Skip to content

Releases: nmap/npcap

Npcap 0.9987

03 Feb 21:49
@dmiller-nmap dmiller-nmap
v0.9987
b4a26f7
Compare
Choose a tag to compare
Npcap 0.9987

Installer and debug symbols available from https://npcap.org/#download

  • Fix an issue where Npcap begins dropping large packets, then smaller ones
    until finally all packets are dropped. Our fix changes the way remaining free
    space in the kernel buffer is calculated, which ought to prevent the free
    space accounting from drifting from reality. Fixes
    #1891.

  • Fix a potential race condition when opening the loopback capture adapter. If
    two threads simultaneously determine that the WFP filters need to be
    registered, each may open a handle to the WFP engine using the same global
    pointer, leading to a double-free when the second one tries to close the
    handle.

  • Allow Packet.dll and the npcap driver to skip loopback-related operations,
    including WFP and WSK setup, if the LoopbackSupport Registry key is set
    to 0. This configuration will not be supported by the installer, but may
    serve as a workaround for problems that may be related to Npcap's loopback
    traffic capture and injection capability.

  • Ensure open handles to the Service Control Manager are closed on error in
    PacketGetFileVersion. Fixes #1882.

Assets 2
Loading

Npcap 0.9986

17 Dec 17:45
@dmiller-nmap dmiller-nmap
v0.9986
5844728
Compare
Choose a tag to compare
Npcap 0.9986

Installer and debug symbols available at https://npcap.org/#download

  • Fix a driver signing issue that made Npcap 0.9985 uninstallable on Windows
    versions other than Windows 10. Fixes #1856.
Assets 2
Loading

Npcap 0.9985

14 Dec 16:43
@dmiller-nmap dmiller-nmap
v0.9985
c25e1fb
Compare
Choose a tag to compare
Npcap 0.9985

NOTE: An issue was found with the Npcap 0.9985 installer that prevents it from installing on Windows 8.1 or earlier. Npcap 0.9986 resolves this issue.

Installer and debug symbols available from https://npcap.org/#download

  • The Nmap Project's (Insecure.Com LLC) code signing certificate has been
    renewed, and no longer exists as a SHA-1 certificate. Windows Vista and
    Server 2008 may therefore not recognize the digital signatures on the
    filter driver so a warning may be presented upon install. Please note
    that Microsoft is ending support for these operating systems in January 2020.

  • WinPcap API-compatible mode no longer installs a separate filter driver.
    Packet.DLL will translate NPF device names so that they are all serviced by
    the npcap.sys driver. The npf.sys driver has been removed. See
    #1812.

  • Improve the speed of pcap_findalldevs by reducing the number of calls to
    GetAdaptersAddresses, removing a redundant function call, and improving
    buffer reallocation. Patch by Tomasz Moń
    (#20).

  • Temporary DLLs unpacked during installation are now signed with our code
    signing certificate.

  • Fixed a bug in the uninstaller preventing downgrades to prior versions of
    Npcap. On 64-bit Windows, the driver file npcap.sys was not properly
    removed, and Windows would not replace it with any older version. Fixes
    #1686.

Assets 2
Loading

Npcap 0.9984

05 Nov 20:24
@dmiller-nmap dmiller-nmap
v0.9984
9537760
Compare
Choose a tag to compare
Npcap 0.9984

Installer and debug symbols available at https://npcap.org/#download

  • Update libpcap to 1.9.1. See the libpcap CHANGES file for this release. This update addresses several CVE-identified vulnerabilities.

  • Address several code quality issues identified by Charles E. Smith of Tangible Security using Coverity source code analysis.

  • Fixed processing of the "enforced" value for several command-line installer options. Fixes #1719.

  • The DisplayName value in the Uninstall registry key for Npcap no longer includes the version number, which has always been available in the DisplayVersion value. Instead, it will include the product name and edition, e.g. "Npcap" or "Npcap OEM". This value will also be recorded in the Edition value under the npcap service's Parameters registry key.

  • Fixed a couple of issues with the DiagReport tool used for bug report diagnostics: remove extraneous partial output lines (#1760), and avoid relying on the Server service to determine privilege level (#1757).

Assets 2
Loading

Npcap 0.9983

04 Sep 22:08
@dmiller-nmap dmiller-nmap
v0.9983
a5ec574
Compare
Choose a tag to compare
Npcap 0.9983

Installer and debug symbols available from https://npcap.org/#download

  • Npcap can now detect newly-added network adapters without restarting the
    driver. Fixes #664.

  • Loopback capture and injection no longer requires the Npcap Loopback Adapter
    to be installed. This is a minor API change, so Nmap 7.80 and earlier will
    still require the adapter to do localhost scans, but Wireshark and most other
    software will not require changes. Loopback capture uses the device name
    NPF_Loopback instead of NPF_{GUID}, where GUID has to be looked up in
    the Registry. The Npcap Loopback Adapter can still be installed by selecting
    "Legacy loopback support" in the installer or using the
    /loopback_support=yes command-line option. TheLoopbackSupport Registry
    value will always be 0x00000001.

  • The DltNull Registry setting and the /dlt_null installer option are no
    longer supported. Loopback capture will use the DLT_NULL link type as
    described in the tcpdump
    documentation    . Loopback packet
    injection will also use this link type instead of requiring a dummy Ethernet
    header to be constructed. The DltNull Registry value will still be present
    and set to 1 for software that consults this value.

  • Some operations like pcap_stats() can now be completed even after the
    adapter that was in use is removed. See #1650.

  • Fixed a crash that could happen when stopping the driver during a loopback
    traffic capture. Fixes #1678.

Assets 2
Loading

Npcap 0.9982

30 Jul 22:40
@dmiller-nmap dmiller-nmap
v0.9982
b009a6c
Compare
Choose a tag to compare
Npcap 0.9982

Installer, SDK, and debug symbols available at https://npcap.org/#download

  • Fix the packet statistics functionality used by pcap_stats(), which was
    broken in 0.9981. Fixes #1668.

  • Rework the flow of packets through the WFP callout driver that implements
    loopback traffic capture. This should prevent clobbering of redirect context
    data reported in #1529.

  • Restore the /dlt_null installer option to default to "yes" since it has
    been defaulting to "no" since Npcap 0.992. Using DLT_NULL for loopback
    capture is slightly more efficient than creating a dummy Ethernet header,
    which was the default before.

Assets 2
Loading

Npcap 0.9981

24 Jul 04:44
@dmiller-nmap dmiller-nmap
v0.9981
bfa22b0
Compare
Choose a tag to compare
Npcap 0.9981

Installer and debug symbols available from https://npcap.org/#download . Npcap 0.997 was never publicly released; these are the changes since Npcap 0.996:

  • When upgrading Npcap, do not uninstall the existing Npcap until the user
    clicks the Install button. Previously, the existing Npcap was uninstalled
    prior to the first options screen, so that canceling the upgrade left no
    working Npcap on the system.

  • Redefine the I/O control codes used by Npcap using the CTL_CODE macro to
    ensure proper access control and consistent parameter passing. This is not a
    published API, but the change will require that Packet.DLL and the npcap
    driver are the same version.

  • Fix a 1-byte overrun in NPFInstall.exe when killing processes with Npcap DLLs
    in use.

  • In cases where PacketOpenAdapter is given an adapter name in UTF-16LE,
    translate it to ASCII before doing string operations on it. See
    #1575.

  • Significant reorganization of internal data structures to reduce memory use
    and initialization overhead.

Assets 2
Loading

Npcap 0.996

15 Jun 18:54
@dmiller-nmap dmiller-nmap
v0.996
719d645
Compare
Choose a tag to compare
Npcap 0.996

Installer and debug symbols may be downloaded from https://npcap.org/#download

  • Fix a crash when stopping the npcap driver service, such as when upgrading
    Npcap, DRIVER_IRQL_NOT_LESS_OR_EQUAL in NPF_DetachAdapter. Since Npcap
    0.994 and 0.995 may crash when upgrading, the installer will offer to disable
    the npcap driver service if it is running, allowing the user to reboot and
    attempt the install again, avoiding a crash. Fixes #1626.

  • Ensure the uninstaller for the previous version of Nmap is called when
    upgrading. Npcap 0.95 through 0.995 erroneously skipped this step in simple
    non-silent upgrades, which could cause multiple Npcap Loopback Adapters to be
    installed.

Assets 2
Loading

Npcap 0.995

11 May 02:07
@dmiller-nmap dmiller-nmap
v0.995
fdf3bf8
Compare
Choose a tag to compare
Npcap 0.995

Installer and debug symbols may be downloaded from https://npcap.org/#download

  • Fix a crash reported via Microsoft crash telemetry, DRIVER_IRQL_NOT_LESS_OR_EQUAL in NPF_NetworkClassify introduced in Npcap 0.994. Fixes #1591.
Assets 2
Loading

Npcap 0.994

08 May 04:08
@dmiller-nmap dmiller-nmap
v0.994
8f79161
Compare
Choose a tag to compare
Npcap 0.994

Executable installer and debug symbols available at https://npcap.org/#download .

  • Fix the installer options screen, which would immediately proceed to
    installation when you clicked on the "Support loopback traffic" option. Fixes
    #1577.

  • Use the /F option to SCHTASKS.EXE in the installer so that the
    npcapwatchdog task can be successfully overwritten if it is present, though
    newer uninstallers also remove the task. Fixes #1580.

  • Fix the CheckStatus.bat script run by the npcapwatchdog scheduled task to
    correctly match output of reg.exe on non-English systems. Fixes
    #1582.

  • Improve synchronization between WFP (Loopback) and NDIS (control) functions
    within the driver, which ought to improve stability during system
    sleep/suspend events, particularly an access violation in
    NPF_NetworkClassify observed via Microsoft crash telemetry.

Assets 2
Loading