search

seladb / PcapPlusPlus

PcapPlusPlus is a multiplatform C++ library for capturing, parsing and crafting of network packets. It is designed to be efficient, powerful and easy to use. It provides C++ wrappers for the most popular packet processing engines such as libpcap, Npcap, WinPcap, DPDK, AF_XDP and PF_RING.
https://pcapplusplus.github.io/
The Unlicense
2.74k stars 673 forks source link

Windows 10,WpdPack_4_1_2 or npcap-1.60 run DnsSpoofing of Examples fail #792

Closed dylu6699 closed 2 years ago

dylu6699 commented 2 years ago

1643094878(1) Run failed here "Error setting the capture mode for device"

seladb commented 2 years ago

Maybe a permissions issue with the user running it? 🤔

dylu6699 commented 2 years ago

Maybe a permissions issue with the user running it? 🤔 Permissions have been configured 1、requireAdministrator (/level='requireAdministrator')

2、[ERROR: D:\workspace\github\PcapPlusPlus\Pcap++\src\WinPcapLiveDevice.cpp: pcpp::WinPcapLiveDevice::startCapture:29] Error setting the capture mode for device '\Device\NPF_{22642BEC-89C2-48C3-9FF2-9F4012299A2C}'

3、Just comment out these lines of code PcapPlusPlus\Pcap++\src\WinPcapLiveDevice.cpp 1643111968(1)

1643112304(1)

4、At present, it only supports capturing Ethernet messages. Can the subsequent messages support the wireguard protocol? thank you

seladb commented 2 years ago

@qq805005062 can you try to add pcap_geterr() to see what the error is?

if (pcap_setmode(m_PcapDescriptor, MODE_STAT) < 0)
{
    LOG_ERROR("Error setting the statistics mode for device '" << m_Name << "', error is: " << pcap_geterr(m_PcapDescriptor));
    return false;
}

If that works you can open a PR with this change, might be useful for others

dylu6699 commented 2 years ago

If that works you can open a PR with this change, might be useful for others

[ERROR: D:\workspace\github\PcapPlusPlus\Pcap++\src\WinPcapLiveDevice.cpp: pcpp::WinPcapLiveDevice::startCapture:29] Error setting the statistics mode for device '\Device\NPF_{22642BEC-89C2-48C3-9FF2-9F4012299A2C}', error is: driver error: working mode not recognized

error is: driver error: working mode not recognized

seladb commented 2 years ago

@qq805005062 I googled this error and here are a few interesting threads I found:

https://github.com/odedshimon/BruteShark/issues/99

https://www.winpcap.org/pipermail/winpcap-users/2007-October/002137.html

It looks like this error comes from this part of WinPcap / Npcap / libpcap code: https://github.com/limhoff-r7/libpcap/blob/master/pcap-win32.c#L140-L148

Which actually call PacketSetMode() which is defined in Packet32: https://github.com/clemensg/pcap/blob/master/packetNtx/Dll/Packet32.c#L2590

Is the NIC you're trying to capture packets from a standard Ethernet device or is it a WiFi, USB or AirPcap interface?

dylu6699 commented 2 years ago

Ethernet device interface is Broadband network interface, Hardware network card,Ethernet of windows 10,Just comment out these lines of code 1643190169(1) 1643190843(1)

seladb commented 2 years ago

to be honest, I don't know what's causing the error. It works fine on every Windows machine I used. Do you have another Windows machine with a different NIC to test with?

seladb commented 2 years ago

I'm closing the issue now, please reopen if still relevant