findalldevs_ex() are now able, under Windows XP
and Windows Server 2003, to return IPv6 addresses in addition to IPv4 ones.
Finally, several bugs have been fixed.



CHANGELOG
=========
- Support for capture on NdisWan, with the following features:
    + Based on the NetMon API, does NOT use NPF.sys
    + Works with PPP (dial-up) and VPN links
    + Works on Windows 2000 and XP, only
    + Packet transmission is not supported
    + packet filtering is done at user level

- wpcap.dll has been updated to libpcap 0.8.1 from www.tcpdump.org.

- Support for DAG cards, based on the Windows version of the 2.5 Endace Dag
  driver.

- The method used by the driver to timestamp packets can now be changed
  without recompiling the driver, modifying a registry key:
       HKLM\System\CurrentControlSet\Services\NPF\TimestampMode
  Possible values are
   - 0 (default) -> Timestamps generated through KeQueryPerformanceCounter,
          less reliable on SMP/HyperThreading machines,
          precision = some microseconds
   - 2 -> Timestamps generated through KeQuerySystemTime,
   more reliable on SMP/HyperThreading machines,
          precision = scheduling quantum (10/15 ms)
   - 3 -> Timestamps generated through the i386 instruction RDTSC,
          less reliable on SMP/HyperThreading/SpeedStep machines,
          precision = some microseconds

- The driver is now started by the SCM with GENERIC_READ privileges rather
  than ALL_ACCESS. This allows not-administrator users to start and run
  WinPcap.

- Changes to the wpcap.dll API:
    + pcap_findalldevs() and pcap_findalldevs_ex() return IPv6 addresses
    + pcap_findalldevs_ex() is now able to list local adapters, remote
      adapters, and the list of capture files present in a given folder.

- Changes/additions to the Packet.dll API:
    + The code to gather interface information has been mostly rewritten, in
      order to be more modular and source independent. IP Helper API is now
      used in addition to registry scanning.
    + PacketGetNetInfoEx() now returns IPv6 addresses besides IPv4 ones.
    + modified the format of the npf_if_addr structure, that
      PacketGetNetInfoEx() uses to return the network address of an
      interface. In order to provide enough space for an IPv6 address,
      npf_if_addr is now made of three struct sockaddr_storage rather than
      three struct sockaddr.
      Since the former is 128 bytes while the latter is 16 bytes, old
      applications will not be compatible with the new PacketGetNetInfoEx().
    + PacketGetAdapterNames() now returns the names of the adapter in ASCII
      rather than in Unicode.
      Since the main purpose of PacketGetAdapterNames() is feeding data to
      pcap_findalldevs() and since pcap_findalldevs() needs ASCII names, the
      new PacketGetAdapterNames() avoids a conversion in wpcap.dll and
      uniforms the data format with the one of Windows 9x (this potentially
      simplifies the code of the applications). As a consequence to
      this modification, old applications won't work properly with the new
      PacketGetAdapteNames() on NT/2k/XP/2k3.
    + PacketOpenAdapter() now takes an ascii adapter rather than a UNICODE
      one. This is a consequence of the fact that PacketGetAdapterNames()
      returns ASCII strings: they can be immediately passed to
      PacketOpenAdapter(). (note: internal conversion is provided so that a
      UNICODE adapter name will be correctly opened, however the prototype
      changes and this could generate warning when compiling old
      applications)
    + For the same reason, PacketGetNetInfoEx() takes an ASCII adapter
      string rather than a UNICODE one. Internal conversion is provided for
      backward compatibility in this case, too.
    + PacketGetVersion() now retrieves the version number from the dll
      binary.
    + Added a PacketGetDriverVersion() function that returns the version
      number of NPF.sys.

- Packet sampling
    + added the capability to perform packet sampling instead of just packet
      capture. This feature can be turned on through the new
      pcap_setsampling() function.
    + This feature is available on local captures, offline captures, and
      remote captures.
    + Please note that this feature is highly experimental.

- Remote capture
    + Improved support on FreeBSD and Linux.
    + Fixed a bug in UDP data trasfer
    + Support for packet sampling (only if the remote daemon runs on a Win32
      machine; it does not work on Linux and FreeBSD).

  - Updated the documentation
     + Many examples have been rewritten in order to use the new pcap_open()
       and pcap_findalldevs_ex() functions.

=============================

Prev by Date: [Ethereal-users] how to decode wbxml transported by http
Next by Date: Re: Re: [Ethereal-users] H225-SETUP
Previous by thread: RE: [Ethereal-users] how to decode wbxml transported by http
Next by thread: [Ethereal-users] What shpuld I do in order to see local packets ?
Index(es):
- Date
- Thread