Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is Npcap with Winpcap compatible API expected? #302

Open
bryonadams opened this issue Mar 25, 2023 · 4 comments
Open

Is Npcap with Winpcap compatible API expected? #302

bryonadams opened this issue Mar 25, 2023 · 4 comments

Comments

@bryonadams
Copy link

Trying to get this working without running as administrator, I noticed the UI will not detect any interfaces for inspecting traffic. Errors pop up indicating that Winpcap or Npcap must be installed, even though I have Npcap installed. I selected "Use Winpcap compatible library" in the settings but that made no difference. Looking at debugs, only mention of Winpcap existed in them.

I was able to get this running by reinstalling Npcap with an additional option, a Winpcap compatible API mode. Is this expected behavior?
@misterperson
Copy link

Installing Npcap doesn't enable its service by default.
The state of a service can be queried with sc

PS C:\sandbox> sc query npcap

SERVICE_NAME: npcap
        TYPE               : 1  KERNEL_DRIVER
        STATE              : 1  STOPPED
        WIN32_EXIT_CODE    : 0  (0x0)
        SERVICE_EXIT_CODE  : 0  (0x0)
        CHECKPOINT         : 0x0
        WAIT_HINT          : 0x0

If Npcap's state is STOPPED, then it must be started in an Administrator command prompt.
start the service with net start npcap

PS C:\sandbox> net start npcap

The Npcap Packet Driver (NPCAP) service was started successfully.

In my experience, the service persists after shutdown and restarts.

Also, remember to launch ACT and load the plugin before logging in.

@bryonadams
Copy link
Author

Running sc query npcap doesn't actually return anything on my system. Is there something that needs to be enabled first?

Additionally, is there something about ACT that requires this extra step that Wireshark or other programs may not need? Not sure what the difference is with what I did to make it work there (between enabling the compatibility and not adding it to Npcap). If the service is required to be running for it to work, I'm unsure how what I did does work.

@misterperson
Copy link

What operating system are you running, then? Or did you get a message along the lines of the service not existing at all?

@bryonadams
Copy link
Author

Windows 10 (10.0.19045). No output at all, see below. Tried on both admin and non admin prompt, Npcap 1.72 is the version I'm using if it helps.

PS C:\Users\bryon> sc query npcap
PS C:\Users\bryon>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@misterperson @bryonadams