New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
failed to set hardware filter to promiscuous mode with Windows 11 #628
failed to set hardware filter to promiscuous mode with Windows 11 #628
Comments
The Problem only occurs with LAN adapters. USB LAN nor docking is working. |
31 is There appear to be a lot of places in the driver that return |
Okay Error found: Drivers are for Realtek USB devices: https://www.realtek.com/en/component/zoo/category/network-interface-controllers-10-100-1000m-gigabit-ethernet-usb-3-0-software |
Can confirm I see the same issue with a Dell WD19DC dock which contains a Realtek RTL8153 USB GbE controller. Was working fine prior to Windows 11 upgrade from Windows 10 21H2. Current driver is Happy to provide whatever further information would be of assistance but unsure what's most helpful. EDIT: Using Wireshark v3.6.8 with npcap v1.71. |
Just a thought: could it be related to a lack of support for the new NetAdapterCx driver model? I have no idea if Npcap is expected to "Just Work" with NetAdapterCx drivers or if additional work is required. The latest Windows 11 driver for the RTL8153 has the following details:
The latest Windows 10 driver for the RTL8153 has the following details:
The Windows 10 driver works fine with Wireshark while the Windows 11 driver has the described error on starting capture. |
Exactly same situation here. Using Intel I225-V wired adapter, Windows 11, and Wireshark 4.0.0. |
On Windows 11, get the same message with Wireshark 4.0.0 and npcap 1.71 (but not with npcap 1.60) on the Ethernet interface (with the Wi-Fi, it was fine). I reported the issue on Wireshark Q&A : https://ask.wireshark.org/question/29016/cannot-initiate-capture-session-on-a-device-after-having-installed-400/ |
My workaround after installing Wireshark 4.0.0 was to downgrade npcap to 1.60. This means some regression has been introduced in 1.71. |
Same. Error introduced after upgrade to 1.71; resolved by downgrading back to 1.60. Using Killer E3100 2.5 Gbps interface. |
I, too, was able to resolve my error (Windows 11 / Wireshark 4.0.1) by downgrading npcap from 1.71 to 1.60. Thanks for the info! |
A colleague of mine (who does not have a GitHub account) has a similar issue, however, for him it happens on Windows 10. He is using a "QLogic BCM57810" network card, I don't know what chipset this card contains. Downgrading to npcap 1.60 fixed his issue as well. The driver is quite old as QLogic themselves have been bought up multiple times and their successor companies more less seem to have stopped support. |
This happens on Windows 10, Aquantia AQtion AQC107 10Gbit Network Adapter. Downgrade to npcap 1.60 fixed it. |
Previously worked on 1.60 but got the same error as yours on 1.71. Realtek Gaming 2.5GbeE Family Controller. |
Same here, previously worked on 1.60 but not 1.71, Realtek Gaming GbE Family Controller on laptop and Realtek USB GbE Family Controller on PC. Windows 11 x64 22H2 22621.755 |
downgrade to 1.6 not always work,still got the problem. |
I'm getting the same issue in Xemu (QEMU based Xbox Emulator) with an Intel(R) Ethernet Controller I225-V |
Exactly the same problem here with a Tripp-Lite, a TP-Link and a Belkin USB adapter. They identify themselves as: ->TP-LINK Gigabit Ethernet USB Adapter Downgraded to NPACP 1.60 and everything works fine. Question: Are there any USB Network adapters that works with version 1.71 on Win11 at all? |
@markkuleinio I installed Wireshark 4.0.2 a few hours ago and it came with npcap 1.71. Thanks for letting me know I should skip 1.72 as well! Hopefully this gets resolved sooner. Reverting the changes might be a good idea until a solution is found. |
If there's an Npcap developer watching this, I'd be quite happy to provide the output from a debug build if one can be provided to help track down the root cause. |
I encountered the same issue on Windows 11 22H2, 22621.963. The network adapter is identified as Downgrading to 1.60 indeed works. |
The same issue |
Same here... After installing 1.60 it works... |
This might fix issue nmap#628. See the long comment added by this commit for details. (That mapping might just be working around another problem which, if it could be fixed, would mean we would no longer need to set the C bit.)
This might fix issue nmap#628. See the long comment added by this commit for details. (That mapping might just be working around another problem which, if it could be fixed, would mean we would no longer need to set the C bit.)
This might fix issue nmap#628. See the long comment added by this commit for details. (That mapping might just be working around another problem which, if it could be fixed, would mean we would no longer need to set the C bit.)
I filed MicrosoftDocs/windows-driver-docs#3456 against the Microsoft documentation; the documentation on porting miniport drivers to NetAdapterCx might not be making it clear enough that the ported driver should call |
Oh, look, the NetAdapterCx code is open source!
The The ...return I'm not seeing any obvious way where So either something in NDIS is returning |
I can run some debug build with both driver types, I you'd like to trace something. |
If someone had just tried to compile using I cooked up this GNU makefile to try to use clang-cl to build
So what's the purpose of these? |
There's no variable named |
|
Damn you, autocorrect. What I checked for in the Npcap source was |
Same Problem with npcap 1.73. |
I ordered a USB Ethernet adapter that uses the Realtek drivers, and after updating the driver from the Realtek website, I was able to reproduce the issue. I used the debug build of the Npcap driver and the DebugView application from MS Sysinternals to get a log of what is happening. Here is the relevant section:
The same |
Awesome work, @dmiller-nmap! |
Or, if that driver is a NetAdapterCx driver, possibly in the NetAdapterCx code. (I may take a deep dive later, but it's a bit of a case of a twisty little maze of code paths.) But, in either case, it's in code we're forced to deal with, so, yes, we need to stop caring whether the code does the right thing or not. |
@guyharris I think you're right. It doesn't seem like a NetAdapterCx client driver knows anything about NDIS_OID_REQUEST structures, so it should be a change to MS's code that is needed. |
My initial comment is that Npcap 1.74 works with Wireshark 4.0.5 on Windows 11. Thanks! |
Yes I can also confirm, with 1.74 it's working again. Thanks! |
Working on Intel I225 / I226 LAN Driver V2.1.3.3 NetAdapterCx driver. |
Yep, also working on Realtek "RTL8111/8168 PCI Express Gigabit Ethernet controller" driver v1.0.0.14. |
Installing last version of Npcap resolved problem. |
Realtek Npcap Packet Driver (NPCAP) (Wi-Fi) INSECURE_NPCAP_WIFI True npcap was 1.71 Upgrade npcap to 1.75 resolves problem. Thanks all. |
I have the same issue and actually i don't know how to solve it...I need wireshark for a debug at work... without it i don't know how to do that, ok little edit, i solved it giving wireshark admin's powers |
It’s all fixed. Just install the latest NPcap:
https://npcap.com/dist/npcap-1.76.exe
The WireShark installer is installing an older version of Npcap, that does have the problem.
From: Quadrani ***@***.***>
Sent: Friday, September 22, 2023 11:16 AM
To: nmap/npcap ***@***.***>
Cc: Jens Munk ***@***.***>; Manual ***@***.***>
Subject: Re: [nmap/npcap] failed to set hardware filter to promiscuous mode with Windows 11 (Issue #628)
CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender and know the content is safe.
I have the same issue and actually i don't know how to solve it...I need wireshark for a debug at work... without it i don't know how to do that
—
Reply to this email directly, view it on GitHub<#628 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/ABNGFSABXX6R36VFP45AUC3X3VJL3ANCNFSM6AAAAAAQHUHNJQ>.
You are receiving this because you are subscribed to this thread.Message ID: ***@***.******@***.***>>
|
Oh man thanks a lot, the problem was fixed!!!! It's time to filter my network traffic!!!!!! A big hug from Spain, bro |
The filter referred to here is not the same as the "capture filter", to use the Wireshark term; it doesn't do fine-grained filtering such as "tcp end not host random.machine.example.com", it just specifies what broad categories of link-layer packets are received. It's mainly used to turn promiscuous mode on or off. The "capture filter" filtering mechanism works with or without this bug fix (assuming this bug doesn't prevent you from capturing at all). |
the issue is fixed already, no need to downgrade, you just have to upgrade to the latest version because it's not included in the Wireshark installer yet |
npcap 1.78 is now proposed by Wireshark 4.2.0 |
I'm seeing issue here in Jan 2024 with latest Win11 Home build (10.0.22621 Build 22621), and USB serial stopped being recognized in Wireshark (Silicon Labs CP210X). the port works fine even to 1M BAUD to transfer data, just wireshark cannot use it. was working fine last year. also have a brand new laptop, with new install, same windows, same issue. |
If your issue does not involve an error message that says that a program "failed to set hardware filter to promiscuous mode", then it is not the same issue, and you should not add your issue as a comment in this issue, you should file a separate issue. Libpcap/Npcap do not support serial ports as devices on which to capture traffic. Wireshark might have an "extcap" program that supports it, but those are not part of libpcap or Npcap, so a problem with an "extcap" is not a problem with libpcap or Npcap.
USBPcap is an "extcap", and is capable of capturing raw USB transactions. If it's working, it should show traffic between the host and a USB device such as your USB serial port, but it won't show it as serial-port traffic, it will show it as USB bus transactions, as that's what it's designed and intended to do |
A huge shout out to @guyharris @dmiller-nmap for your tireless efforts in resolving this issue! Upgraded from:
FIXED :) |
Describe the bug
After Upgrade from Windows 10 to Windows 11 I can't capture any more in promiscuous mode. I tried it with my LAN Interface not WLAN.
I upgraded npcap from 1.70 to 1.71 and tried Wireshark 3.6.7, 3.6.8 and 4.0.0rc1
Message is:
The capture session could not be initiated on capture device "\Device\NPF_{8B94FF32-335D-443C-8A80-F51BDC825F9F}" (failed to set hardware filter to promiscuous mode: Ein an das System angeschlossenes Gerät funktioniert nicht. (31)).
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A working capture. ;-)
Screenshots
Diagnostic information
winver
: Windows 11 Version 21H2, OS Build 22000.856The text was updated successfully, but these errors were encountered: