Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Remote Packet Capture

From: Tim Naami <tnaami () gmail com>
Date: Mon, 10 Aug 2020 19:40:13 -0500
Okay, I thought it was like WinPCAP.  How I worked around this is to use
SysInternals PsExec to run cmd on the target and execute rdcapd.

I'll figure out how to convert rdcapd as a service.

On Monday, August 10, 2020, Gordon Fyodor Lyon <fyodor () nmap org> wrote:


Hi Tim.  Npcap does not currently support rpcapd, but we might in the
future.  You are welcome to add any comments to the feature request on our
tracker:

https://github.com/nmap/npcap/issues/74

In the meantime, maybe you could use something like RDP to run tools like
Wireshark on the remote system itself?

Cheers,
Fyodor


On Mon, Aug 10, 2020 at 5:16 PM Tim Naami <tnaami () gmail com> wrote:



I need to capture packets with Wireshark from remote computers.  I used
to use WinPCAP but now am attempting to use NPCAP.  I've installed NPCAP
version 0.9995 on the remote computer.  Still no luck.  Using NMAP to scan
the remote computer I do not see port 2002 available.

Some questions:

   - Does this install as a service that is visible on the Services
   GUI?  If so, what is the name?
   - Short of the GUI, I've gone to the command prompt and performed a
   net stop npcap  and net start npcap and get a service to stop and start.
   - The Npcap Loopback Adapter is listed under Computer Management >
   Device Manager > Network Adapters
   - NMAP run from that machine works fine.
   - Wireshark on that machine runs fine.
   - As stated I port scanned the remote computer and don't see port
   2002 open.  Did the port number change?
   - I've run the installer using "Run as Administrator" as well as
   without.
   - I've gone to the C:\Program Files\Npcap\ directory and run (as
   Administrator) FixInstall.bat  still nothing on port 2002.
   - Referring back to services, should this be NPF?  I've run the
   DiagReport and under the "Service Info" I have:
   - *************************************************
   Service Info:
   *************************************************

   Status      : Running
   Name        : npcap
   DisplayName : Npcap Packet Driver (NPCAP)

   Get-Service : Cannot find any service with service name 'npf'.
   At C:\Program Files\Npcap\DiagReport.ps1:211 char:1
   + Get-Service npf
   + ~~~~~~~~~~~~~~~
       + CategoryInfo          : ObjectNotFound: (npf:String)
   [Get-Service], ServiceCommandException
       + FullyQualifiedErrorId : NoServiceFoundForGivenName,
   Microsoft.PowerShell.Commands.GetServiceComman


Please let me know what I might be overlooking.

Thank you,

Tim








_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: