Varunram
commented
7 years ago @dmiller-nmap Npcap seems to react in the same way as WinPcap and doesn't notice the network interface without a restart.
Closed dmiller-nmap closed 3 years ago
Varunram
commented
7 years ago @dmiller-nmap Npcap seems to react in the same way as WinPcap and doesn't notice the network interface without a restart.
capt2101akash
commented
7 years ago @Varunram I agree with you. @dmiller-nmap I tried using Winpcap and found that as the other user says it requires a driver restart to detect a new interface and as npcap and WinPcap works the same way, the problem persists in npcap too. So I think we need to find out a way around to solve this problem. Thanks.
hsluoyz
commented
7 years ago @dmiller-nmap , the Npcap/WinPcap driver is never a plug-and-play driver. Technically, there are two difficulties:
Microsoft doesn't provide such an interface for a filter driver to detect the new interface. Maybe there are some other types of drivers that can do it. But integrating such a mechanism into Npcap would need a significant amount of development.
Even if Npcap can detect the new interface, NDIS 6 model doesn't allow a filter driver to bind this new interface in the halfway. All the binding work has to be done in the "main" function of the driver ("main" function gets called when you start the driver). Legacy NDIS 5 supports binding to an interface in the halfway. But unfortunately, NDIS 5 is already an antique in XP era, and totally not supported in Npcap.
IMHO, maybe having this feature would be fancy, but restarting the driver after installing a new interface just seems also good enough.
hdm
commented
5 years ago It would be great to have a better solution to this going forward.
gvanem
commented
5 years ago @dmiller-nmap
Maybe this is related to how other CACE-tech products/drivers are designed?
E.g. I sometimes have problems with a hanging AirPcap driver (it's blocking at some IOCTL_x call).
A fix for me it to unplug the USB-dongle and put it back in. Always works.
dmiller-nmap
commented
5 years ago Npcap 0.9983 fixes this issue: adapters can be detected and supported for capture and injection as soon as they are bound to the NDIS stack!
Thread on WinPcap-users mailing list: https://www.winpcap.org/pipermail/winpcap-users/2017-January/005025.html
The user notes that WinPcap cannot detect new plug-and-play interface until the computer is rebooted. Another user comments that simply restarting the
npfdriver service will accomplish the same thing.I would like to know whether Npcap has the same behavior or if this is solved with the new filter driver design. If it has the same behavior, we should investigate what it might take to detect new interfaces without restarting the driver.