Closed Komosa closed 3 years ago
hsluoyz
commented
8 years ago Hi @Komosa ,
I installed a Win Server 2016 TP4 English on my VMware Workstation 12, with Wireshark 2.0.2 x64 and Npcap 0.06 R13. I captured on Ethernet0 and Npcap Loopback Adapter. I didn't see the abnormal packets you described.
I didn't install any other softwares. Could you provide detailed reproduce steps about this bug? Thanks.
Cheers, Yang
Komosa
commented
8 years ago Hi, I reproduced issue also on freshly installed Win10 enterprise N version 1511 (updated feb 2016), 64bit. I Just installed it in my Virtualbox 5.0.16 and then downloaded wireshark (2.0.2) and npcap (Npcap 0.06 R13) via powershell's wget.
See examplary packet here. I would rather expect end of file just after TCP layer, with proper lengh in pcap_header_t.len
hsluoyz
commented
8 years ago Hi @Komosa ,
I confirmed this issue on my Virtualbox 5.0.14 + Win10 Pro 10240 x64 + Wireshark 2.0.2 x64 + Npcap 0.06 R13.
I think the cause of this issue is compatibility of Npcap with Virtualbox. Because you won't encounter this issue on a VMware guest or a physical host.
It still needs to be clarified whether this bug belongs to Npcap or Virtualbox.
Komosa
commented
8 years ago There were no problems when using winpcap, so it seems that problem is at least related to npcap.
hsluoyz
commented
8 years ago Hi @Komosa ,
I have confirmed that it's a Npcap bug introduced in 0.06 R9. I will fix it. Thanks for report!
hsluoyz
commented
8 years ago Hi @Komosa ,
This bug has been fixed in Npcap 0.06 R14.
Please try the latest installer at: https://github.com/nmap/npcap/releases
Hi all, I started tests of win server 2016 (tech. preview 4) (I know, it is not supported yet by npcap).
I could observe following error with npcap-r06.13: Length of packets on wire is reported incorrectly, instead of expected value reported value is 2048 (for majority of packets). After adding those lengths over some period, sum is significantly greater than expected. Length at IPv4 layer is (about) 1480. I run those test in Virtualbox VM hosted on Win7.
I could not reproduce this behavior with winpcap or on Windows 7. I didn't run tests on Windows 10 (yet).
best regards.