Comments (14)
Npcap broke the remote capture support when they took over the WinPcap project, see nmap/npcap#312 and nmap/npcap#74 this is not an issue with sharppcap itself.
To use remote pcap, use libpcap (depending on disto, it could be disabled by default), or WinPcap
from sharppcap.
Just to get some clarity, is libpcap option usable on Windows platform for this library or is only for Linux platforms? It wasn't clear looking at the README file. I haven't used this library myself so haven't looked through any documentation.
Asking as winpcap is kind of deprecated/obsolete with newer versions of Windows? So really users are left with npcap or libpcap. And npcap offers an installer, on Windows I assume user will have to build libpcap from source? And then i'm wondering where might the user have to place or register the built libpcap sources (some DLLs), perhaps under C:\Windows\system32? like packet.dll, assuming that is one of the outputs of libpcap on Windows - because winpcap and ncpap have that. Based on reading https://omnine.blogspot.com/2020/08/wireshark-remote-capture-with-rpcapd.html.
from sharppcap.
libpcap is Linux/macos only, Npcap is a commercial port of libpcap, WinPcap is the predecessor of Npcap, and abandoned by its maintainers.
Libpcap can be compiled to work on Windows, but then you would only have offline api (read/write pcap), with no network access due to the lack of a driver.
from sharppcap.
For anyone interested in this further, and still having issues, I'd be interested how it is working on Wireshark but not here. Because latest Wireshark uses Npcap by default, and remote pcap (client) works there.
I'm assuming this issue may go away if user upgrades to a newer or latest npcap version? Per the referenced npcap issue link for client side rpcap, the fix was in npcap v0.9983+, and there was upgrade of libpcap used by npcap in v1.31+.
from sharppcap.
Wireshark have its own rpcap imlimentation it does not use libpcap or npcap for remote capture.
from sharppcap.
Wireshark have its own rpcap imlimentation it does not use libpcap or npcap for remote capture.
That is... not the case. Wireshark calls pcap_findalldevs_ex()
to enumerate remote devices and calls pcap_open()
to open remote devices. It does not have its own implementation of the rpcap protocol, although it does have a dissector for that protocol.
from sharppcap.
libpcap is Linux/macos only,
The 1.10 branch of libpcap supports:
- Linux;
- macOS/*BSD/Solaris 11/AIX (AIX capture support not tested; it may have issues), all using the same capture mechanism (the BPF capture mechanism, not to be confused with the BPF filtering mechanism, which it supports);
- HP-UX/Solaris 10 and earlier, using the DLPI capture mechanism, although the HP-UX support may suffer from code rot;
- Tru64 UNIX, using the pf capture mechanism, although that may suffer from code rot;
- IRIX, using the snoop capture mechanism, although that may suffer from code rot;
- SunOS 3.x and 4.x, using the NIT and STREAMS NIT capture mechanisms, although that may suffer from code rot;
- Haiku, with some new code;
- Windows - including capture support if you have downloaded and installed the WinPcap or Npcap SDK and pointed CMake at it when configuring libpcap, as per libpcap's README.windows.md file.
The main branch has dropped support for many of the code-rotted platforms.
Npcap is a commercial port of libpcap,
...based on the most recent 1.10.x release of libpcap.
WinPcap is the predecessor of Npcap, and abandoned by its maintainers.
...and has never been updated to a recent version of libpcap (and "abandoned by its maintainers" means it almost certainly will never be updated).
Libpcap can be compiled to work on Windows, but then you would only have offline api (read/write pcap), with no network access due to the lack of a driver.
Unless you install WinPcap and the WinPcap SDK, or Npcap and the Npcap SDK, and configure and build libpcap as described above.
from sharppcap.
For compiling libpcap without Npcap/WinPcap, look at the conan recipe of libpcap https://github.com/conan-io/conan-center-index/blob/master/recipes/libpcap/all/conanfile.py there is no sdk steps involved there.
For wireshark, it could have been that I was looking at the wrong files.
It could be that client support was fixed since I last tested npcap, if it's working in wireshark then it should also work in sharppcap.
try passing a non null credentials object.
from sharppcap.
try passing a non null credentials object.
If you mean "try connecting with a username and password", if I run rpcapd as root on Linux, it "works" to the extent that libpcap, as run by Wireshark, can connect and enumerate devices, but attempting to capture on one of those devices fails because rpcapd starts running with the user ID for the username, and that user doesn't have sufficient privileges to capture. It doesn't work on macOS, but that's because macOS requires you to go down the rathole of PAM to do user/password authentication, and nobody's written that code yet (it's On My List(TM)).
from sharppcap.
You don't have to pass a username/password, just a non null credentials object
The credentials object can still use null authentication with no username / password.
reason is that sharppcap decides to use pcap_create instead of pcap_open based on the presence of a credentials object, and as far as I know, libpcap support remote pcap only with pcap_open
See https://github.com/dotpcap/sharppcap/blob/master/SharpPcap/LibPcap/LibPcapLiveDevice.cs#L129
from sharppcap.
reason is that sharppcap decides to use pcap_create
Which is, currently, a mistake when doing remote capture. Properly suporting the pcap_create()
/pcap_activate()
requires more API work.
and as far as I know, libpcap support remote pcap only with pcap_open
Yes.
The pcap_create()
/pcap_activate()
was developed after WinPcap added pcap_open()
and before the remote-capture code was added to mainstream libpcap.
from sharppcap.
reason is that sharppcap decides to use pcap_create
Which is, currently, a mistake when doing remote capture. Properly suporting the
pcap_create()
/pcap_activate()
requires more API work.
what's the "correct" logic then?
and as far as I know, libpcap support remote pcap only with pcap_open
Yes.
The
pcap_create()
/pcap_activate()
was developed after WinPcap addedpcap_open()
and before the remote-capture code was added to mainstream libpcap.
Any plans to add remote capture support to pcap_create?
from sharppcap.
what's the "correct" logic then?
What tcpdump does is
#ifdef HAVE_PCAP_OPEN
if (device name begins with "rpcap://" or "rpcaps://") {
use pcap_open()
return the results of that
}
#endif
#ifdef HAVE_PCAP_CREATE
use pcap_create() and pcap_activate()
#else
use pcap_open()
#endif
return the results of that
Wireshark's logic is similar, although the "is this a remote capture?" test is done separately and earlier and the device's information has that as an attribute attached to it.
from sharppcap.
Any plans to add remote capture support to pcap_create?
Plans, yes; scheduled plans, no, but it won't be in 1.10.x. Note that there will be additional return values from pcap_activate()
, such as "authentication failed".
from sharppcap.
Related Issues (20)
- How to capture and parse HTTP protocol packets HOT 1
- Forcing a process to communicate through the proxy HOT 6
- zerotier-one support
- SendPacket latency question HOT 7
- Question: Write to stream instead of file HOT 2
- Are there any examples of monitoring http or https? HOT 1
- Unable to load DLL 'wpcap' or one of its dependencies HOT 3
- IPv4 Length exceeds Packet Length during live device capture HOT 2
- get the packet info not from event HOT 3
- Libpcap 1.10+ rfmon not supported HOT 1
- Unable to get libpcap (and by extension sharppcap) to work on Ubuntu 20.04 HOT 8
- Timeval unchanged between captured packets in Example03 HOT 4
- Integration request. Are you interested? HOT 2
- Unable to load DLL 'wpcap' HOT 1
- wpcap.so: cannot open on linux build HOT 5
- CaptureFileWriterDevice.Write((RawCapture p) ignores PacketLength field HOT 4
- WinPcapDevice still in descriptions HOT 1
- New Nuget release
- SharpPcap.PcapException: 'Failed to open Error Code: 3)'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sharppcap.