New Windows network packet interception software for WINPCAP replacement--npcap

Npcap is a project dedicated to the improvement of the current most popular WINPCAP toolkit using Microsoft Light-weight Filter (NDIS 6) technology. The NPCAP project was initiated in 2013 by the Nmap Network Scanner project (founder Gordon Lyon) and Dr. Lo Yang of Peking University, an open source project sponsored by Google, following the MIT agreement (consistent with WinPcap). Based on WinPcap 4.1.3 source code, NPCAP supports 32-bit and 64-bit architectures, and NPCAP with NDIS 6 technology enables better packet capture performance than the original WINPCAP packet (NDIS 5) in systems above Windows Vista. And the stability is better.

Npcap source code is hosted by GitHub and its repository address is:

Https://github.com/nmap/npcap

The Npcap 1.2.1 installation package is currently fully compatible with WinPcap 4.1.3:

Https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/winpcap-nmap-4.1.3-NDIS6-1.2.1.exe

Npcap related development discussion using Nmap's developer list:

http://seclists.org/nmap-dev/

In addition to supporting NDIS 6 technology, Npcap also wants to enhance security-related mechanisms, including the following:

http://nmap.org/soc/#winpcap

• Support for the newer NDIS 6 API rather than NDIS 4
• Privileges support so we can restrict WinPcap uses to the users with Administrator access. This is similar-UNIX where you need the root access to capture packets.
• No-install DLL support would allow PCAP to load and unload automatically while the application runs. Riverbed used to sell a "WinPcap Pro" edition which do that, but they has discontinued that.
• Enable Microsoft Driver Signing.
• If We release our own "Npcap", we ' d presumably change the function entry point and external variable names so that we don ' T conflict with original WINPCAP. Riverbed WinPcap Pro did this.

Currently Npcap software development Direction has changed (version number also from 1.2.1 to 0.01), from the original replacement WinPcap, to the present attempt to realize coexistence with WinPcap, can be installed on the same Windows computer, Npcap even intend to develop a common network packet interception framework, support All software, including WinPcap, Npcap, Win10pcap, is made up of specific upper-level applications such as Wireshark and Nmap to decide which underlying interception software to use. Even so, previous work such as porting to NDIS 6 would still be integrated into the official code after WinPcap open source repository.

Now Nmap has started to work with the new Npcap, using priority Npcap, followed by the WINPCAP strategy, the following is the relevant development group information:

http://seclists.org/nmap-dev/2015/q2/258

Email content:

I have added the Npcap support for Nmap. Only one file is changed: \mswin32\winfix.cc, the repo are here:
Nmap that supports npcap:https://svn.nmap.org/nmap-exp/yang/nmap-npcap/revision:34614

Latest npcap 0.01 installer:https://svn.nmap.org/nmap-exp/yang/npcap-lwf/npcap-nmap-0.01.exe
revision:34615

Original WinPcap 4.13 (Nmap) installer:https://svn.nmap.org/nmap-exp/Yang/npcap-lwf/winpcap-nmap-4.13.exe
revision:34615

Indication:using This version of Nmap, Type:nmap-v-A Scanme.nmap.orgYou would see the output in your console like "Using NPCA P service for packet capturing and sending "or" Using NPF service for packet capturing and sending ".
Behaviors:if you install Npcap and WinPcap both, Nmap would use the Npcap first, and you'll see the Using npcap Service for pack ET capturing and sending ". If you install Npcap only, you'll see the "Using Npcap service for packet capturing and sending". If you install WinPcap only, you'll see the "Using NPF service for packet capturing and sending".
If you install neither of them, Nmap would cause error as before.
Npcap is for Windows 7 above, so test it on Win7 or Win8.

New Windows network packet interception software for WINPCAP replacement--npcap