Download Npcap 1.78

Spread the love

Previously, on the Windows platform, you had to rely on WinPcap when you wanted to capture or process network traffic. However, its development was completely stopped in 2013. Nmap, among others, used this packet capture library and these developers then started developing Npcap where several improvements can be found in. For example, recent libpcaps are supported, and it can receive or send loopback traffic. Npcap is used by several networking tools today, such as Nmap, Nessus and Wireshark. The development team recently released version 1.78 with the following list of changes:

Npcap 1.78

  • Fixed a memory leak in Npcap 1.77 which occurs when the kernel buffer is full. Fixes #701.
  • Correctly handle an allocation failure during out-of-memory condition, avoiding a null pointer dereference. Fixes #698.

Npcap 1.77

  • Fixed a memory leak in Npcap 1.76 only which occurs while capturing traffic at high data rates. Fixes #688.
  • Fixed an issue in Npcap 1.76 where packets delivered to the driver by NDIS in a single indication, having the same timestamp, would be placed in the packet queue in reverse order. Fixes #684.
  • Fixed an issue with Npcap 1.75 and 1.76 where changing timestamp modes could result in all packets being delivered with the same timestamp. Fixes #695.
  • Fixed an issue with the Npcap installer that caused it to install duplicate certificates in the system's certificate store, which caused problems for some software. The fixed installer will remove the duplicates. Fixes #692.

Npcap 1.76

  • Our code signing key has been reissued to “Nmap Software LLC” replacing the old “Insecure.Com LLC” subject name.
  • Improve performance of the driver by reducing lock contention and consolidating data copy operations. This may help address #663.
  • Additional fixes to locking discipline to potentially address a BSoD issue, #679.

Npcap 1.75

  • Fix a critical regression in Npcap 1.74 which caused all captured packets to have the same timestamp. Fixes #668.

Npcap 1.74

  • Updated libpcap to 1.10.4.
  • Fixed an issue (#667) that prevented capture handles from receiving packets after a NDIS stack pause operation.
  • Fixed an issue that could cause inaccurate timestamps when multiple handles were open and using different timestamp modes. Fixes #666.
  • Fixed an issue preventing raw WiFi frame capture since Npcap 1.60.
  • Fixed an issue causing “failed to set hardware filter to promiscuous mode” errors with NetAdapterCx-based Windows 11 miniport drivers. Npcap was interpreting the NDIS spec too strictly; we have opened an issue with Microsoft to address the fault in netadaptercx.sys. Fixes #628.
  • Addressed several code readability and portability fixes in Packet.dll discovered using clang-tidy via Visual Studio Code Analysis.

Npcap 1.73

  • Fixed an issue causing “failed to set hardware filter to promiscuous mode” errors due to a new code path failing to return appropriate error codes. Fix by Guy Harris in PR #656. Fixes #628.
  • Fixed an issue with WlanHelper causing “error 0x7b” since Npcap 1.70.Fix by Hauke ​​Neitzel in PR #652. Fixes #649.
  • Fixed an issue preventing capture handles from reattaching after NDIS stack pause operations, resulting in persistent ERROR_DEVICE_REMOVED (1617) errors. Fixes #627.
  • Restored original behavior of timestamps in the default case, PCAP_TSTAMP_HOST_HIPREC_UNSYNCED/TIMESTAMPMODE_SINGLE_SYNCHRONIZATION. Since Npcap 0.9994, the timestamp was resynchronized after NDIS stack pause operations, which reduced timestamp drift from wall clock time but made it no longer monotonic, making packet interval calculations inaccurate. This restores the default behavior of WinPcap.
  • Fixed an issue that prevented Npcap 1.71 and 1.72 from being completely removed on uninstall. A misconfigured npcap driver service had persisted. Fixes #657.
  • Fixed an issue where applications using Npcap 1.20 or later DLLs with a Npcap 1.00 driver would crash due to a stack buffer overrun when the driver returned too many bytes in response to a request for timestamp modes. Additionally, changed NPFInstall.exe to attempt to uninstall the Npcap NetCfg component prior to installation, in case an improperly-uninstalled component persists.
  • Updated libpcap to 1.10.3.

Npcap 1.72

  • Fixed an issue where promiscuous mode or other hardware packet filters are ignored after a second handle is opened on the same adapter, including handles opened in the process of listing adapters with pcap_findalldevs(). Fixes #647.
  • Fixed an issue with validation of parameters to PacketGetNetInfoEx(). The NEntries parameter was not being checked for values ​​less than or equal to 0. Fixes #625.

Npcap 1.71

  • Increase strictness in checking for and restoring adapter parameters modified during capture: hardware packet filter and lookahead will only be modified if the original value can be determined. This fixes issues with connectivity on certain adapter types (WWAN and some WiFi adapters) after a capture is closed.
  • Modify NDIS binding parameters so that Npcap will bind both above and below a NIC teaming or network bridge IM driver. This may improve capture options in related situations, like #115.
  • Updated build configurations to enable DEP and ASLR for npcap.sys, which were missing from the original configs inherited from WinPcap. Additionally, enabled Control Flow Guard for Packet.dll and all helper EXEs.
  • Fix a BSoD issue on Windows 8.1 due to registering a service without a name. Fixes #565.
  • Fix an issue with admin-only mode where high-integrity processes (UAC not enforced) could not open or list adapters. Fixes #606.
  • Restored an undocumented data member of the struct ADAPTER that is not used internally. Directly accessing members of the ADAPTER struct from Packet32.h is highly discouraged, since the API in Packet32.h is not intended for use separately from libpcap. Closes #609.
  • Extensive refactoring of driver code for performance and maintainability.

Npcap 1.70

  • Major overhaul of Packet.dll to improve performance of PacketGetAdapterNames(), used by pcap_findalldevs(), and PacketOpenAdapter(), used in all libpcap functions that return a pcap_t. Reduced calls to GetAdaptersAddresses(), properly caching results for short periods. Errors from lower functions are correctly propagated, making diagnosis of failures easier. Fixes #168, #61, and #586.
  • PacketGetNetType() now always sets the LinkSpeed ​​field to 0. Many adapters did not support the OID that was being used to get the link speed, and libpcap (Npcap's published API) does not pass this information through, so there should be no impact on the majority of software. Software that needs link speed may use pcap_oid_get_request() or GetAdaptersAddresses() to get the information.
  • The undocumented char PacketLibraryVersion[] export has been removed. The PacketGetVersion() function is the documented way to get the runtime version of the Packet.dll library.
  • Concurrently released the Npcap SDK Version 1.13 to reflect removal of PacketLibraryVersion and to add SAL annotations to most function prototypes and several struct fields. See SDK changelog at https://github.com/nmap/npcap/blob/master/SDK_CHANGELOG.md
  • Packet injection operations (pcap_inject(), PacketSendPacket(), pcap_sendqueue_transmit(), and PacketSendPackets()) now properly execute the related Write IRP until the NBLs have been returned by NDIS. This may make packet injection more efficient.
  • Packet injection operations are no longer limited to one at a time. Multiple threads can issue multiple send operations concurrently on the same capture handle without issue, unless system resource limits result in allocation failures. Additionally, WinPcap's limit of 256 concurrent sends on each adapter has been removed. Each Write call is still synchronous, however.
  • Loopback packet capture and injection now uses fewer WFP filters and callbacks, avoids duplicate packet processing, uses inspection rather than blocking filters, and persists callout driver objects while still removing callout filters when captures are not using them. These and other improvements increase loopback capture efficiency and reduce interference with other network components.
  • Npcap is only supported on Windows 7 SP1 and later, and requires KB4474419 to support SHA-2 signature validation. The installer will now check these specific requirements, rather than attempting an installation that will fail anyway.
  • Added timeouts to subprocess executions in the installer to prevent a hung installation.
  • Fixed a minor issue with Npcap OEM's silent installer: Npcap 1.55 and later ought to avoid reinstalling the same version if the existing installation options match the requested options, but /winpcap_mode=no would never match.
  • Packet sendqueue operations (pcap_sendqueue_transmit(), PacketSendPackets()) with time synchronization (sync parameter) have been improved to use timed waits when possible, only falling back to busy wait for inter-packet delays of less than 50 microseconds. Time difference calculations have been revised to avoid integer overflows and loss of precision. Fixes #580.
  • Packet sendqueue operations now more strictly check timestamp order. If an out-of-order timestamp is encountered, the packet will not be transmitted. PacketSendPackets() will set the last error value to ERROR_INVALID_TIME. Since packets may be reported slightly out-of-timestamp-order on multiprocessor machines due to processing delays, only timestamps that are more than 1ms earlier than the preceding timestamp will generate the error.
  • Npcap is now built with the Win11 SDK and WDK (10.0.22000). We look forward to implementing support for the exciting new features of NDIS and WFP.
  • Improve capture handle state transitions within the Npcap driver. Fixes BSoD #601 as well as #584, where the wrong error code was reported when the adapter was detached and reattached.
  • Fix an issue where raw WiFi capture handles (/dot11_support install option) would not reattach after a network disconnect and reconnect. Normal handles got this ability in Npcap 1.60, but raw WiFi frame captures (monitor mode) did not take advantage of it. Fixes #591.
  • Npcap now avoids setting hardware packet filters (OID_GEN_CURRENT_PACKET_FILTER, PacketSetHwFilter()) that the miniport does not declare support for. This may improve compatibility with WWAN (eg 3G and LTE) and VPN connections.
  • Npcap now tracks the original lookahead value (OID_GEN_CURRENT_LOOKAHEAD, PacketSetMaxLookahead()) before requesting the max value from the miniport, and restores it once the capture handle is closed. The practice of setting the lookahead to max value was inherited from WinPcap, and may be changed in the future subject to performance testing.

Version number 1.78
Release status Final
Operating systems Windows 7, Windows Server 2008, Windows Server 2012, Windows 8, Windows 10, Windows Server 2016, Windows Server 2019, Windows 11
Website Npcap
Download https://npcap.com/#download
License type GPL
You might also like
Exit mobile version