Wireshark-users: Re: [Wireshark-users] Problem with WinDump

From: Gordon Fyodor Lyon <gordon@xxxxxxxx>
Date: Tue, 29 Oct 2019 18:07:34 -0700


On Tue, Oct 29, 2019 at 5:43 PM Guy Harris <guy@xxxxxxxxxxxx> wrote:
On Oct 29, 2019, at 4:53 AM, Cristian Soto <csoto@xxxxxxxxxxxxx> wrote:

> I’m having some issues with WinDump not showing the VLan although with WireShark I get it.

WinDump is based on an older version of tcpdump that didn't understand that particular CDP TLV; the current version of tcpdump does, but there's nobody I know of providing a binary version of that for Windows.

For what it's worth, we (Npcap Project) have been successfully building newer tcpdump with Npcap.  We are even hoping to distribute in with the Npcap self-installer (as an optional component), but we haven't integrated it yet.  I did create a feature request for it here: https://github.com/nmap/nmap/issues/1341

I guess it's sort of vaporware since we haven't fully released the binaries yet, but at least folks who are really motivated can compile it themselves.  We probably have at least 2 months worth of higher priority Nmap/Npcap work left before we can get back to tcpdump integration.

Cheers,
Fyodor