Starting from Wireshark 3.0.0, the Windows installer includes and will install a recent version of Npcap. The current latest installer can be found here:, the source code can be found here: Check Device Manager ( devmgmt.msc) to ensure the adapter itself has been uninstalled.
If it is present in a more recent installation, it can be removed by running (as Administrator) NPFInstall.exe -ul from the Npcap installation directory (usually C:\\Program Files\\Npcap). This is no longer necessary, and can disrupt network operations in some cases. The data link type for this adapter is DLT_NULL.Įarlier releases of Npcap (before 0.9983) installed a software network adapter called "Npcap Loopback Adapter" for this purpose. In the list of capture interfaces, select "Adapter for loopback traffic capture" and begin capturing as usual. Npcap adds several new features to those existing in WinPcap, including loopback traffic capture. Npcap is an update of WinPcap using NDIS 6 Light-Weight Filter (LWF), done by Yang Luo for Nmap project during Google Summer of Code 20. Summary: you can capture on the loopback interface on Linux, on various BSDs including macOS, and on Digital/Tru64 UNIX, and you might be able to do it on Irix and AIX, but you definitely cannot do so on Solaris, HP-UX, or Windows without Npcap. See CaptureSetup/NetworkMedia for Wireshark capturing support on various platforms. You will only see it if you capture on the "loopback interface", if there is such an interface and it is possible to capture on it see the next section for information on the platforms on which you can capture on the "loopback interface". This means that you will not see it if you are trying to capture on, for example, the interface device for the adapter to which the destination address is assigned. If you are trying to capture traffic from a machine to itself, that traffic will not be sent over a real network interface, even if it's being sent to an address on one of the machine's network adapters. The following will explain capturing on loopback interfaces a bit.
0 kommentar(er)
