Problem Summary
Npcap's Rx-mode injection behavior is inconsistent:
- If
SendToRxAdapters is added as REG_SZ with \Device\{GUID}, Rx-mode works (Wireshark sees it as Rx), but the script hangs (tested using Scapy's conf.L2socket with sendp()).
- If
SendToRxAdapters is added as REG_MULTI_SZ with the same \Device\{GUID} (1 line or multiple), no hang occurs, but the packet only goes out as Tx, not Rx.
This makes Rx-mode practically unusable in production environments where hanging is unacceptable.
Repro Steps
-
Add registry key at: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters
-
Set value:
- REG_SZ:
\Device\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} → works as Rx, but hangs.
- REG_MULTI_SZ: same device name → no hang, but sends as Tx.
-
Run Scapy script with:
from scapy.all import sendp, Ether, IP, conf
conf.iface = "Ethernet" # NIC matching the device GUID
pkt = Ether()/IP(dst="8.8.8.8")
sendp(pkt)
-
Observe:
REG_SZ: script in cmd hangs but appears in pktmon as Rx
REG_MULTI_SZ: script in cmd completes, but appears in pktmon as Tx
Versions
Npcap: 1.79
Wireshark: 4.4.3
OS: Windows 11 Pro
Tested on multiple interfaces
Expected Behavior
REG_MULTI_SZ should behave the same as REG_SZ — allow Rx-mode injection without hangs.
Additional Notes
Documentation at v0.05-r7 changelog mentions semicolon-separated strings, but current behavior suggests inconsistency.
Using REG_SZ is not viable for production due to app hangs.
Please clarify if:
REG_MULTI_SZ is supposed to be supported for Rx
Any syntax (semicolon-separated or newline) is expected
\Device{GUID} is still required in latest versions
Problem Summary
Npcap's Rx-mode injection behavior is inconsistent:
SendToRxAdaptersis added asREG_SZwith\Device\{GUID}, Rx-mode works (Wireshark sees it as Rx), but the script hangs (tested using Scapy'sconf.L2socketwithsendp()).SendToRxAdaptersis added asREG_MULTI_SZwith the same\Device\{GUID}(1 line or multiple), no hang occurs, but the packet only goes out as Tx, not Rx.This makes Rx-mode practically unusable in production environments where hanging is unacceptable.
Repro Steps
Add registry key at: Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters
Set value:
\Device\{XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}→ works as Rx, but hangs.Run Scapy script with:
from scapy.all import sendp, Ether, IP, conf
conf.iface = "Ethernet" # NIC matching the device GUID
pkt = Ether()/IP(dst="8.8.8.8")
sendp(pkt)
Observe:
REG_SZ: script in cmd hangs but appears in pktmon as Rx
REG_MULTI_SZ: script in cmd completes, but appears in pktmon as Tx
Versions
Npcap: 1.79
Wireshark: 4.4.3
OS: Windows 11 Pro
Tested on multiple interfaces
Expected Behavior
REG_MULTI_SZ should behave the same as REG_SZ — allow Rx-mode injection without hangs.
Additional Notes
Documentation at v0.05-r7 changelog mentions semicolon-separated strings, but current behavior suggests inconsistency.
Using REG_SZ is not viable for production due to app hangs.
Please clarify if:
REG_MULTI_SZ is supposed to be supported for Rx
Any syntax (semicolon-separated or newline) is expected
\Device{GUID} is still required in latest versions