Re: Wireshark Windows installer no longer redistributable?

[Gordon Fyodor Lyon <gordon () nmap org>]

On Mon, Mar 11, 2019 at 11:24 AM Laurence Perkins <lperkins () openeye net>
wrote:

So I notice with version 3 that wireshark now bundles npcap instead
> of winpcap.  From a technical point of view this makes a lot of sense since
> npcap is actually maintained and has a better feature set. But I notice
> that the npcap license forbids redistribution without special dispensation.


Hi Laurence.  I'm glad you like Npcap, and thanks for raising this
important issue.  I run the Nmap and Npcap Projects and will try to explain
the current licensing situation.

First of all, we at the Nmap project are huge Wireshark fans.  In fact we
had a user vote and Wireshark won as the #1 security tool (
https://sectools.org/)!  So we're very happy to throw all the support we
can behind Wireshark, and we're delighted to see our Npcap packet capturing
driver/library proving useful for Wireshark users.  We already changed the
Npcap license to better accommodate Wireshark (e.g. removing the usage
limit) and we're receptive to other ideas for helping Wireshark/Npcap
integration that don't threaten the financial health of the Npcap Project
itself.

Our main project is the Nmap Security Scanner (https://nmap.org/), which
recently turned 21 years old.  During most of that time we were happy users
of WinPcap.  But then WinPcap became unmaintained and we had increasing
concerns about security, stability, and WinPcap's use of deprecated Windows
API's that MS could remove at any time.  Still, we had no desire to get
into Windows device driver programming and we waited years hoping that
someone else would step up and fix the issues.  That didn't happen, so we
took a deep breath and dived in and have spent the last several years
creating Npcap (https://npcap.org).  We have been shipping it with Nmap
since 2016 and we're approaching our big 1.0 release.  The latest version
is 0.99-r9, which now ships with Wireshark 3.

While we're really proud of where Npcap is now, it hasn't come cheaply.
I've personally spent hundreds of thousands of dollars hiring programmers
to help make this happen.  That isn't financially sustainable, and I don't
want Npcap to go the way of WinPcap and WinPcap Pro.  So the goal is for
the Npcap Project to at least break even financially by spreading the
development and maintenance cost among those who benefit from it.  This
especially includes companies who want to redistribute Npcap as part of the
products that they sell.

While we did grant a waiver so the Wireshark Project (Riverbed) and their
official mirrors can redistribute Npcap with Wireshark, you are correct
that the waiver does not allow everyone to externally redistribute Npcap
with Wireshark.  We (Npcap Project) are concerned that such a waiver could
open a loophole allowing companies who couldn't normally redistribute Npcap
without buying a license to simply redistribute the whole Wireshark+Npcap
installer with their product instead and use Npcap that way.   We're also
worried about malware authors and other sleazebags to whom we'd never grant
a license using this loophole to redistribute Npcap.  Besides being
terrible on its own, malware using Npcap could lead to our EV codesigning
certificate being blacklisted.  Of course straight-up criminals don't care
what our license says, but some sleazebags who purport to be legitimate
do.  Remember when Download.com and SourceForge tried adding adware/malware
to the Wireshark and Nmap installers?

Please note that Npcap's redistribution limits only apply to external
redistribution.  You can still download Npcap (or WinPcap+Npcap) and
install it on multiple machines at your organization.  Though for big
organizations who want to roll out Npcap on a lot of machines, we recommend
our Npcap OEM product which includes a silent installer. See
https://nmap.org/npcap/#License.

Also, the Npcap license of course only applies to Wireshark installers that
actually bundle Npcap.  The Wireshark project or any user is welcome to
build and redistribute a Wireshark installer which doesn't include Npcap
and then do whatever they want with it (subject to Wireshark's own license,
of course).

Also, we're happy to look at cases where the redistribution limitation is
causing pain.  If you have a case where you really need to redistribute
Wireshark+Npcap, send me an email.  We can consider individual waivers on a
case by case basis, and we are also open to structural/license changes
where they solve an important and common need without posing much risk to
Npcap's financial sustainability goal.

For what it's worth, Nmap has been shipping with Npcap since 2016 and so
the redistribution rule also applies to our Nmap Windows Self-Installer.
While we did worry about that at first, it has not actually proved to be
much of a problem in practice.  Users should almost always download Nmap or
Wireshark directly from the source anyway so they get the very latest
version and avoid accidentally downloading trojans from shady
redistributors like Download.com.

Sorry for the long mail, but I hope this helps clarify things.

Sincerely,
Gordon "Fyodor" Lyon

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe