Wireshark-dev: Re: [Wireshark-dev] Favoring Npcap over WinPcap at runtime?

From: Graham Bloice <graham.bloice@xxxxxxxxxxxxx>
Date: Wed, 18 Oct 2017 10:54:02 +0100


On 18 October 2017 at 09:45, Pascal Quantin <pascal.quantin@xxxxxxxxx> wrote:
Hi list,

when we introduced Npcap support back in 2015/2016, we decided that WinPcap driver should have higher precedence due to its known stability (and despite issues with newer Windows versions).  By that time, you could get a BSoD with Npcap.

Time has elapsed since, and Npcap is now bundled with Nmap. The number of commits in Npcap repository (https://github.com/nmap/npcap/) have also decreased, which hopefully means that the product is more mature (the list of opened issues can be found here: https://github.com/nmap/nmap/issues?q=is%3Aissue+is%3Aopen+label%3ANpcap).

Nmap team filled bug 14134 regarding a library loading issue they spotted. We are gonna fix it, but it raises the question of which capture driver (between WinPcap and Npcap) should be attempted to be loaded first.
Note that for now I do not want to change the driver bundled with our Windows installers (the Npcap license restriction must be solved before even thinking about it). So this only concerns people having installed both WinPcap and Npap. Moreover, if we agree on the change, I would suggest to apply it only in development branch.

Thoughts?

Regards,
Pascal.


I'm generally in agreement with all the above, but I'm torn on hard-coding a preference for one capture library over another.  If a system has both, who are we to say which one will be used to the exclusion of the other.

I guess I'm implying we should expose a preference to allow the user to choose which is definitely more work but does give control back.


--
Graham Bloice