RE: NMAP 7.31 & Npcap 0.10 R9 Error

[Philip Kroetsch <pkroetsch () minnkota com>]

I manually installed the certificate, rebooted, and reinstalled npcap and still got the error “Failed to create npcap 
service for Win7, Win8, and Win10. Please try installing Npcap again, or use the official Npcap installer from 
https://github.com/nmap/releases<https://github.com/nmap/releases>”


From: dev [mailto:dev-bounces () nmap org] On Behalf Of ?????V5
Sent: Thursday, November 03, 2016 8:38 PM
To: Nmap-dev <dev () nmap org>
Subject: Re: NMAP 7.31 & Npcap 0.10 R9 Error

Hi Philip,

You seem to have the same code signing error. You have several ways to solve it:

1) check npcap.sys's certificate tree (right-click -> Properties -> Digital Signatures -> Details -> View Certificate 
-> Certification Path. It probably shows:

DigiCert
    DigiCert (SHA1 or SHA2 High Assurance EV) Code Signing CA
        Insecure.Com LLC

You may see the root cert "DigiCert" is currently not trusted (or may not). You need to manually add DigiCert root cert 
to your computer by following these steps:

1. That root cert is named as "DigiCert High Assurance EV Root CA" with a serial number: 
02:AC:5C:26:6A:0B:40:9B:8F:0B:79:F2:AE:46:25:77. You can find it in DigiCert's website: 
https://www.digicert.com/digicert-root-certificates.htm<https://www.digicert.com/digicert-root-certificates.htm>.
2. You click the "Download" to get a file named "DigiCertHighAssuranceEVRootCA.crt".
3. Open it, click "Install Certificate..." -> "Local Machine" -> "Automatically select..." -> Next -> Finish.
4. Reboot and install Npcap again.


2) Update to Win8.1/Win2012 R2. I think those systems won't have this issue.

3) Disable your driver signature enforcement on your Win 2012 (if it's possible) based on this docs: 
https://learn.sparkfun.com/tutorials/disabling-driver-signature-on-windows-8/disabling-signed-driver-enforcement-on-windows-8<https://learn.sparkfun.com/tutorials/disabling-driver-signature-on-windows-8/disabling-signed-driver-enforcement-on-windows-8>.

4) We are currently working on getting an EV certificate to sign the driver with it, it may solve your issue.


And the other thing, to generate Packet.log, you must:
1) install the latest Npcap 0.10 r14 debug version here: 
https://github.com/nmap/npcap/releases/download/v0.10-r14/npcap-0.10-r14-debug.exe<https://github.com/nmap/npcap/releases/download/v0.10-r14/npcap-0.10-r14-debug.exe>
2) try to run Nmap again to reproduce that error

Only debug version Npcap's Packet.dll logs the debug traces to that file, so you won't get it from a non-debug Npcap. 
And you can't get the log either without running a program (e.g. Nmap) which loads Packet.dll.




Cheers,
Yang


On Fri, Nov 4, 2016 at 2:02 AM, Philip Kroetsch <pkroetsch () minnkota com<mailto:pkroetsch () minnkota com>> wrote:
Hello,

I got the install to work now on my test with the device connected to the internet. Now I connected my production 
device to the internet and I am getting the same error. Here are the log files of the debug. I didn’t see a packet.log 
file…I saw an install.log though.

From: dev [mailto:dev-bounces () nmap org<mailto:dev-bounces () nmap org>] On Behalf Of ?????V5
Sent: Thursday, November 03, 2016 8:54 AM

To: Nmap-dev <dev () nmap org<mailto:dev () nmap org>>
Subject: Re: NMAP 7.31 & Npcap 0.10 R9 Error

Hi Philip,

Please install the latest Npcap 0.10 r14 debug version here: 
https://github.com/nmap/npcap/releases/download/v0.10-r14/npcap-0.10-r14-debug.exe<https://github.com/nmap/npcap/releases/download/v0.10-r14/npcap-0.10-r14-debug.exe>
 and try to run Nmap again to reproduce that error. Then send the generated C:\Program Files\Npcap\Packet.log file to 
me. Thanks!


Cheers,
Yang

On Wed, Nov 2, 2016 at 2:25 AM, Philip Kroetsch <pkroetsch () minnkota com<mailto:pkroetsch () minnkota com>> wrote:
Ok. The successfully installed npcap. Now when I run nmap I am getting an error.

“dnet: Failed to pen device eht0”
QUITTING!

Thanks


From: dev [mailto:dev-bounces () nmap org<mailto:dev-bounces () nmap org>] On Behalf Of ?????V5
Sent: Tuesday, November 01, 2016 11:31 AM
To: Nmap-dev <dev () nmap org<mailto:dev () nmap org>>
Subject: Re: NMAP 7.31 & Npcap 0.10 R9 Error

Hi Philip,

The file said:
Error 0x800b010a: A certificate chain could not be built to a trusted root authority.

From MSDN here: https://support.microsoft.com/en-hk/kb/2746268<https://support.microsoft.com/en-hk/kb/2746268> 
(although it's for Win7 and not Win8), it said this happens when your computer is not connected to Internet, so Windows 
can't download the root trust cert remotely when verifying the signature? Have your machine connected to Internet? If 
not, you can follow this document 
(https://technet.microsoft.com/en-hk/library/dn265983.aspx<https://technet.microsoft.com/en-hk/library/dn265983.aspx>) 
to configure your trust root manually.

A more direct (but a little unsafe way) to do this is to disable your driver signature enforcement on your Win 2012 (if 
it's possible) based on this docs: 
https://learn.sparkfun.com/tutorials/disabling-driver-signature-on-windows-8/disabling-signed-driver-enforcement-on-windows-8<https://learn.sparkfun.com/tutorials/disabling-driver-signature-on-windows-8/disabling-signed-driver-enforcement-on-windows-8>.
 But I don't know if you want to do this.


Cheers,
Yang


On Wed, Nov 2, 2016 at 12:03 AM, Philip Kroetsch <pkroetsch () minnkota com<mailto:pkroetsch () minnkota com>> wrote:
I got the same error when installing r13.

From: dev [mailto:dev-bounces () nmap org<mailto:dev-bounces () nmap org>] On Behalf Of ?????V5
Sent: Tuesday, November 01, 2016 10:50 AM

To: Nmap-dev <dev () nmap org<mailto:dev () nmap org>>
Subject: Re: NMAP 7.31 & Npcap 0.10 R9 Error

Hi Philip,

It seems to be a signature issue. The SetupCopyOEMInf() call fails with 0xe0000247. There's a similar issue in MSDN: 
http://answers.microsoft.com/en-us/windows/forum/windows_8-winapps/error-0xe0000247-problem-in-setupcopyoemlnfw-file/dfa77f92-f852-418b-bbca-9a0417320f81?page=1<http://answers.microsoft.com/en-us/windows/forum/windows_8-winapps/error-0xe0000247-problem-in-setupcopyoemlnfw-file/dfa77f92-f852-418b-bbca-9a0417320f81?page=1>.
 This issue only happens on Win8/Win2012. And you're using Win2012.

You can send me your C:\Windows\INF\setupapi.dev.log to double-check it. That file should indicates that the signature 
checking fails with Npcap's driver.

I tried to fix it in a Npcap 0.10 r13 test build here:
https://github.com/nmap/npcap/releases/download/v0.10-r12/npcap-0.10-r13-test.exe<https://github.com/nmap/npcap/releases/download/v0.10-r12/npcap-0.10-r13-test.exe>

Please test it to see whether it solves your issue.


Cheers,
Yang






On Tue, Nov 1, 2016 at 9:48 PM, Philip Kroetsch <pkroetsch () minnkota com<mailto:pkroetsch () minnkota com>> wrote:
Thanks
Phil

From: dev [mailto:dev-bounces () nmap org<mailto:dev-bounces () nmap org>] On Behalf Of ?????V5
Sent: Tuesday, November 01, 2016 4:29 AM
To: Nmap-dev <dev () nmap org<mailto:dev () nmap org>>
Subject: Re: NMAP 7.31 & Npcap 0.10 R9 Error

Hi Philip,

Please provide the entire NPFInstall.log and DiagReport to me. I can't tell what's actually wrong with the current info 
you provided. If you feel it unfit to make them public, you can send me the files privately to my mail. Thanks!


Cheers,
Yang


On Mon, Oct 31, 2016 at 10:00 PM, Philip Kroetsch <pkroetsch () minnkota com<mailto:pkroetsch () minnkota com>> wrote:
Hello,

I am getting an error when installing NMAP 7.31. The first error is on installation for npcap this is the error I 
receive “Failed to create npcap service for Win7, Win8, and Win10. Please try installing Npcap again, or use the 
official Npcap installer from https://github.com/nmap/releases<https://github.com/nmap/releases>”

I then tried installing npcap-0.10-r12 and received the same error. This has happened on 3 separate windows server 2012 
instances and 2 windows 8.1 instances.

Then now when I go to run nmap this is the error I receive. “Warning: Could not import all necessary Npcap functions. 
You may need to upgrade to version 0.07 or higher”

I looked in the NPFInstall.log file and I looks like there was a few errors. “HrInstallNetComponent” “Error 0xe0000247: 
Couldn’t install the network component” “Error 0xe0000247: InstallSpecifiedComponent”

Any help is appreciated.

Thank you!

________________________________
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com<http://www.mimecast.com>
________________________________

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev<https://nmap.org/mailman/listinfo/dev>
Archived at http://seclists.org/nmap-dev/<http://seclists.org/nmap-dev/>


________________________________
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com<http://www.mimecast.com>
________________________________


________________________________
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com<http://www.mimecast.com>
________________________________


________________________________
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com<http://www.mimecast.com>
________________________________


________________________________
This email has been scanned for email related threats and delivered safely by Mimecast.
For more information please visit http://www.mimecast.com<http://www.mimecast.com>
________________________________
---------------------------------------------------------------------------------------
 This email has been scanned for email related threats and delivered safely by Mimecast.
 For more information please visit http://www.mimecast.com
---------------------------------------------------------------------------------------

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/