npcap icon indicating copy to clipboard operation
npcap copied to clipboard

Published 20 hours ago verified publisher icon nmap

Failure to Capture Virtual Adapter - winpcap can capture but npcap does not

Open Himself132 opened this issue 8 months ago • 10 comments

Describe the bug Older versions of wireshark and winpcap can capture traffic for a VPN adapter Citrix provides with their Citrix Gateway product, the newer versions show the adapter as being selectable but it captures no traffic using npcap

To Reproduce Steps to reproduce the behavior:

  1. Use Wireshark Version 4.2.5 (v4.2.5-0-g4aa814ac25a1) and Npcap version 1.78
  2. Run as administrator
  3. Select the Citrix Virtual Adapter to capture traffic
  4. Observe a lack of packets being captured
  5. Use Wireshark Version 4.0.8 and winpcap 4.1.3
  6. run as administrator
  7. Select the citrix virtual adapter to capture traffic
  8. observe traffic captured

Expected behavior Traffic should be displayed and captured in the newer versions of wireshark and npcap

Screenshots No traffic notraffic-wireshark traffic with older version and winpcap 4.1.3 traffic-wireshark

Diagnostic information

  • Windows version from winver (e.g. Windows 11 Version 21H2, OS Build 22000.795) Version 22H2 (OS Build 19045.4412)

  • Output of DiagReport DiagReport-20240530-095347.txt

  • Installation logs install.log

  • Any special hardware or software that may be relevant: VPN, firewall, antivirus, virtualization (SR-IOV passthrough, etc). Citrix Gateway Plug-in version 20.11.3.1

Additional context Updated wireshark info Version 4.2.5 (v4.2.5-0-g4aa814ac25a1). Copyright 1998-2024 Gerald Combs [email protected] and contributors. This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.37, build 32822), with GLib 2.78.0, with Qt 6.5.3, with libpcap, with zlib 1.3.0, with PCRE2, with Lua 5.2.4 (with UfW patches), with GnuTLS 3.8.4 and PKCS #11 support, with Gcrypt 1.10.2-unknown, with Kerberos (MIT), with MaxMind, with nghttp2 1.61.0, with nghttp3 1.0.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.11.5, with libsmi 0.5.0, with QtMultimedia, with automatic updates using WinSparkle 0.8.0, with AirPcap, with Minizip, with binary plugins. Running on 64-bit Windows 10 (22H2), build 19045, with 11th Gen Intel(R) Core(TM) i9-11950H @ 2.60GHz (with SSE4.2), with 31953 MB of physical memory, with GLib 2.78.0, with Qt 6.5.3, with Npcap version 1.78, based on libpcap version 1.10.4, with PCRE2 10.42 2022-12-11, with c-ares 1.27.0, with GnuTLS 3.8.4, with Gcrypt 1.10.2-unknown, with nghttp2 1.61.0, with nghttp3 1.0.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.5.2, without AirPcap, with dark display mode, without HiDPI, with QPA plugin "windows", with LC_TYPE=English_United States.utf8, binary plugins supported.

Wireshark 4.0.8 info Version 4.0.8 (v4.0.8-0-g81696bb74857).

Compiled (64-bit) using Microsoft Visual Studio 2022 (VC++ 14.36, build 32537), with GLib 2.72.3, with PCRE2, with zlib 1.2.12, with Qt 5.15.2, with libpcap, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.10.1, with Kerberos (MIT), with MaxMind, with nghttp2 1.46.0, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.14, with libsmi 0.4.8, with QtMultimedia, with automatic updates using WinSparkle 0.8.0, with AirPcap, with SpeexDSP (using bundled resampler), with Minizip, with binary plugins.

Running on 64-bit Windows 10 (22H2), build 19045, with 11th Gen Intel(R) Core(TM) i9-11950H @ 2.60GHz (with SSE4.2), with 31953 MB of physical memory, with GLib 2.72.3, with PCRE2 10.40 2022-04-14, with Qt 5.15.2, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with c-ares 1.18.1, with GnuTLS 3.6.3, with Gcrypt 1.10.1, with nghttp2 1.46.0, with brotli 1.0.9, with LZ4 1.9.3, with Zstandard 1.5.2, without AirPcap, with light display mode, without HiDPI, with LC_TYPE=English_United States.utf8, binary plugins supported.

Himself132 avatar May 30 '24 15:05 Himself132