Nmap Development mailing list archives
Re: npcap and still the same issues
From: 食肉大灰兔V5 <hsluoyz () gmail com>
Date: Mon, 3 Oct 2016 00:04:53 +0800
Here's how to do the trick to “borrow" an adapter to be Npcap Loopback
Adapter.
1) Install Wireshark, and open a CMD in its installation folder. Because we
need to use its dumpcap.exe tool. Run "dumpcap -D"
C:\Program Files\Wireshark>dumpcap -D
1. \Device\NPF_{7C4E0476-D3F1-4F4C-9FE4-FA514710032A} (VMware Network
Adapter VMnet1)
2. \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9} (Wi-Fi)
3. \Device\NPF_{2F6EC492-5488-42D4-BAF4-049CD820EB66} (VMware Network
Adapter VMnet8)
4. \Device\NPF_{2A2FCEC4-C241-4B8B-8532-C901A74DC867} (Npcap Loopback
Adapter)
5. \Device\NPF_{AC093F81-04F0-4B51-9137-18E7B8376782} (Ethernet 2)
Let's say that your original 4. (Npcap Loopback Adapter) is broken, so we
are going to use 2. (Wi-Fi) as the new Npcap Loopback Adapter. Copy out its
GUID name: \Device\NPF_{385F30D0-9166-45D3-BBC6-F1D9C5300AF9}
2) Remove the "NPF_" in the above string, so it should be:
\Device\{385F30D0-9166-45D3-BBC6-F1D9C5300AF9}
Copy it to two places in the registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\LoopbackAdapter
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Npcap\LoopbackAdapter
(the 2nd registry path is HKEY_LOCAL_MACHINE\SOFTWARE\Npcap\LoopbackAdapter
if you are using a 32-bit OS)
3) Restart the driver, by running two commands in CMD:
net stop npcap
net start npcap
4) Now, the "Wi-Fi" adapter should be gone and the new "Npcap Loopback
Adapter" is generated. Capture with it.
Cheers,
Yang
On Sun, Oct 2, 2016 at 11:42 PM, Mike . <dmciscobgp () hotmail com> wrote:
my current adapter , after identifying , gives me this in my systray---44fac. how did it retreive that? apparently, that is what the "identifying" portion is looking for. does anyone elses' ISP do this or just mine? and now, how do i take my current WORKING adapter and turn it into the "NPCAP adapter"? ------------------------------ *From:* 食肉大灰兔V5 <hsluoyz () gmail com> *Sent:* Sunday, October 2, 2016 3:24 PM *To:* Mike . *Cc:* nmap-group *Subject:* Re: npcap and still the same issues Hi Mike, Npcap doesn't count on any MAC or IP on its adapters. It only relies on the miniports. And again: *Npcap does not necessarily rely on the "Microsoft Loopback Adapter"*. "Npcap Loopback Adapter" can be any adapter. Npcap just "borrows" the shell of an adapter. So if your "Microsoft Loopback Adapter" doesn't work out, you can just choose another workable adapter to be the "Npcap Loopback Adapter", like a bluetooth adapter, or a real physical ethernet adapter which is not in use. After you specify its GUID in the registry, Npcap will recognize it as "Npcap Loopback Adapter" and let all loopback traffic go through it. The original traffic will be gone. So this whole trick will sacrifice one of your normal adapters. So the question is very simple, *can you provide any working adapter to be the "Npcap Loopback Adapter"?* If the answer is NO, for example, all your adapters are in the middle of "identifying..", then I must acknowledge that no one could save your machine. Cheers, Yang On Sun, Oct 2, 2016 at 10:09 PM, Mike . <dmciscobgp () hotmail com> wrote:so i figured i would try out the latest npcap, hoping it would allow me to get past the issues i was having before. NOPE. as i can see it, after looking at the install log and all the files in place, i don't think it is npcap. i think it is just my network/ISP and the way it is set up and configured. i now am almost 100% convinced i have to somehow hard-code the DNS/GATEWAY/ETC to somehow get this to work. right now it is sitting on an autoconfiged 169 addy and a constant "identifying.." in my systray where my adapter icon sits. as long as it says that, i get nothing. so i just disable it. does anyone else out there have this "identifying..." issue? i am almost convinced it is sending out or trying to identify it's MAC for my ISP?? not sure but i can't come up with anything else. until i can get past this, or until npcap can allow hard coding addressing so it can be "seen" by my network-----------------npcap and all it's loopback wonder, is useless to me Mike (my npcap adapter does say 46 packets sent, if that is anything to anyone) _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- npcap and still the same issues Mike . (Oct 02)
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 03)
- Message not available
- Re: npcap and still the same issues 食肉大灰兔V5 (Oct 02)