Ask Your Question
0

Matlab mex-file UDP capture stops working after WireShark upgrade [solved]

asked 2022-08-03 15:03:58 +0000

Jos gravatar image

updated 2022-08-09 12:59:12 +0000

Solution to the problem below: unfortunately, the Wireshark installation coincided with a change in network adapters. Hence the application used the wrong adapter and did not function.

I use a Matlab mex-file to read UDP data. For this I use the WinPcap_developers_pack. It worked fine with Wireshark 3.2.6 and WinPcap 4.1.3.

Finally giving in to Wireshark's suggestions to upgrade I installed version 3.6.7. After this my application did not work any more.

Removing Wireshark 3.6.7 and WinPcap 4.1.3 and reinstalling Wireshark 3.2.6 and WinPcap 4.1.3 did not help.

Any idea?

Thanks, Jos

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-08-04 00:49:37 +0000

Guy Harris gravatar image

updated 2022-08-09 02:42:05 +0000

Helpful tip when asking questions: if your question involves software other than packet-sniffing software, do not assume that the people who might be able to answer your question are at all familiar with the software in question or the particular feature of that software that's involved.

From looking at some stuff on the Mathworks site, it appears that a "MEX file" is a file containing compiled C, C++, or Fortran code that can be used as an extension callable from Mathworks.

Presumably by "read[ing] UDP data" you either mean "capturing UDP packets from an interface" or "reading UDP packets from a capture file", as those are tasks for which you would use the libpcap API.

On Windows, code such as that could use either the old no-longer-maintained WinPcap or the new and maintained Npcap.

For recent releases of Wireshark, the installer installs Npcap, not Winpcap, by default. Npcap should be binary-compatible with WinPcap, but you probably have to install it with the "Install Npcap in WinPcap API-compatible Mode". That option appears to be the default if Npcap isn't currently installed, but perhaps it wasn't specified.

Check whether you have WinPcap, Npcap, or both installed, and uninstall both of them. Then try installing WinPcap 4.1.3. (The version of Wireshark is irrelevant to an application that uses WinPcap/Npcap; it's only the version of WinPcap or Npcap that's installed that matters. Npcap is, and WinPcap was, developed by a separate group of developers from the Wireshark developers; the only connection between them is that Wireshark uses WinPcap or Npcap for packet capture and have an installer for Npcap - formerly an installer for WinPcap - bundled with the Wireshark installer.)

In the longer term, you probably want to use Npcap. If your code is built with the WinPcap SDK, then it should work with Npcap IFNpcap was installed with the "Install Npcap in WinPcap API-compatible Mode" option - and it might not work if both WInPcap and Npcap are installed. Npcap has its own SDK, downloadable from https://npcap.com/, with which you can build your code.

edit flag offensive delete link more

Comments

Thanks for your extensive answer.

I am capturing UDP packets from an interface.

I tried npcap (installed in WinPcap API-compatible Mode) instead of winpcap. Still the code did not work.

I now run Wireshark 3.2.6 and WinPcap 4.1.3, just like when it worked before the upgrade, and it does not work (npcap is not installed).

What happens in more detail is that I perform this call:

res= pcap_next_ex(adhandle, &header, &pkt_data);

With the result res== 0 forever, which means that timeout has elapsed. pcap_next_ex is from the WinPcap_developers_pack.

Interestingly, I use the application on two PC's, let's say A and B, with A the one having the problem and B still running fine. So I can compare what software is on both.

On A and B is WinPcap 4.1.3 (4.1.0.2980).

On A is Wireshark 3.2.6.0 (174 ...(more)

Jos gravatar imageJos ( 2022-08-04 10:22:43 +0000 )edit

On A is Wireshark 3.2.6.0 (174 MB), installed today. File: Wireshark-win64-3.2.6.msi On A is Wireshark 3.2.6 64-bit (179 MB), installed on 6 May 2021. The installation information is from Windows "Add or remove programs" information.

What about the version information for WinPcap or Npcap?

Guy Harris gravatar imageGuy Harris ( 2022-08-06 12:40:41 +0000 )edit

I do not use npcap at the moment. On A and B is WinPcap 4.1.3 (4.1.0.2980).

Jos gravatar imageJos ( 2022-08-09 09:01:17 +0000 )edit

As WinPcap is obsolete and unsupported note that any future change to Wireshark or the OS you're running Wiireshark\WinPcap on, may cause WinPcap to fail.

I think you're living on borrowed time there and should investigate moving your application to npcap which obviously has a cost but would get you back on a supported path.

grahamb gravatar imagegrahamb ( 2022-08-09 13:26:37 +0000 )edit

Thanks. I am using npcap now. I made the original version of the application 5 years back.

Jos gravatar imageJos ( 2022-08-09 13:28:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2022-08-03 15:03:58 +0000

Seen: 180 times

Last updated: Aug 09 '22

Related questions

Why would I be getting "LEN 1 (Malformed Packet)"... "(Malformed Packet: RTCP)" on UDP Packets

My UDP packets aren't showing

Monitoring UDP data on wireshark shows ARP packet

How do I use the fragment_add_seq_check function in UDP packet reassembly?

Is it possible to use reassembly on non-split packets?

How do I dissect packets if the dissection depends on information from earlier packets?

What is the udp.length display filter actually for?

IO Graph: Plot ICMP response time

How do i export RTP-UDP(UNICAST and MULTICAST Stream to a VLC Playable-file

Broken save and copy function in Statistics/UDP Multicast Streams

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2