Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows 10 storms of DHCP errors on NPCAP adapter #1583

Open
LorenAmelang opened this issue May 2, 2019 · 0 comments

Comments

Projects
None yet
1 participant
@LorenAmelang
Copy link

commented May 2, 2019

This is not a serious problem, as far as I know, but it certainly clutters my Windows logs!

Digging for an unrelated problem, I noticed hundreds of these errors in my Win 10 "Administrative Events" log - Event ID 1001:

Your computer was not assigned an address from the network (by the DHCP Server) for the Network Card with network address 0x02004C4F4F50. The following error occurred: 0x79. Your computer will continue to try and obtain an address on its own from the network address (DHCP) server.

That's the NPCAP address:

Ethernet adapter Ethernet 3:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Npcap Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::6052:76af:c8fe:3fff%25(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.63.255(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 318898252
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-FA-8F-D5-B4-AE-2B-D1-66-5E
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet 4:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Npcap Loopback Adapter
Physical Address. . . . . . . . . : 02-00-4C-4F-4F-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8c92:25db:8d70:38da%17(Preferred)
Autoconfiguration IPv4 Address. . : 169.254.56.218(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
DHCPv6 IAID . . . . . . . . . . . : 503447628
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-FA-8F-D5-B4-AE-2B-D1-66-5E
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Why does it appear twice? I do have GlassWire as well as Wireshark and (Ze)Nmap installed...

Why would a loopback adapter be requesting DHCP?

Windows is continually creating more things like:
Wireless LAN adapter Local Area Connection* 6:
And shows the above "Ethernet 4" in my system tray list of Wi-Fi APs... ???

There is no hardware connection on a Surface Book, only the one Wi-Fi adapter. Maybe all those other things are stubs in case somebody plugs in the USB to Ethernet dock? Which I've never had...

If I disable or uninstall them, it eventually puts them back...

The DHCP error storms began 14Feb19 13:57
Seem to repeat once or twice on hibernate or wake
Bursts like to appear around 2PM, sometimes 1 or 3 or 4 PM, but can happen any time. Yesterday they spanned the afternoon, pairs of errors at ~2 minute intervals, then ~5, ~10, ~30 minutes... The ~2 minute intervals began again on every wake from hibernation. But some days I only see the hibernate / wake instances...

That Feb 14 origin was just after installing Microsoft update KB4023057, a day after KB4487017...
"This update may try to reset network settings if problems are detected, and it will clean up registry keys that may be preventing updates from being installed successfully."
"To help free up disk space, this update may compress files in your user profile directory so that Windows Update can install important updates. When files or folders are compressed, they appear as having two blue arrows overlaid on the icon.
After you install the update, your files are restored to their original state, and the blue arrows disappear from the file icons in File Explorer. At any point during the update process, you should be able to access your files."

It compressed most of my user files, and has not uncompressed them, even though I have 14.8 GB of free space...

Probably unrelated, but I first noticed NPCAP storms Jan 29 when I installed a new Wireshark and npcap-0.99-r9.exe and logged over 700 of these in about an hour:

The Npcap Packet Driver (NPCAP) service failed to start due to the following error:
The system cannot find the file specified.

After a restart that went away and hasn't returned.

Your NPCAP install log now shows
\NpcapInst" "DisplayName"="Npcap 0.992"
beyond that Jan 29 version, but I have no idea when that happened, and can't find any dates in the file!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.