Nmap Project's Windows packet capture and transmission library
OTHER License
Bot releases are visible (Hide)
Published by hsluoyz over 8 years ago
Updated wpcap.dll
from VS2005 to VS2013.
Updated Packet.dll, NPFInstall.exe and NPcapHelper.exe
from VS2010 to VS2013.
If you failed to run this version, make sure you installed Visual C++ Redistributable Packages for Visual Studio 2013
Additionally, I rolled back the driver signing improvement in 0.05 r8
. Because it will show a Program Compatibility Assistant
window said a well signed driver is needed. However, it's not true because npcap driver runs well by testing net start npf
. To avoid this false message, I rolled back to the original signing commands.
Published by hsluoyz over 8 years ago
Now Npcap driver will be signed in both SHA1
and SHA256
digest algorithms and with timestamp
. This improvement will help the driver installation on Vista
and Win7
. This is an issue reported by Graham Bloice (see graham's answer in https://ask.wireshark.org/questions/46689/failed-to-create-npcap-service).
For Vista x64 and Win7 x64 users:
If you still get the pop-up window that said Windows requires a digitally signed driver
(or get error 577
when executing net start npf
), please try these steps:
Install Windows SHA-256 certificate security updates successfully.
KB2763674
for Vista with SP2: https://support.microsoft.com/en-us/kb/2763674
KB3033929
for Win7 with SP1: https://technet.microsoft.com/en-us/library/security/3033929.aspx
This step should requires reboot.
More information please refer to: http://www.davidegrayson.com/signing/
Install latest Npcap 0.05-r8.
If step 2) still fails running the driver, then reinstall an alternate version of Npcap you NEVER installed on the machine before (like 0.05-r7, if you unfortunately tried 0.05-r7 before step1), then try 0.05-r6.) to "flush" the driver cache. You should use the same option of Install Npcap in WinPcap API-compatible Mode
as you did in step 2). This installation of 0.05-r7 should work.
Reinstall back the latest Npcap 0.05-r8. This second-time installation should succeed.
If the above steps don't work for you, you can still run Npcap by disabling Driver Signature Enforcement:
https://support.hidemyass.com/hc/en-us/articles/202723596-How-to-disable-Driver-Signing-check-on-Windows
Let me know if these steps work.
Published by hsluoyz over 8 years ago
Now send-to-Rx adapters can be multiple. The string specified in registry's SendToRx
value should be semicolon-separated.
An example for one send-to-Rx adapter:
\Device\{754FC84C-EFBC-4443-B479-2EFAE01DC7BF}
An example for two send-to-Rx adapters:
\Device\{754FC84C-EFBC-4443-B479-2EFAE01DC7BF};\Device\{F5A00000-E19A-4D17-B6D9-A23FE1852573}
Published by hsluoyz over 8 years ago
Now Npcap can have a send-to-Rx adapter. The send-to-Rx adapter will inject all its packets to "Receive Path" (Rx)
instead of normal "Send Path" (Tx)
. So that instead of sending traffic to the network, the adapter will pretend to receive the injected traffic from the network in this way.
Currently only one send-to-Rx adapter is supported by specifying SendToRx
value in Npcap driver service's registry key (need to restart the driver to take effect).
Npcap driver service's registry key is usually in: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npf
. In this key. You need to manually create a REG_SZ
value named SendToRx
, the value is the name of the adapter you want to be send-to-Rx adapter. The name is usually like format of \Device\{F5A00000-E19A-4D17-B6D9-A23FE1852573}
. You can query this value using Nmap's nmap --iflist
command, you will get a similar value like \Device\NPF_{F5A00000-E19A-4D17-B6D9-A23FE1852573}
, but they are NOT THE SAME. You need to remove the NPF_
in this string and copy it to registry's SendToRx
value. Then reboot the driver by net stop npf
and net start npf
.
Published by hsluoyz almost 9 years ago
Fixed the bug reported by Nuno Antonio Dias Ferreira that Npcap fails to retrieve the adapter list using NPF registry way.
Published by hsluoyz almost 9 years ago
Fixed the bug reported by Tenzin Rigden that Npcap installer fails to install correct files in /S silent mode.
Published by hsluoyz almost 9 years ago
Published by hsluoyz almost 9 years ago
Published by hsluoyz almost 9 years ago