Nmap Development mailing list archives
Re: npcap and still the same issues
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Mon, 3 Oct 2016 10:42:56 +0800
Well, you seem to give me the wrong file.. What I'm asking for is the DiagReport. Npcap has provided a diagnostic utility called DiagReport. It provides a lot of information including OS metadata, Npcap related files, install options, registry values, services, etc. You can simply click the C:\Program Files\Npcap\DiagReport.bat file to runDiagReport. It will pop up a text report via Notepad (it's stored in: C:\Program Files\Npcap\DiagReport.txt). Please always submit it to us if you encounter any issues. Please run that bat after you do the "borrow" trick. I just want to see if your registry modification is correct. The DiagReport file name should be something like: DiagReport-2016XXXX-XXXXXX.txt XXXX is your current time. On Mon, Oct 3, 2016 at 10:20 AM, Mike . <dmciscobgp () hotmail com> wrote:
looks like a successful install to me....but here: ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Monday, October 3, 2016 2:12 AM *To:* Mike .; Nmap-dev *Subject:* Re: npcap and still the same issues Please provide me your DiagReport (documented here: https://github.com/nmap/npcap#diagnostic-report), for me to tell if there's anything wrong. On Mon, Oct 3, 2016 at 1:05 AM, Mike . <dmciscobgp () hotmail com> wrote:i did EXACTLY as you say---the results speak for themselves: C:\Users\Tools>dumpcap -D 1. \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179} (Local Area Connection) that is the only adapter it finds for use. so i replaced the current values with your suggestion. basically taking my current working adapter and "borrowing" it for the npcap one. does it have to be a differerent adapter? anyway, nothing you said that would occur happened. still shows this 1 adapter and still no loopback/npcap ability: DEV WINDEVICE eth0 \Device\NPF_{E6793762-9633-432B-B8A6-B4C2F6AA5179} lo0 <none> lo0 <none> <none> \Device\NPF_{E2F8A220-AF88-446C-9A55-453E58DD3A33} <none> \Device\NPF_NdisWanIpv6 <none> \Device\NPF_NdisWanIp i'm stumped Mike ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Sunday, October 2, 2016 4:04 PM *To:* Mike .; Nmap-dev *Subject:* Re: npcap and still the same issues Here's how to do the trick to “borrow" an adapter to be Npcap Loopback Adapter. 1) Install Wireshark, and open a CMD in its installation folder. Because we need to use its dumpcap.exe tool. Run "dumpcap -D" C:\Program Files\Wireshark>dumpcap -D 1. \Device\NPF_{7C4E0476-D3F1-4F4C-9FE4-FA514710032A} (VMware Network Adapter VMnet1) 2. \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} (Wi-Fi) 3. \Device\NPF_{2F6EC492-5488-42D4-BAF4-049CD820EB66} (VMware Network Adapter VMnet8) 4. \Device\NPF_{2A2FCEC4-C241-4B8B-8532-C901A74DC867} (Npcap Loopback Adapter) 5. \Device\NPF_{AC093F81-04F0-4B51-9137-18E7B8376782} (Ethernet 2) Let's say that your original 4. (Npcap Loopback Adapter) is broken, so we are going to use 2. (Wi-Fi) as the new Npcap Loopback Adapter. Copy out its GUID name: \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} 2) Remove the "NPF_" in the above string, so it should be: \Device\{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} Copy it to two places in the registry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\ LoopbackAdapter HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Npcap\LoopbackAdapter (the 2nd registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Npcap\LoopbackAdapter if you are using a 32-bit OS) 3) Restart the driver, by running two commands in CMD: net stop npcap net start npcap 4) Now, the "Wi-Fi" adapter should be gone and the new "Npcap Loopback Adapter" is generated. Capture with it. Cheers, Yang On Sun, Oct 2, 2016 at 11:42 PM, Mike . <dmciscobgp () hotmail com> wrote:my current adapter , after identifying , gives me this in my systray---44fac. how did it retreive that? apparently, that is what the "identifying" portion is looking for. does anyone elses' ISP do this or just mine? and now, how do i take my current WORKING adapter and turn it into the "NPCAP adapter"? ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Sunday, October 2, 2016 3:24 PM *To:* Mike . *Cc:* nmap-group *Subject:* Re: npcap and still the same issues Hi Mike, Npcap doesn't count on any MAC or IP on its adapters. It only relies on the miniports. And again: *Npcap does not necessarily rely on the "Microsoft Loopback Adapter"*. "Npcap Loopback Adapter" can be any adapter. Npcap just "borrows" the shell of an adapter. So if your "Microsoft Loopback Adapter" doesn't work out, you can just choose another workable adapter to be the "Npcap Loopback Adapter", like a bluetooth adapter, or a real physical ethernet adapter which is not in use. After you specify its GUID in the registry, Npcap will recognize it as "Npcap Loopback Adapter" and let all loopback traffic go through it. The original traffic will be gone. So this whole trick will sacrifice one of your normal adapters. So the question is very simple, *can you provide any working adapter to be the "Npcap Loopback Adapter"?* If the answer is NO, for example, all your adapters are in the middle of "identifying..", then I must acknowledge that no one could save your machine. Cheers, Yang On Sun, Oct 2, 2016 at 10:09 PM, Mike . <dmciscobgp () hotmail com> wrote:so i figured i would try out the latest npcap, hoping it would allow me to get past the issues i was having before. NOPE. as i can see it, after looking at the install log and all the files in place, i don't think it is npcap. i think it is just my network/ISP and the way it is set up and configured. i now am almost 100% convinced i have to somehow hard-code the DNS/GATEWAY/ETC to somehow get this to work. right now it is sitting on an autoconfiged 169 addy and a constant "identifying.." in my systray where my adapter icon sits. as long as it says that, i get nothing. so i just disable it. does anyone else out there have this "identifying..." issue? i am almost convinced it is sending out or trying to identify it's MAC for my ISP?? not sure but i can't come up with anything else. until i can get past this, or until npcap can allow hard coding addressing so it can be "seen" by my network-----------------npcap and all it's loopback wonder, is useless to me Mike (my npcap adapter does say 46 packets sent, if that is anything to anyone) _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- npcap and still the same issues Mike . (Oct 02)
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 03)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)