Wireshark-dev: Re: [Wireshark-dev] Use Npcap as the default Windows capture library for Wiresha

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Mon, 6 Jun 2016 10:31:10 +0100


On 4 June 2016 at 04:27, Yang Luo <hsluoyb@xxxxxxxxx> wrote:
Hi list,

In the past few months, Npcap (https://github.com/nmap/npcap) has gone through many versions to reach a relatively stable release now (Npcap 0.07 R9). An obvious clue is that there're no such many BSoDs found as before, nearly only one BSoD-level bug for a month. Also we have got nearly all necessary parts as a product. We have official site (http://npcap.org/), documentation, SDK, paid technical support, etc.

As I have patched Wireshark to fully support Npcap mode, there's no issue for Wireshark no matter whether Npcap is installed in Npcap mode or WinPcap-API compatible mode. However, I recommend installing in Npcap mode directly because this is the default option in the installer.

Since Wireshark has dropped XP/Win2003 support long ago, so the fact that Npcap only works for Vista and later systems won't be an issue. Plus that Npcap also installs the original WinPcap 4.1.3 when running in XP.

Currently, we have already integrated Npcap 0.07 into Nmap 7.20 beta version, and soon there will be an official Npcap 1.0 release. So I think this is also a good time for Wireshark to integrate it. What're your opinions?



I think this will come up in discussions at SharkFest which you can't unfortunately attend.  We might be able to organise an on-line meeting in some form.

My own personal opinion is that we're not quite ready yet for general release, I think the plan is to release Wireshark 2.2 around SharkFest so attention will then switch to the development version 2.3.

The areas I would like to see completed in npcap, as capture is a critical usage part of Wireshark, before we make it the default capture library in Wireshark (for Windows) are (in no particular order, and some of these may have been done already):
  • Ensure that Visual Studio Code Analysis builds of npcap are free from all warnings.
  • Ensure that all possible Microsoft Driver tests run without warnings. i.e. SDV, HLK tests, whatever is applicable to npcap.
  • Attempt to produce a build and test environment (i.e. build + code analysis + tests, preferably on a "clean" install).
  • Update libpcap interface to the current libpcap master\trunk.  This might also encompass the build env setup with the current libpcap install\patch approach.
  • Ensure all current\planned libpcap wireless reporting and control mechanisms are supported.
  • Some performance\profiling analysis to ensure no degradations from WinPcap, and\or areas to improve.
  • Other stuff I haven't thought of yet.
Note that I'm not trying to be negative, just trying to make sure we offer Wireshark users the best possible software.

--
Graham Bloice