使用FWPS_LAYER _ * _ MAC_FRAME_ETHERNET过滤层会导致重新加载pcap驱动程序。 [英] Using FWPS_LAYER_*_MAC_FRAME_ETHERNET filtering layer causes pcap driver to be reloaded.

问题描述

[问题描述]

当加载使用FWPS_LAYER_INBOUND_MAC_FRAME_ETHERNET / FWPS_LAYER_OUTBOUND_MAC_FRAME_ETHERNET 过滤层的WFP标注驱动程序时，重新加载pcap驱动程序或断开网络连接。 （特别是pcap驱动程序总是重新加载。）

我认为这不是预期的操作。请确认这是一个错误。

如果这不是错误，请告诉我为什么会这样。

[Description of problem]
When WFP callout driver using FWPS_LAYER_INBOUND_MAC_FRAME_ETHERNET/FWPS_LAYER_OUTBOUND_MAC_FRAME_ETHERNET filtering layer is loaded, pcap driver is reloaded or network is disconnected. (Especially pcap driver is always reloaded.)
I think it is not a intended operation. Please verify this is a bug or not.
If this is not a bug, please tell me why this is happened.

[操作系统]

Windows 8.1，Windows Server 2012，Windows Server 2012 R2

[OS]
Windows 8.1, Windows Server 2012, Windows Server 2012 R2

[测试步骤]

测试操作系统：Windows Server 2012 R2 x64

[Test Step]
Test OS: Windows Server 2012 R2 x64

1）安装Wireshark。

2）安装WFPSampler并重启。

3）运行wireshark并开始捕获。

4）运行administrator cmd并运行以下命令。

> WFPSampler.exe -s BASIC_PACKET_INJECTION -l FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET -ipla [本地IP地址] -in

1) Install Wireshark.
2) Install WFPSampler and reboot.
3) Run wireshark and start capturing.
4) Run administrator cmd and run below command.
> WFPSampler.exe -s BASIC_PACKET_INJECTION -l FWPM_LAYER_INBOUND_MAC_FRAME_ETHERNET -ipla [local IP address] -in

==>测试结果：重新加载Pcap驱动程序并停止wireshark捕获。

==> Test Result: Pcap driver is reloaded and wireshark capturing is stopped.

推荐答案

When you install win10pcap, this issue not occured. https://www.wireshark.org/lists/wireshark-dev/201506/msg00049.html https://www.wireshark.org/lists/wireshark-dev/201506/msg00049.html Wireshark-dev：[Wireshark-dev] Win10Pcap - 兼容WinPcap的NDIS 6.x捕获驱动程序 WinPcap is implemented in the NDIS 5.x driver model. The WinPcap dev team seems not working recently to integrate the WinPcap kernel-mode driver to NDIS 6.x driver model. As the result, recently WinPcap does not work in some builds of Windows 10 correctly (while it does work in some builds of Windows 10.) Additionally, WinPcap cannot capture 802.1Q tagged VLAN headers received by NDIS 6.x NICs in Windows 7, 8 and 10. I had desire to improve these problems with WinPcap.

这篇关于使用FWPS_LAYER _ * _ MAC_FRAME_ETHERNET过滤层会导致重新加载pcap驱动程序。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！