RE: npcap issues

["Rob Nicholls" <robert () robnicholls co uk>]

Hi Mike,

 

I haven't looked into Npcap in that much detail so unfortunately I don't
know exactly what it's creating where during installation (or
uninstallation), as it seems to do a lot more than the old WinPcap based
installer. Some of this may even be created in the background by Windows
when the Npcap installer performs certain API calls. Yang is probably more
likely to be able to answer those questions for you.

 

Rob

 

From: Mike . [mailto:dmciscobgp () hotmail com] 
Sent: 29 July 2016 08:08
To: Rob Nicholls <robert () robnicholls co uk>
Subject: Re: npcap issues

 

 

one last question on this, if i may. after i installed npcap originally, i
went through the reg after we talked about what keys to look for. after
uninstalling it (and i do this with anything i remove) , i like to use a
tool "scanreg" to remove all traces of the app and keep my reg clean. after
the npcap ran through it's uninstall i still saw the standard shell bags and
MRU folders and appcompcompat keys that are harmless and i never bother
with. but why and what is the ROOT\_LEGACY_\NPCAP for? can this also be
removed safely? i wasn't sure so i left it alone. my question is, if it is
of no importance (key has no value) why create it?

  _____  

From: Rob Nicholls <robert () robnicholls co uk>
Sent: Friday, July 29, 2016 6:46 AM
To: 'Mike .'; 'nmap-group'
Subject: RE: npcap issues 

 

Hi Mike,

 

WinPcap Compatibility: If you choose WinPcap Compatible Mode at
install-time, Npcap will use the WinPcap-style DLL directories
c:\Windows\System32 and servcie name npf, allowing software built with
WinPcap in mind to transparently use Npcap instead. If compatability mode is
not selected, Npcap is installed in a different location
C:\Windows\System32\Npcap with a different service name npcap so that both
drivers can coexist on the same system. In this case, applications which
only know about WinPcap will continue using that, while other applications
can choose to use the newer and faster Npcap driver instead.

 

 <https://github.com/nmap/npcap/blob/master/README.md>
https://github.com/nmap/npcap/blob/master/README.md


 <https://github.com/nmap/npcap/blob/master/README.md> 

 <https://github.com/nmap/npcap/blob/master/README.md> npcap/README.md at
master . nmap/npcap . GitHub

github.com

Npcap. Npcap is an update of WinPcap to NDIS 6 Light-Weight Filter (LWF)
technique. It supports Windows Vista, 7, 8 and 10. It is sponsored by the
Nmap Project and ...

 

 

I'm not sure why you're seeing errors about WinPcap if it is installed, but
it looks like Nmap still has a few hardcoded references to it when it could
also refer to Npcap now.

 

You don't need to uninstall WinPcap if you go with the Npcap default install
settings that will install it alongside. I'm not sure if it needs to be
uninstalled it you choose the WinPcap compatible option, but I suspect you
don't have to either. I'll try and check tonight.

 

Rob

 

From: dev [mailto:dev-bounces () nmap org] On Behalf Of Mike .
Sent: 29 July 2016 06:02
To: nmap-group <dev () nmap org>
Subject: npcap issues

 

so after turning on debugging, i see that the OpenService error is saying it
cannot initialize winpcap. so if winpcap can't be initialized, why can i run
ngrep, wireshark and windump? do they not all depend on it? anyway,
something i am confused on. when i installed npcap, i kept winpcap because i
wasn't sure if npcap would replace it and my break my sniffers. do we have
to completley unistall winpcap first? and since it was never answered yet,
what is that option "Winpcap API compatible" or something to that effect at
the bottom of the installer??

 

Mike

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/