[Windump] no interface found on Vista

S.P. s.puygrenier at freesurf.fr
Tue Apr 7 08:12:53 PDT 2009 

Hi,

I tried to install WinPcap on Vista (quite fresh install), in order to use
Wireshark, but it seems that it can't find any network interface, which is a
little bit annoying :)

Here are some diagnostic elements... (few comments added between
parenthesis)

G:\>windump -D
(nothing)

G:\>windump -h
windump version 3.9.5, based on tcpdump version 3.9.5
WinPcap version 4.0.2 (packet.dll version 4.0.0.1040), based on libpcap
version
0.9.5
Usage: windump [-aAdDeflLnNOpqRStuUvxX] [ -B size ] [-c count] [ -C
file_size ]
                [ -E algo:secret ] [ -F file ] [ -i interface ] [ -M secret
]
                [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
                [ -W filecount ] [ -y datalinktype ] [ -Z user ]
                [ expression ]

G:\>set
(stripped)
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
SystemDrive=G:
SystemRoot=G:\Windows
TEMP=G:\temp
TMP=G:\temp

G:\>sc qc NPF
[SC] QueryServiceConfig SUCCESS

SERVICE_NAME: NPF
        TYPE               : 1  KERNEL_DRIVER
        START_TYPE         : 2   AUTO_START
        ERROR_CONTROL      : 1   NORMAL
        BINARY_PATH_NAME   : system32\drivers\npf.sys
        LOAD_ORDER_GROUP   :
        TAG                : 0
        DISPLAY_NAME       : NetGroup Packet Filter Driver
        DEPENDENCIES       :
        SERVICE_START_NAME :

G:\>sc query NPF

SERVICE_NAME: NPF
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

G:\>ipconfig /all
(xxxx-ed)

Windows IP Configuration

   Host Name . . . . . . . . . . . . : xxxxx
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No

PPP adapter Internet ADSL:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Internet ADSL
   Physical Address. . . . . . . . . :
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv4 Address. . . . . . . . . . . : 84.102.211.xx (Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.255
   Default Gateway . . . . . . . . . : 0.0.0.0
   DNS Servers . . . . . . . . . . . : 84.103.237.xx
                                       86.64.145.xx
   NetBIOS over Tcpip. . . . . . . . : Disabled


G:\>ping www.yahoo.com

Pinging www-real.wa1.b.yahoo.com [87.248.113.14] with 32 bytes of data:

Reply from 87.248.113.14: bytes=32 time=401ms TTL=57
Reply from 87.248.113.14: bytes=32 time=61ms TTL=57
Reply from 87.248.113.14: bytes=32 time=63ms TTL=57

Ping statistics for 87.248.113.14:
    Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 61ms, Maximum = 401ms, Average = 175ms
Control-C
^C

G:\>ver

Microsoft Windows [Version 6.0.6000]

(vista home premium / english)

G:\>net start
These Windows services are started:

   Application Experience
   Ati External Event Utility
   Background Intelligent Transfer Service
   Base Filtering Engine
   COM+ Event System
   Cryptographic Services
   DCOM Server Process Launcher
   Desktop Window Manager Session Manager
   DHCP Client
   Diagnostic Policy Service
   Diagnostic System Host
   Distributed Link Tracking Client
   DNS Client
   DU Meter Service
   Group Policy Client
   IKE and AuthIP IPsec Keying Modules
   IP Helper
   IPsec Policy Agent
   KtmRm for Distributed Transaction Coordinator
   lxdb_device
   Multimedia Class Scheduler
   Network Connections
   Network List Service
   Network Location Awareness
   Network Store Interface Service
   PC Tools Firewall Plus
   Plug and Play
   Portable Device Enumerator Service
   Program Compatibility Assistant Service
   Protected Storage
   Protexis Licensing V2
   Remote Access Connection Manager
   Remote Procedure Call (RPC)
   Secondary Logon
   Security Accounts Manager
   Shell Hardware Detection
   SL UI Notification Service
   Software Licensing
   SSDP Discovery
   System Event Notification Service
   Task Scheduler
   TCP/IP NetBIOS Helper
   Telephony
   Themes
   User Profile Service
   WebClient
   Windows Audio
   Windows Audio Endpoint Builder
   Windows Driver Foundation - User-mode Driver Framework
   Windows Event Log
   Windows Management Instrumentation
   Windows Update

The command completed successfully.

###########

IPv6 is disabled in RAS connection

modem = sagem f at st 800 usb (simple adsl modem, not a full adsl "box" with
tv/phone/etc. - this model is quite classic in France)

problem remains when changing encapsulation PPPoA/PPPoe/VCMUX/etc.

msinfo32.exe/system driver/npf : npf.sys/kernel driver/started/auto/running

pc tools firewall+ installed, but problem remains when stopping it

any other diagnostic on request...

Best regards,
SP

More information about the Windump mailing list