Wireshark-dev: Re: [Wireshark-dev] Capture PPP on Windows Vista

From: Yang Luo <hsluoyb@xxxxxxxxx>
Date: Tue, 24 Nov 2015 17:37:28 +0800
Hi,

I'm a bit confused about the phrase PPP used here, does it mean to capture on a physical WAN adapter, or capture the decrypted PPTP or L2TP packets (using VPN)?  If the option goes to the former, is there a way to emulate such a hardware? because I don't have a WAN adapter, and it's important to have the hardware when adding it to Npcap. If the option goes to the latter, Npcap currently supports capturing on encrypted VPN data. The link in https://msdn.microsoft.com/en-us/library/windows/desktop/bb404173%28v=vs.85%29.aspx seems to provide a sort of backdoor for Network Monitor as Guy said, but it's NDIS 5 and for protocol drivers, it remains to be confirmed whether it works for a NDIS 6 filter driver.

For the vista, Npcap is manually disabled on that platform in the installer level, but actually this is technically viable because Vista is also NDIS 6. I will reopen the door for Vista on Npcap if possible, and better if you could provide your detailed OS type, x86 or x64, RTM or SP1 or SP2?


Cheers,
Yang


On Tue, Nov 24, 2015 at 2:57 AM, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:


2015-11-23 19:47 GMT+01:00 Alexis La Goutte <alexis.lagoutte@xxxxxxxxx>:
Hi Michal,

Do you have try npcap or Win10pcap ? because it is NDIS 6.0 ready (and winpcap is only NDIS 5 for the moment...)

I do not think any of them support PPP neither (I cannot find any reference to ndiswanbh in Npcap source code). Let's ee if Yang comments or not ;)
Anyway Vista is completely obsolete and AFAIK Npcap uses the NDIS6 driver starting from Windows 7 (and uses WinPcap 4.1.3 for XP and Vista). So even if he was willing / able to add support it would not help here.

And as you stated, this is more a WinPcap/Npcap discussion than Wireshark.
If his PPP device is connected through USB, he could try USBPcap. If not, there is no solution right now (AFAIK). Maybe use Message Analyzer instead? yes I know it hurts... :) ).


Regards,


On Mon, Nov 23, 2015 at 7:41 PM, Michal Labedzki <michal.labedzki@xxxxxxxxx> wrote:
Hello,

One user (maybe more...) complains that Wireshark does not support
capturing PPP on Windows Vista.
WinPcap does not support it for unknown reason:
https://www.winpcap.org/misc/faq.htm#Q-5

But I found that:
https://msdn.microsoft.com/en-us/library/windows/desktop/bb404173%28v=vs.85%29.aspx

My question is: Is there anyone interested to add missing feature or
maybe it is not possible? I not sure what for other Windows.

--

Pozdrawiam / Best regards
-------------------------------------------------------------------------------------------------------------
Michał Łabędzki, Software Engineer
Tieto Corporation

Product Development Services

http://www.tieto.com / http://www.tieto.pl
---
ASCII: Michal Labedzki
location: Swobodna 1 Street, 50-088 Wrocław, Poland
room: 5.01 (desk next to 5.08)
---
Please note: The information contained in this message may be legally
privileged and confidential and protected from disclosure. If the
reader of this message is not the intended recipient, you are hereby
notified that any unauthorised use, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please notify us immediately by replying to
the message and deleting it from your computer. Thank You.
---
Please consider the environment before printing this e-mail.
---
Tieto Poland spółka z ograniczoną odpowiedzialnością z siedzibą w
Szczecinie, ul. Malczewskiego 26. Zarejestrowana w Sądzie Rejonowym
Szczecin-Centrum w Szczecinie, XIII Wydział Gospodarczy Krajowego
Rejestru Sądowego pod numerem 0000124858. NIP: 8542085557. REGON:
812023656. Kapitał zakładowy: 4 271500 PLN
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe


___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe