Ask Your Question
0

NPCAP 0.995 gives duplicate packets

asked 2019-09-03 09:39:11 +0000

Landi gravatar image

updated 2021-09-22 21:29:27 +0000

Hey @all,

Update: Still having the same issue on multiple devices with Wireshark 3.4.8 and NPCAP 1.31

on my Lenovo X1 Carbon with Wireshark 3.0.3 the npcap installer 0.995 results in every sent packet from my machine being captured twice, bit-wise identical with minimal time delta of a few microseconds only.

This happens on all interfaces (Wi-Fi, Ethernet, USB Ethernet) and google searches seen to confirm the issue see e.g. https://github.com/nmap/nmap/issues/1055 however - I do not have any workaround to solve the issue, not even disabling promisc. mode works.

I have not installed the loopback adapter or configured WinPCAP compatibility mode, since either or both options will break my Fibercom WWAN interface from working, so its quite frustrating - any hints or help appreciated

edit retag flag offensive close merge delete

Comments

I have had issues with earlier versions of npcap, possibly including 0.995 installing multiple loopback adaptors, but you say you haven't checked that option. There were also odd errors with packets.

To recover, I uninstalled npcap (and I think WinPcap), deleted any extra adaptors and then rebooted. I then checked for any sign of WinPcap and npcap (Program Files dirs and %WINDIR%\System32\npcap and %WINDIR%\System32\Packet.dll, removing any found) before installing the current version of npcap (currently 0.9982).

Regardless, this is an npcap issue and should be pursued with their support system, Wireshark can't do anything about npcap behaviour.

grahamb gravatar imagegrahamb ( 2019-09-03 10:21:13 +0000 )edit

Thanks Graham, I fully acknowledge that it is NPCAP issue, I still thought it is useful to post it here for reference and maybe someone has already found a solution for that (hopefully) ;)

Landi gravatar imageLandi ( 2019-09-03 11:17:14 +0000 )edit

Note that "their support system" is primarily the Issues section of the Npcap GitHub repository.

Guy Harris gravatar imageGuy Harris ( 2019-09-03 20:51:05 +0000 )edit

I do not have any workaround to solve the issue

One of the comments in Issue 58 indicated that the issue is still present with 0.9982, but 0.9983 is now available, so perhaps it's fixed now. Have you tried with 0.9983? If it's still an issue with this latest version, then another comment mentions that, "it only happens with VMWare Workstation installed.", so maybe that is the also the case here? Do you have VMWare Workstation installed on your computer, and if so, is it possible to uninstall it to see if the problem is resolved? Obviously permanently uninstalling it isn't the real solution, but it might help you get past your immediate problem.

cmaynard gravatar imagecmaynard ( 2019-09-06 13:44:52 +0000 )edit

I have three machines running Wireshark 3.0.3 with npcap 0.995 and VMWare Workstation 15.1 - two of them are having the issue, one not. Updating to 0.9983 did not fix it unfortunately

Landi gravatar imageLandi ( 2019-09-10 15:32:49 +0000 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2021-09-23 08:20:35 +0000

grahamb gravatar image

There is little point continuing this discussion here, it only remains as a pointer to the real place to go to for help, that's the npcap issue tracker and the nmap mailing list.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-09-03 09:39:11 +0000

Seen: 635 times

Last updated: Sep 23