Npcap packet driver что это

Обновлено: 07.07.2024

A guide to Npcap, a packet capture and network analysis framework for Windows, for users and software developers. Npcap is a modern, safe, and compatible update to WinPcap.

Table of Contents

Introduction

This Manual describes the programming interface and the source code of Npcap. It provides detailed descriptions of the functions and structures exported to programmers, along with complete documentation of the Npcap internals. Several tutorials and examples are provided as well.

What is Npcap?

Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver.

Most networking applications access the network through widely-used operating system primitives such as sockets. It is easy to access data on the network with this approach since the operating system copes with the low level details (protocol handling, packet reassembly, etc.) and provides a familiar interface that is similar to the one used to read and write files.

Sometimes, however, the “ easy way ” is not up to the task, since some applications require direct access to packets on the network. That is, they need access to the “ raw ” data on the network without the interposition of protocol processing by the operating system.

The purpose of Npcap is to give this kind of access to Windows applications. It provides facilities to:

• capture raw packets, both the ones destined to the machine where it's running and the ones exchanged by other hosts (on shared media)
• filter the packets according to user-specified rules before dispatching them to the application
• transmit raw packets to the network
• gather statistical information on the network traffic

This set of capabilities is obtained by means of a device driver, which is installed inside the networking portion of the Windows kernel, plus a couple of DLLs.

All of these features are exported through a powerful programming interface, easily usable by applications. The main goal of this manual is to document this interface, with the help of several examples.

What kind of programs use Npcap?

• network and protocol analyzers
• network monitors
• traffic loggers
• traffic generators
• user-level bridges and routers
• network intrusion detection systems (NIDS)
• network scanners
• security tools

What Npcap can't do

Npcap receives and sends the packets independently from the host protocols, like TCP/IP. This means that it isn't able to block, filter or manipulate the traffic generated by other programs on the same machine: it simply “ sniffs ” the packets that transit on the wire. Therefore, it does not provide the appropriate support for applications like traffic shapers, QoS schedulers and personal firewalls.

Npcap Features

Npcap has many exciting features that set it above other packet capture solutions:

Built for modern Windows : Npcap is written for Windows 10, Windows 8.1, Windows 8, and Windows 7. Using up-to-date NDIS versions, it allows you to capture traffic without slowing down the network stack. Npcap is implemented as a NDIS 6 Lightweight Filter driver, faster and with less overhead than the legacy NDIS 5 Protocol Driver used by WinPcap.

WinPcap compatibility : Npcap is a drop-in replacement for WinPcap in most applications.

Updated cross-platform libpcap API : The libpcap API allows cross-platform packet capture applications to target Linux, Windows, macOS, BSD, Solaris and others. Npcap includes the latest version of libpcap, providing the best solution for compatibility, performance, functionality, and security.

Loopback packet capture and injection : Npcap is able to see Windows loopback packets using the Windows Filtering Platform (WFP). Npcap supplies an interface named “ NPF_Loopback ” , with the description “ Adapter for loopback capture. ” Wireshark users can choose this adapter to capture all loopback traffic the same way as other non-loopback adapters. Packet injection works as well with pcap_inject() .

Raw 802.11 Packet Capture Support : Npcap is able to see 802.11 frames instead of emulated Ethernet frames on ordinary wireless adapters. You need to select the Support raw 802.11 traffic (and monitor mode) for wireless adapters option in the installation wizard to enable this feature. When your adapter is in “ Monitor Mode ” , Npcap will supply all 802.11 data + control + management packets with Radiotap headers. When your adapter is in “ Managed Mode ” , Npcap will only supply Ethernet packets. Npcap directly supports using Wireshark to capture in “ Monitor Mode ” . Npcap also provides the WlanHelper.exe tool to manually configure WiFi PHY parameters. See more details about this feature in the section called “For software that uses Npcap raw 802.11 feature”.

“ Admin-only Mode ” Support : Npcap supports restricting its use to Administrators for safety purpose. If Npcap is installed with the option “ Restrict Npcap driver's access to Administrators only ” checked, only Built-in Administrators may access its features via user software (Nmap, Wireshark, etc). This provides a level of restriction similar to requiring root access for packet capture on Linux/UNIX.

Purpose of this manual

The purpose of this manual is to provide a comprehensive and easy way to browse the documentation of the Npcap architecture. You will find three main sections:

the section called “Npcap Users' Guide” is for end users of Npcap, and primarily concerns installation options, hardware compatibility, and bug reporting procedures.

the section called “Developing software with Npcap” is for programmers who need to use Npcap from an application: it contains information about functions and data structures exported by the Npcap API, a manual for writing packet filters, and information on how to include it in an application. A tutorial with several code samples is provided as well; it can be used to learn the basics of the Npcap API using a step-by-step approach, but it also offers code snippets that demonstrate advanced features.

the section called “Npcap internals” is intended for Npcap developers and maintainers, or for people who are curious about how this system works: it provides a general description of the Npcap architecture and explains how it works. Additionally, it documents the complete device driver structure, the source code, the Packet.dll interface and the low-level Npcap API. If you want to understand what happens inside Npcap or if you need to extend it, this is the section you will want to read.

Terminology

We call Npcap an architecture rather than library because packet capture is a low level mechanism that requires a strict interaction with the network adapter and with the operating system, in particular with its networking implementation, so a simple library is not sufficient.

For consistency with the literature, we will use the term packet even though frame is more accurate since the capture process is done at the data-link layer and the data-link header is included in the captured data.

Npcap License

Even though Npcap source code is publicly available for review, it is not open source software and may not be redistributed without special permission from the Nmap Project. The Npcap Free License allows end users to download, install, and use up to 5 copies of Npcap from our site for free. Copies which are only used with Nmap, Wireshark, and/or Microsoft Defender for Identity don't count toward this 5-install limit.

We fund the Npcap project by selling the Npcap OEM Edition. This special version of Npcap includes enterprise features such as the silent installer and commercial support as well as special license rights allowing customers to redistribute Npcap with their products or to install it on more systems within their organization with easy enterprise deployment. We offer two commercial license types:

The Npcap OEM Redistribution License is for companies that wish to distribute Npcap OEM within their products (the free Npcap edition does not allow this). Licensees generally use the Npcap OEM silent installer, ensuring a seamless experience for end users. Licensees may choose between a perpetual unlimited license or an annual term license, along with options for commercial support and updates.

The Npcap OEM Internal-Use License is for organizations that wish to use Npcap OEM internally without redistribution outside their organization. This allows them to bypass the 5-system usage cap of the Npcap free edition. It includes commercial support and update options, and provides the extra Npcap OEM features such as the silent installer for enterprise-wide deployment.

Obtaining Npcap

The latest Npcap release can always be found on the Npcap website as an executable installer and as a source code archive.

Всем привет Сегодня поговорим о такой программе как WinPcap, что это такое и зачем оно нужно. Есть специальные программы, которые работают с сетью. Не с интернетом, а именно с сетью. Ну а сеть может быть как интернет, так и локальная.

WinPcap является основой для такого софта, и без нее никак они работать не будут. Поэтому с одной стороны WinPcap это программа, а с другой это компонент, который необходим для других программ. Например известная в узком кругу программа Wireshark для слежки за трафиком, такие программы называются снифферами. Компонент WinPcap позволяет смотреть что и кому шлют, ну это если очень образно сказать

WinPcap устанавливает в Windows свой драйвер, который и используют другие программы. Именно драйвер позволяет работать сетевому интерфейсу WinPcap надежно и четко.

WinPcap сидит в такой папке как:

C:\Program Files (x86)\WinPcap

Там присутствует три файла, это лог, консольный компонент управления и Uninstall.exe, который служит для деинсталляции программы.

Почему у вас установлен WinPcap? Тут есть несколько версий, возможно что ваш компьютер является рабочим и данное ПО уже было установлено, соответственно его удалять не нужно. Также некоторые программы могут в автоматическом режиме скачать и установить WinPcap, так как это просто необходимо для их работы.

Интересно то, что поддерживается работа даже в Windows 95, 98, конечно я не уверен что работает там все прям уж отлично, но тем не менее такое заявление от разработчиков есть.

То есть, если для вас это все незнакомо и вы никаким специальным сетевым софтом не пользуетесь, то возможно что WinPcap стоит удалить? Но опять же, а если какой-то проге он нужен? Обычно Офису, играм, самой Windows, браузерам, в общем обычному софту WinPcap и близко не нужен. Это только для сетевого софта, которым еще нужно уметь пользоваться. Некоторые хакерские утилиты требуют наличия в системе WinPcap.

Как удалить WinPcap с компьютера полностью?

Для удаления вы можете использовать продвинутую программу Revo Uninstaller, которая удаляет не только программу но и весь мусор после нее. Ну это так, как хотите, мое дело предложить

Потом находим значок Программы и компоненты:

И в списке установленных программ смотрим, где там стоит WinPcap, находим его и нажимаем правой кнопкой, где выбираем Удалить:

Дальше появится окошко, там нажимаем кнопку Uninstall:

И WinPcap удалится просто мгновенно, о чем будет написано в следующем окошке:

Вот и все, WinPcap удален с компа вашего. Надеюсь что я нормально все тут написал и вам все понятно о программе WinPcap? Мне теперь осталось пожелать вам удачи

Comments

WinCap ставит сервис: Remote Packet Capture Protorol. Но я нигде не могу найти название драйвера WinCap, а он должен быть. Может быть подскажите? Пожалуйста!(на e-mailL)

Добавить комментарий Отменить ответ

Этот сайт использует Akismet для борьбы со спамом. Узнайте как обрабатываются ваши данные комментариев.

One of Npcap's advanced features is support for capturing raw 802.11 WiFi frames from adapters in monitor mode. Unfortunately, not all adapters support this mode, and several which do support it have limitations in their drivers. This page will attempt to document adapters that have been tested, and the degree of support they provide.

Feature Support

Note: A common reason for an adapter to not show "Monitor Mode" in Wireshark is if you have WinPcap installed. Wireshark will not use Npcap if WinPcap is present.

Note: These features are part of the "Native 802.11 WLAN" interface, which is deprecated in Windows 10. It is possible that a device listed here under Windows 10 may perform better in Windows 8 or 8.1.

How to help

If you would like to help us collect this information, you need a few things:

Install Npcap and Wireshark. Be sure that WinPcap is not installed. Wireshark will not use Npcap if WinPcap is installed, so raw 802.11 WiFi capture will not be available. Gather the model and version information from your WiFi card by opening Device Manager, expanding Network adapters, right-clicking your WiFi adapter, and choosing Properties. The Driver tab will show the driver version.

Here are the steps to record the info needed:

1. Monitor mode - Open Wireshark. Open Capture options. If there is a checkbox in the Monitor Mode column for your adapter, enter >.
2. Capture works - Click the checkbox to enable monitor mode and start capture. If any frames show up, enter >.
3. FCS - If there are no Malformed Packet errors, enter >.
4. Channel/frequency - Expand the 802.11 radio information tree. If any packets show channel or frequency information, enter >.
5. RSSI - Under 802.11 radio information, if Signal strength (dBm) is not 0 and not constant, enter >. Expected values are between -10 and -100 dBm, but other values may be reported.
6. Notes - Enter any helpful information, especially differences between observed and expected behavior.

You can fetch adapter information on the command line using the Win32_PnPSignedDriver WMI class. For example, running the following inside the Command Prompt will show each device name, manufacturer, and driver version:

Many more details about Npcap are available in the Npcap User/Developer Guide. We've also created a feature comparison between Npcap and WinPcap.

Downloading and Installing Npcap Free Edition

The free version of Npcap may be used (but not externally redistributed) on up to 5 systems (free license details). It may also be used on unlimited systems where it is only used with Nmap, Wireshark, and/or Microsoft Defender for Identity. Simply run the executable installer. The full source code for each release is available, and developers can build their apps against the SDK. The improvements for each release are documented in the Npcap Changelog.

for Windows 7/2008R2, 8/2012, 8.1/2012R2, 10/2016, 2019 (x86, x64, and ARM64). (ZIP). (ZIP). (ZIP).

The latest development source is in our Github source repository. Windows XP and earlier are not supported; you can use WinPcap for these versions.

Npcap OEM for Commercial Use and Redistribution

Npcap OEM Redistribution License: The redistribution license is for companies that wish to distribute Npcap OEM within their products (the free Npcap edition does not allow this). Licensees generally use the Npcap OEM silent installer, ensuring a seamless experience for end users. Licensees may choose between a perpetual unlimited license or an annual term license, along with options for commercial support and updates. [Redistribution license details]

Npcap OEM Internal-Use License: The corporate internal license is for organizations that wish to use Npcap OEM internally, without redistribution outside their organization. This allows them to bypass the 5-system usage cap of the Npcap free edition. It includes commercial support and update options, and provides the extra Npcap OEM features such as the silent installer for enterprise-wide deployment. [Internal-use license details]

Documentation

The primary documentation for Npcap is the Npcap User's Guide. You can also refer to the README file on Github. The changes in each new release are documented in the Npcap Changelog.

Patches, Bug Reports, Questions, Suggestions, etc

Npcap bug reports can be filed on the Npcap Issues Tracker. Please test with the latest version of Npcap first to ensure it hasn't already been fixed. It is also helpful if you search the current issues first to find out if it has already been reported. Then you can leave a comment on the existing issue rather than creating duplicates. Feature enhancement requests can be made on the tracker as well

Code patches to fix bugs are even better than bug reports. Instructions for creating patch files and sending them are available here.

Читайте также:

  
• Safenet ikey driver что это
  
• Не печатается рамка в автокаде
  
• Как пользоваться программой 1с автосалон
  
• 1с д е что это
  
• Какое максимальное количество измерений может содержать массив в excel