NPCAP 0.995 gives duplicate packets

asked 2019-09-03 09:39:11 +0000

Landi gravatar image

Hey @all,

on my Lenovo X1 Carbon with Wireshark 3.0.3 the npcap installer 0.995 results in every sent packet from my machine being captured twice, bit-wise identical with minimal time delta of a few microseconds only.

This happens on all interfaces (Wi-Fi, Ethernet, USB Ethernet) and google searches seen to confirm the issue see e.g. https://github.com/nmap/nmap/issues/1055 however - I do not have any workaround to solve the issue, not even disabling promisc. mode works.

I have not installed the loopback adapter or configured WinPCAP compatibility mode, since either or both options will break my Fibercom WWAN interface from working, so its quite frustrating - any hints or help appreciated

edit retag flag offensive close merge delete

Comments

I have had issues with earlier versions of npcap, possibly including 0.995 installing multiple loopback adaptors, but you say you haven't checked that option. There were also odd errors with packets.

To recover, I uninstalled npcap (and I think WinPcap), deleted any extra adaptors and then rebooted. I then checked for any sign of WinPcap and npcap (Program Files dirs and %WINDIR%\System32\npcap and %WINDIR%\System32\Packet.dll, removing any found) before installing the current version of npcap (currently 0.9982).

Regardless, this is an npcap issue and should be pursued with their support system, Wireshark can't do anything about npcap behaviour.

grahamb gravatar imagegrahamb ( 2019-09-03 10:21:13 +0000 )edit

Thanks Graham, I fully acknowledge that it is NPCAP issue, I still thought it is useful to post it here for reference and maybe someone has already found a solution for that (hopefully) ;)

Landi gravatar imageLandi ( 2019-09-03 11:17:14 +0000 )edit

Note that "their support system" is primarily the Issues section of the Nmap GitHub repository (yes, Nmap - Npcap uses the Nmap issues tracker rather than having its own issue tracker; the Npcap project has its own repository but, for some reason, that repository doesn't have an issue tracker).

Guy Harris gravatar imageGuy Harris ( 2019-09-03 20:51:05 +0000 )edit

I do not have any workaround to solve the issue

One of the comments in Issue 1576 indicated that the issue is still present with 0.9982, but 0.9983 is now available, so perhaps it's fixed now. Have you tried with 0.9983? If it's still an issue with this latest version, then another comment mentions that, "it only happens with VMWare Workstation installed.", so maybe that is the also the case here? Do you have VMWare Workstation installed on your computer, and if so, is it possible to uninstall it to see if the problem is resolved? Obviously permanently uninstalling it isn't the real solution, but it might help you get past your immediate problem.

cmaynard gravatar imagecmaynard ( 2019-09-06 13:44:52 +0000 )edit

I have three machines running Wireshark 3.0.3 with npcap 0.995 and VMWare Workstation 15.1 - two of them are having the issue, one not. Updating to 0.9983 did not fix it unfortunately

Landi gravatar imageLandi ( 2019-09-10 15:32:49 +0000 )edit