Is Npcap with Winpcap compatible API expected?
bryonadams opened this issue · 4 comments
Trying to get this working without running as administrator, I noticed the UI will not detect any interfaces for inspecting traffic. Errors pop up indicating that Winpcap or Npcap must be installed, even though I have Npcap installed. I selected "Use Winpcap compatible library" in the settings but that made no difference. Looking at debugs, only mention of Winpcap existed in them.
I was able to get this running by reinstalling Npcap with an additional option, a Winpcap compatible API mode. Is this expected behavior?
Installing Npcap doesn't enable its service by default.
The state of a service can be queried with sc
PS C:\sandbox> sc query npcap
SERVICE_NAME: npcap
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
If Npcap's state is STOPPED, then it must be started in an Administrator command prompt.
start the service with net start npcap
PS C:\sandbox> net start npcap
The Npcap Packet Driver (NPCAP) service was started successfully.
In my experience, the service persists after shutdown and restarts.
Also, remember to launch ACT and load the plugin before logging in.
Running sc query npcap
doesn't actually return anything on my system. Is there something that needs to be enabled first?
Additionally, is there something about ACT that requires this extra step that Wireshark or other programs may not need? Not sure what the difference is with what I did to make it work there (between enabling the compatibility and not adding it to Npcap). If the service is required to be running for it to work, I'm unsure how what I did does work.
What operating system are you running, then? Or did you get a message along the lines of the service not existing at all?
Windows 10 (10.0.19045). No output at all, see below. Tried on both admin and non admin prompt, Npcap 1.72 is the version I'm using if it helps.
PS C:\Users\bryon> sc query npcap
PS C:\Users\bryon>