Nmap Development mailing list archives

Re: Remote Packet Capture

From: Gordon Fyodor Lyon <fyodor () nmap org>
Date: Mon, 10 Aug 2020 17:20:57 -0700

Hi Tim.  Npcap does not currently support rpcapd, but we might in the
future.  You are welcome to add any comments to the feature request on our
tracker:

https://github.com/nmap/npcap/issues/74

In the meantime, maybe you could use something like RDP to run tools like
Wireshark on the remote system itself?

Cheers,
Fyodor


On Mon, Aug 10, 2020 at 5:16 PM Tim Naami <tnaami () gmail com> wrote:


I need to capture packets with Wireshark from remote computers.  I used to
use WinPCAP but now am attempting to use NPCAP.  I've installed NPCAP
version 0.9995 on the remote computer.  Still no luck.  Using NMAP to scan
the remote computer I do not see port 2002 available.

Some questions:

   - Does this install as a service that is visible on the Services GUI?
   If so, what is the name?
   - Short of the GUI, I've gone to the command prompt and performed a
   net stop npcap  and net start npcap and get a service to stop and start.
   - The Npcap Loopback Adapter is listed under Computer Management >
   Device Manager > Network Adapters
   - NMAP run from that machine works fine.
   - Wireshark on that machine runs fine.
   - As stated I port scanned the remote computer and don't see port 2002
   open.  Did the port number change?
   - I've run the installer using "Run as Administrator" as well as
   without.
   - I've gone to the C:\Program Files\Npcap\ directory and run (as
   Administrator) FixInstall.bat  still nothing on port 2002.
   - Referring back to services, should this be NPF?  I've run the
   DiagReport and under the "Service Info" I have:
   - *************************************************
   Service Info:
   *************************************************

   Status      : Running
   Name        : npcap
   DisplayName : Npcap Packet Driver (NPCAP)

   Get-Service : Cannot find any service with service name 'npf'.
   At C:\Program Files\Npcap\DiagReport.ps1:211 char:1
   + Get-Service npf
   + ~~~~~~~~~~~~~~~
       + CategoryInfo          : ObjectNotFound: (npf:String)
   [Get-Service], ServiceCommandException
       + FullyQualifiedErrorId :
   NoServiceFoundForGivenName,Microsoft.PowerShell.Commands.GetServiceComman


Please let me know what I might be overlooking.

Thank you,

Tim








_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Remote Packet Capture Tim Naami (Aug 10)
- Re: Remote Packet Capture Gordon Fyodor Lyon (Aug 10)
  - Re: Remote Packet Capture Tim Naami (Aug 19)