Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Npcap loopback adapter installed as Type=Ethernet #1585
When we upgraded Wireshark from 2.x to 3.x and switched to Npcap, we noticed that some of our networking code was having issues, which seems to be related to Npcap setting the incorrect interface type in Windows.
In C#, we search for valid adapters with this code:
// Eliminate on a few other conditions too
This does not work with Npcap interfaces because the type is set to Ethernet, not Loopback:
Winpcap set NetworkInterfaceType = NetworkInterfaceType.Loopback, which seems to make sense given the description, but Npcap is using NetworkInterfaceType.Ethernet, which does not seem appropriate.
No, it didn't - there is no loopback device with WinPcap. There's a reason why the device is called the "Npcap Loopback Adapter"; if you had an Npcap Loopback Adapter with Wireshark 2.x, it's because somebody installed Npcap on your machine, and you may have had an older version than the one the installer for which is bundled with Wireshark 3.0.
Note that Wireshark 3.0.1, not 3.0, is the current version, and it is bundled with an installer for Npcap 0.992; you currently have Wireshark 3.0.0, with Npcap 0.99-r9, installed, according to the version information in your Wireshark bug report. You might want to try updating to 3.0.1.
The Npcap Loopback Adapter, when Yang Luo was developing it, originally, as I remember, offered fake Ethernet headers (which is not unprecedented - that's what Linux does); I may have suggested going with the BSD
The Npcap Loopback Adapter is pretty much a vanilla/unmodified installation of the Microsoft KM-TEST Loopback Adapter, so it inherits all these values from there. We do make one change, marking the adapter as an endpoint adapter and not a network adapter (See #653), but when we tried to set other values like Physical Medium, there were inconsistencies in how those were treated in the different versions of Windows. Some would overwrite our settings, others would pause network connectivity, etc.
The first reports we got of issues with our app were when people installed Wireshark 3.x and got the Npcap Loopback adapter from there. We have tested against 3.0 and 3.0.1 with both versions of Npcap and they behave the same.
It's not a particularly serious problem, but it is kind of a weird one to see it reported as Ethernet instead of Loopback in C#.
For now, we've just changed our code to ignore Type loopback or name contains loopback. You can feel free to address it or ignore it; just reported it as it seems odd to us.