[Winpcap-users] PacketOpenAdapter

Fish fish at infidels.org
Wed Jun 25 16:18:55 GMT 2008

Hash: SHA1

Wei Gao wrote:

> I am using PacketOpenAdapter (included in Packet.dll 4.0.0) to get
> Wi-Fi adapter information (including the NPF driver handle) before
> continuing my process. However PacketOpenAdapter fails when the
> adapter is added to the system after Winpcap package is installed.
> It seems that the newly added adapter is not in Winpcap adapter
> information database, so
> PacketOpenAdapter fails to find it. Is there a way to resolve this?

Yes. Keep reading. :)

> Particularly is there an API that can update Winpcap adapter
> database so I can always call it before continuing my process?

Not that I'm aware of, no.

> I am running this on WinXP SP2. Thanks!

Hopefully GV (Gianluca Varenni) will correct me if I'm wrong about
this, but as far as I know the ONLY way capture packets on a newly
installed adapter (i.e. on an adapter that was installed AFTER
WinPcap had already been previously installed) is to first uninstall
and then REINSTALL WinPcap afterwards.

The way I understand it is this: whenever WinPcap is installed, it
inserts its own protocol driver into each adapter's driver stack so
that it can sniff the packets flowing into and out of that particular
network adapter.

If you then install a brand new adapter, it of course installs
whatever set of device drivers it happens to need in order to use
that particular piece of hardware, but what it DOESN'T do is
automatically invoke WinPcap's device driver installation program.
That is to say, whenever you install a new network adapter, WinPcap
does NOT somehow "magically" know about it. (Neither WinPcap *nor*
the installation program for your new adapter is psychic after all!)

Thus whenever you install a new network adapter AFTER WinPcap has
already been installed, since WinPcap's device driver is thus NOT
inserted into that particular adapter's driver stack, there's NO
FRICKIN' WAY for WinPcap to *ever* sniff *any* traffic on that
particular adapter!

Until, that is, you first UNINSTALL and then REINSTALL WinPcap.

Once you re-install WinPcap again however [after installing your new
adapter], the WinPcap installation program is then able, at *that*
moment, to FINALLY "see" this new adapter of yours and to insert
itself into that adapter's driver stack, thereby allowing you to use
WinPcap to sniff traffic on that adapter.

Do you understand now?

The rule is (and Gianluca, please correct me if I'm wrong about

  Always, *always*, *ALWAYS*, re-install WinPcap after installing a
new network adapter -- if you want to be able to use WinPcap on that
adapter that is.

- -- 
"Fish" (David B. Trout) - fish(at)infidels.org
Fight Spam! Join CAUCE! <http://www.cauce.org/>
(Any HTML email received will be deleted unread)
PGP key fingerprints:
RSA: 6B37 7110 7201 9917 9B0D 99E3 55DB 5D58 FADE 4A52
DH/DSS: 9F9B BAB0 BA7F C458 1A89 FE26 48F5 D7F4 C4EE 3E2A

Version: PGP 8.1


More information about the Winpcap-users mailing list