First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

NPCAP 0.995 gives duplicate packets

Hey @all,

Update: Still having the same issue on multiple devices with Wireshark 3.4.8 and NPCAP 1.31

on my Lenovo X1 Carbon with Wireshark 3.0.3 the npcap installer 0.995 results in every sent packet from my machine being captured twice, bit-wise identical with minimal time delta of a few microseconds only.

This happens on all interfaces (Wi-Fi, Ethernet, USB Ethernet) and google searches seen to confirm the issue see e.g. https://github.com/nmap/nmap/issues/1055 however - I do not have any workaround to solve the issue, not even disabling promisc. mode works.

I have not installed the loopback adapter or configured WinPCAP compatibility mode, since either or both options will break my Fibercom WWAN interface from working, so its quite frustrating - any hints or help appreciated

Landi's avatar
2.3k
Landi
asked 2019-09-03 09:39:11 +0000, updated 2021-09-22 21:29:27 +0000
edit flag offensive 0 remove flag close merge delete

Comments

I have had issues with earlier versions of npcap, possibly including 0.995 installing multiple loopback adaptors, but you say you haven't checked that option. There were also odd errors with packets.

To recover, I uninstalled npcap (and I think WinPcap), deleted any extra adaptors and then rebooted. I then checked for any sign of WinPcap and npcap (Program Files dirs and %WINDIR%\System32\npcap and %WINDIR%\System32\Packet.dll, removing any found) before installing the current version of npcap (currently 0.9982).

Regardless, this is an npcap issue and should be pursued with their support system, Wireshark can't do anything about npcap behaviour.

grahamb's avatar grahamb (2019-09-03 10:21:13 +0000) edit
more
  • delete

Thanks Graham, I fully acknowledge that it is NPCAP issue, I still thought it is useful to post it here for reference and maybe someone has already found a solution for that (hopefully) ;)

Landi's avatar Landi (2019-09-03 11:17:14 +0000) edit
more
  • delete

Note that "their support system" is primarily the Issues section of the Npcap GitHub repository.

Guy Harris's avatar Guy Harris (2019-09-03 20:51:05 +0000) edit
more
  • delete

I do not have any workaround to solve the issue

One of the comments in Issue 58 indicated that the issue is still present with 0.9982, but 0.9983 is now available, so perhaps it's fixed now. Have you tried with 0.9983? If it's still an issue with this latest version, then another comment mentions that, "it only happens with VMWare Workstation installed.", so maybe that is the also the case here? Do you have VMWare Workstation installed on your computer, and if so, is it possible to uninstall it to see if the problem is resolved? Obviously permanently uninstalling it isn't the real solution, but it might help you get past your immediate problem.

cmaynard's avatar cmaynard (2019-09-06 13:44:52 +0000) edit
more
  • delete

I have three machines running Wireshark 3.0.3 with npcap 0.995 and VMWare Workstation 15.1 - two of them are having the issue, one not. Updating to 0.9983 did not fix it unfortunately

Landi's avatar Landi (2019-09-10 15:32:49 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

There is little point continuing this discussion here, it only remains as a pointer to the real place to go to for help, that's the npcap issue tracker and the nmap mailing list.

grahamb's avatar
23.8k
grahamb
answered 2021-09-23 08:20:35 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer