Hi @guyharris , a Npcap user reports to me a bug that running: WinDump.exe with Npcap will get error:

J:\github_repos\WinDump\win32\prj\Win32\Debug>WinDump.exe
WinDump.exe: listening on \Device\NPF_{44DB6B7A-661D-4FA3-925E-6287EA48D3F6}
WinDump.exe: \: The interface name has not been specified in the source string.

The responsible code in WinDump is: (the TCPdump maintained by Libpcap also has this issue)

		if (device == NULL) {
			device = pcap_lookupdev(ebuf);
			if (device == NULL)
				error("%s", ebuf);
		}
#ifdef WIN32
		if(strlen(device) == 1)	//we assume that an ASCII string is always longer than 1 char
		{						//a Unicode string has a \0 as second byte (so strlen() is 1)
			fprintf(stderr, "%s: listening on %ws\n", program_name, device);
		}
		else
		{
			fprintf(stderr, "%s: listening on %s\n", program_name, device);
		}

		fflush(stderr);	
#endif /* WIN32 */
		*ebuf = '\0';
		// pd = pcap_open_live(device, snaplen, !pflag, 1000, ebuf);
		pd = pcap_open(device, snaplen, 0, 1000, NULL, ebuf); //PCAP_OPENFLAG_NOCAPTURE_LOCAL
		if (pd == NULL)
			error("%s", ebuf);
		else if (*ebuf)
			warning("%s", ebuf);

I found that the adapter name (aka device) returned by pcap_lookupdev is Unicode, but it then becomes the input argument of pcap_open, which only accepts ANSI adapter name. So Libpcap recognizes the adapter name as \ instead of \Device\NPF_{44DB6B7A-661D-4FA3-925E-6287EA48D3F6} and fails the call.

I found this commit actually converts the output of pcap_lookupdev from ANSI to Unicode. I want to know why? AFAIK, all Libpcap interface is ANSI, and the Linux alternative seems to also return ANSI.

BTW, I also found some legacy Win95, 98 code which should be removed here:
6831542#commitcomment-21039809