Re: Download Winpcap
Beatrice Pfliger
Hi team, I saw today that my PC utlities to protect my PC is reporting that the WinPCap component used by the TPPlc utility (TPLink Powerline Utility) is a major security risk. This is mainly because it's no longer supported and also hasn't really been updated since Windows Vista so, although it works in Windows 10, it is not really compatible, certainly in terms of security. WinPCap themselves even recommend not using them: see winpcaporg [slash] install [slash] defaulthtm "WinPcap Has Ceased Development. We recommend Npcap. The WinPcap project has ceased development and WinPcap and WinDump are no longer maintained. WE RECOMMEND USING Npcap INSTEAD."
Hello @RD222 and anyone who wish to use Npcap in tpPLC Utility or have trouble with Utlity not detect powerline devices, we would suggest check the instructions shared by @Liverpool20, very detailed and instructive guide to install the npcap on his Windows 10 computer. Great job!
The warning came from Norton 360's 'Software Updater' feature. Not about TPLink itself but about WinPCap that is installed by TP-Link, which I had to find out on the net somewhere. It's when I found out what WinPCap does that I knew it had to be TPLink that installed it, and I tested it by uninstalling TP-Link and WinPCap and then reinstalling the latest TP-Link utility, and WinPCap reappeared with the same installation date.
PS I had another complete nightmare again posting this, again because it thought there's a hyperlink in here somewhere. I had pasted in the screenshots. If this is the problem and it apparently needs to use the image icon in the toolbar to add screenshots (and it lets me submit this), then don't allow them to be pasted into the editor, or have a more meaningful error message. I have never come across such a chuffing awful, unhelpful user interface.
" PS I had another complete nightmare again posting this, again because it thought there's a hyperlink in here somewhere. I had pasted in the screenshots. If this is the problem and it apparently needs to use the image icon in the toolbar to add screenshots (and it lets me submit this), then don't allow them to be pasted into the editor, or have a more meaningful error message. I have never come across such a chuffing awful, unhelpful user interface. "
Sockets (.NET, Winsock, etc.) normally collect at layer 7, the Application layer. That is, whatever is sent by the sender is what is received by the receiver. All of the various headers that are added automatically on the sending side are stripped off by the time the receiver reads the data from the socket.
It is possible to configure a socket to be a raw socket, in which case, you can see all of the headers down to layer 3, the Network layer. Further still, you can put the raw socket in promiscuous mode, which allows you to see all of the traffic on the network, not just the packets destined for your machine. But even this is limited. For example, when you configure the raw socket, you specify the protocol type to use, e.g., IP, ICMP, etc. This limits the socket to "seeing" packets that adhere to that protocol. I have been unable to figure out how to make the socket see all packets at layer 3 regardless of protocol.
Winpcap operates as a device driver at layer 2, the Data Link layer. In this case, you see literally all of the packets on the network with full headers down to layer 2. Winpcap also offers filtering capability so you can narrow down the packets that are reported to you based on whatever criteria you provide.
As far as choosing between them, it really boils down to the requirements of your specific task. If you are trying to implement any kind of realistic network analysis capability, you'll be hardpressed to do that with just sockets. Winpcap makes more sense in that case. However, if you are only interested in IP packets, for example, then sockets will work fine for that.
As far as I understanf .Net sockets are an IPC to communicate between 2 processes. While winpcap is a library that help you to access the data link layer an sniff pacquets going through your network hardware (or virtual) devices on your machine. Data link layer allow to get the data on any socket (.Net or not) created on your system.
Further, I downloaded the source code and searched for part of the message above hoping to find how it checks for previous versions. That string (version of WinPcap) was not found in the source code (using grep in cygwin).
The question is as above - I want to remove the old version of WinPcap. But other questions that could help me are, how does a program check for previous versions? Is there something else I should be searching for in the registry? Is there a way to find out which program is using winpcap? Is there a way to see if any programs have a dependency on winpcap? Any leads would be greatly appreciated.
While I never found a way to remove the old WinpCap my colleague suggested I boot up in safe mode in order to stop the mystery program from using it. Although I still got a warning that an old version was unable to be removed (and do I want to continue with the install?) the installation this time was successful.
as mentioned before, Packet.dll was being locked by another process.Windows 7 announces why it cannot be deleted when you try.Note which process has locked the dll and stop it (check Services and Processes)Remove the dll and restart the installation.
If there is an application relying on the packet.dll file you will not be able to delete it. Not so bad because you should also get a message telling you which application(s) is currently using packet.dll
We host several virtual machines in Azure that are running the OneAgent. The problem is that we have recently started to deploy a probe for Darktrace which uses npcap, and that install fails due to winpcap being present.
I recently upgraded my HP Envy laptop (1 month old version) to Win8.1. Following that upgrade launching Wireshark would hang and not be able to close properly. A background file call dump was running and I actually had to reboot the system in order to close it.
I have encountered exactly the same behavior after my upgrade to windows 8.1. Dumpcap hangs when it tries to list interfaces via winpcap. I came to the same solution, uninstall winpcap, but in fact I can't tell if the problem comes from winpcap itself or dumpcap.
I have the same problem with an Acer Aspire running Windoze 8.1. WS will run standalone without winpcap but it hangs when pcap is installed. Searches have come up empty so far. After force closing WS, dumpcap stays active as a process and can only be stopped by a reboot.
I am also having the same problem (Hang!) on wireshark and also GNS3 cloud service! I found out that the problem is because WinPCap did not auto start after upgraded to Windows 8.1. It will work after reinstallation of winPCap. However, after restarting windows, it will not work again!
Although this may fix your issues, running Wireshark with elevated privileges is not recommended. There are millions of lines of unaudited code in Wireshark and a great deal of work has been undertaken to allow Wireshark to run without elevating privs.
"It Lives, again!": I recently deleted searched files from the registry for uninstalled programs one of them included a program called netScan! I think it removed an important dll from the registry! Will changing this entry form 2 to 3 make anything less secure? if so what would be the proper way to ... Win8.1 Centrino wireless adapter + rtl drivers
Which version of WinPcap are you folks running? If you're not running the latest version, currently 4.1.3, then you you might try upgrading to that version. If you are running the latest version, and if similar problems also occur when running WinDump, then it's very likely a WinPcap problem and not a Wireshark problem, per se, in which case the best bet would probably be to contact the WinPcap developers for support/advice.
Hi, I was googling around as I faced a similar problem while trying to capture traffic off a gns3 topology. Wireshard would simply crash with the "Dumpcap has stopped working" error. I am also using Windows 8
The issue is, on startup and occasionally every few days, I get spammed from Defender complaining that it's using WinPcap instead of Npcap drivers. Ie. it seems to be dumb and when it sees both, uses winpcap first and not npcap first. If I go to Defender for Identity I don't see any issues with the sensor.
Entire AD team get over 100 messages every few days with this. Ticket open with MS has so far yielded nothing.
Surely we can't be the only people with this problem?
Is there a way to rename the WinPcap driver and tell Splunk to go look for the renamed driver, for instance? I don't know. There must be a fix. It's driving us nuts.