[Winpcap-users] related to a capture device

Gianluca Varenni gianluca.varenni at cacetech.com
Wed Jul 15 09:04:53 PDT 2009

  ----- Original Message ----- 
  From: Joshua (Shiwei) Zhao 
  To: winpcap-users at winpcap.org 
  Sent: Tuesday, July 14, 2009 5:21 PM
  Subject: [Winpcap-users] related to a capture device

  I'm using Wireshark as sniffer where it opens capture devices via winpcap. I want to edit the window registry related to the capture device opened by winpcap.
  To get the registry path of a capture device, we need to know its SubDriverKey which could be specified somewhere in windows registry. 
  Right now in Wireshark we only have the name, description, and ip_address of an opened device. Were they retrieved from registry table by winpcap? 

The description is retrieved with an OID to the miniport controlling the NIC. The name is generated out of the original GUID of the device prepended with a prefix (prefix that is not documented). 
  IP addresses are retrieved in a combination of ways, including registry and IP helper API.

  Is there a way to get their corresponding driver key?

It might be possible to get the device hardware subkeys out of the GUID of the device, but I never tried myself, and in any case it goes into the undocumented land. What I would do is use the Setup API to enumerate all the network devices until you find the one you are interested in and change the appropriate parameters.

  In addition, I hope to be able to disable/enable the capture device programmingly. Does winpcap offer this kind of functionality?

No. You need to use the Setup API for that.
Have a nice day

  Many thanks,


  Winpcap-users mailing list
  Winpcap-users at winpcap.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.winpcap.org/pipermail/winpcap-users/attachments/20090715/31b69029/attachment.htm 

More information about the Winpcap-users mailing list