Wireshark-dev: Re: [Wireshark-dev] Npcap 0.04 call for test

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>
Date: Sat, 15 Aug 2015 20:10:56 +0200
Hi Yang,

2015-08-15 14:38 GMT+02:00 Yang Luo <hsluoyb@xxxxxxxxx>:
Hi list,

Thanks for your tests for the first 3 versions of Npcap, with your tests I am able to release Npcap 0.04 version as below:
1) Fixed the BAD_POOL_CALLER BSoD.
2) Updated Packet, NPFInstall, NPcapHelper projects to MSVC 2010, updated driver to MSVC 2015.
3) Fixed the "Malformed Packet" bug when executing commands like "ping -t -l 65500 127.0.0.1".
4) Added loopback packet sending support using Winsock Kernel technique.
5) Fixed the bug that Npcap loopback adapter fails to capture packets when capture filter is specified.
6) Fixed the bug that Npcap fails to capture all chargen protocol packets.
7) Fixed the bug that Npcap didn't finish IRP when opening adapter fails, this perhaps causes some issues, like the IRQL_NOT_LESS_OR_EQUAL BSoD. I don't know if it is fixed, please let me know the result. (also the results of the 6 sub-versions for 0.03-r5)

The latest Npcap installer is:

Previous versions can be found at:

I have tested this version Npcap under Wireshark 1.99.8 x64, in Windows 8.1 x64 and Windows 10 x64.

Notice: 
1) You need to try it under Win7 and later, and no need to change the installation options, just click the "Next"s. Npcap installed in "WinPcap Compatible Mode" is exclusive with WinPcap, so you must uninstall WinPcap first (installer will prompt you this).
2) If you have installed WinPcap, better to reboot the PC after uninstalling Winpcap and then install Npcap.

The README is:


Cheers,
Yang


On my Windows 10 x64 virtual machine, the BSoD appears with changeset fdaaa13 (npcap-nmap-0.03-r5-4) and happens with all subsequent 0.03 releases. I cannot test with the Windows 7 x64 PC I used initially before the 1st of September, so hopefully this is the same root cause.
Npcap 0.04 does not crash on the same machine but the loopback interface is not listed in Wireshark (the network interface is installed though).

Cheers,
Pascal.