Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [winpcap]

9 questions
16
votes
3 answers

Stopping the WinPcap Packet capture service

I just installed WireShark, which also installed WinPcap. During the installation it said "do you want xxx to start automatically", which I answered yes. Now I would like to stop the service when I am not running wireshark, but cannot find a service…
Shiraz Bhaiji
  • 2,219
  • 8
  • 34
  • 47
3
votes
1 answer

Where in the Windows networking stack do WinPcap/Npcap hook/filter to "listen" for packets?

I'm investigating an issue with a process that performs IPC via a socket. The socket is served on the local machine's NIC's IP, and the connection is made to the local machine's NIC's IP from another process on the local machine. I expected that…
mbrownnyc
  • 1,825
  • 8
  • 30
  • 50
3
votes
1 answer

Is Winpcap able to capture all packets going through a Gigabit NIC without missing any packets?

I want to use Winpcap to capture all network packets going through a Gigabit NIC of a server. Assuming that I am able to utilize the network link up to 100%, the maximum network speed is 1000Mbps. If we exclude the TCP/IP headers, the maximum TCP…
userpal
  • 593
  • 3
  • 9
  • 17
2
votes
1 answer

Wireshark under Windows: Any way to capture packets before dropped by special filter drivers?

I've got some GigabitEthernet Vision cameras, which use Ethernet to communicate. The protocol is simple UDP, but for performance reasons (high packet throughput causing CPU load) the manufacturer uses a filter driver that prevents those packets from…
SDwarfs
  • 385
  • 4
  • 15
2
votes
0 answers

Wireshark (WinPCap) does not see Intel X520-DA2 10 GbE NIC teaming intermittently

I am running a team of two 10 GigE ports on Intel X520-DA2 network card. They work well in tandem and achieve the desired throughput. However, I see an intermittent issue whereby WireShark and my own application (using WinPCap) only show the…
GregC
  • 879
  • 2
  • 8
  • 24
2
votes
1 answer

Why can't I start the WinPCap npf service when I'm the administrator?

I recently installed Wireshark on a Win 7 host, but now it won't let me start the NPF service. I get: C:\Windows\system32>net start npf System error 5 has occurred. Access is denied. That's strange, because I am in the local admins group, and the…
David Bullock
  • 791
  • 3
  • 14
  • 20
1
vote
0 answers

Why adding capture filters breaks the traffic dump in wireshark / windump?

I have a strange issue while trying to capture RTP (UDP) traffic. I have a phone using IP 192.168.9.4 and a Windows 2003 PC connected to the same switch (actually to the monitor port of the switch - that's how I'm able to sniff the traffic). When I…
kyrisu
  • 491
  • 3
  • 5
0
votes
0 answers

NetGroup Packet Filter Driver isn't installed with WinPcap on Windows Server 2008 R2 64bit

I'm running Windows Server 2008 R2, 64 bit on a Virtual Server. There I want to install Wireshark to capture some of my network traffic for debugging purpose. During installation of Wireshark and WinPcap I ran into some problems. I've installed the…
oktopus
  • 51
  • 1
  • 4
0
votes
1 answer

Tcp retransmission tcp session reconstruction

Im trying to write a program that reconstructs tcp sessions. I have a pcap file which have packets. The problem is i dont know which packets i should use to construct sessions when there is a retransmission.…
varstas
  • 103
  • 1