Wednesday, June 10, 2015

Win10Pcap - a WinPcap fork

Today Gerald Combs graciously forwarded me an announcement about a new fork to WinPcap called Win10Pcap based on NDIS 6. I immediately tested it with Wireshark and NetScanTools Pro.

Since this fork uses a different kernel mode driver name - ie, NOT npf.sys, Wireshark shows the popup message "The NPF driver isn't running. You may have trouble capturing or listing interfaces.". However, even though this message shows Wireshark will run because Wireshark loads packet.dll and wpcap.dll - these two DLL interfaces are unchanged (the WinPcap SDK interface is supposedly unchanged) so no matter what the driver is called, it starts. So, yes, Wireshark 1.12.5 appears to run with this fork of WinPcap.

That brings me to NetScanTools Pro. Not only does NetScanTools Pro capture packets (like Wireshark), it also sends packets. I tested the ARP, Ping and Traceroute tools that depend on WinPcap for sending packets. They appeared to work OK.

I was just about to release NetScanTools Pro 11.70, so I was able to make my test for active running npf.sys also test for the new service name - so that means NetScanTools Pro will be able to detect either the official WinPcap 4.1.3 and successors or this new fork.

Note that old WinPcap 4.1.3 DOES WORK FINE on later releases of Windows 10 builds based on NDIS 5. So it's your choice as to whether you need to use this new fork.

You may download this new WinPcap fork from http://www.Win10Pcap.org/ however, since they use GPLv2 instead of BSD license as WinPcap has historically done, we will not be including the installer with NetScanTools Pro.

Congrats to the author of Win10Pcap! (but what happens to the name when Win 11 is released?)

1 comment:

Anonymous said...

There will be no Windows 11 as far as I know.