[Winpcap-users] [Wireshark-dev] how Wireshark get linktype?

Gianluca Varenni gianluca.varenni at cacetech.com
Tue Sep 8 09:04:18 PDT 2009


You will probably need to start with npf.sys

GV

----- Original Message ----- 
From: "Joshua (Shiwei) Zhao" <swzhao at gmail.com>
To: <winpcap-users at winpcap.org>
Sent: Tuesday, September 01, 2009 6:37 PM
Subject: Re: [Winpcap-users] [Wireshark-dev] how Wireshark get linktype?


Do I need to debug on npf.sys or wpcap.dll for this problem?

Thanks,
Joshua


On Tue, Sep 1, 2009 at 6:34 PM, Gianluca
Varenni<gianluca.varenni at cacetech.com> wrote:
> If you want to debug the winpcap driver (npf.sys) you will need two 
> machines
> (or eventually a virtual machine supporting your device) and WinDbg for
> kernel debugging.
>
> Have a nice day
> GV
>
> ----- Original Message -----
> From: "Joshua (Shiwei) Zhao" <swzhao at gmail.com>
> To: <winpcap-users at winpcap.org>; "Developer support list for Wireshark"
> <wireshark-dev at wireshark.org>
> Sent: Tuesday, September 01, 2009 5:54 PM
> Subject: Re: [Wireshark-dev] [Winpcap-users] how Wireshark get linktype?
>
>
> Is there a way to debug winpcap at runtime when Wireshark calls it?
>
> Many thanks,
> Joshua
>
>
> On Tue, Sep 1, 2009 at 5:37 PM, Guy Harris<guy at alum.mit.edu> wrote:
>>
>> On Sep 1, 2009, at 5:31 PM, Joshua (Shiwei) Zhao wrote:
>>
>>> 2) Since I already set the driver to monitor mode, I thought winpcap
>>> should return that as the default.
>>> In fact, winpcap doesn't even return DLT_IEEE802_11_RADIO as an
>>> option. It only gives the default linke types. That's why I wonder
>>> whether there is compatibility issue between winpcap and the driver
>>> and whether winpcap uses those two OIDs for linktype queries.
>>
>> WinPcap knows nothing about monitor mode; it's a NDIS 5.x driver, and
>> there's no notion of "monitor mode" in NDIS 5.x. It also has no
>> notion of DLT_IEEE802_11_RADIO or even DLT_IEEE802_11, as there's no
>> notion of a device returning 802.11 headers in NDIS 5.x.
>>
>> _______________________________________________
>> Winpcap-users mailing list
>> Winpcap-users at winpcap.org
>> https://www.winpcap.org/mailman/listinfo/winpcap-users
>>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev at wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request at wireshark.org?subject=unsubscribe
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
_______________________________________________
Winpcap-users mailing list
Winpcap-users at winpcap.org
https://www.winpcap.org/mailman/listinfo/winpcap-users 



More information about the Winpcap-users mailing list