Npcap使用问题记录

Npcap简介

官网地址

Npcap is the Nmap Project’s packet capture (and sending) library for Microsoft Windows. It implements the open Pcap API using a custom Windows kernel driver alongside our Windows build of the excellent libpcap library. This allows Windows software to capture raw network traffic (including wireless networks, wired ethernet, localhost traffic, and many VPNs) using a simple, portable API. Npcap allows for sending raw packets as well. Mac and Linux systems already include the Pcap API, so Npcap allows popular software such as Nmap and Wireshark to run on all these platforms (and more) with a single codebase. Npcap began in 2013 as some improvements to the (now discontinued) WinPcap library, but has been largely rewritten since then with hundreds of releases improving Npcap’s speed, portability, security, and efficiency.

问题记录

1、杀毒软件查杀

问题描述：
由于Npcap需要修改网卡驱动，导致某些杀毒软件（尤其360）在安装Npcap的时候反复检查，导致安装非常麻烦。
甚至安装成功后，莫名其妙会被杀毒软件删除部分文件导致无法正常工作。
解决方案：
目前只能在安装时关闭杀毒软件（卸载更好…）

2、某些Win7版本安装错误

问题描述：

解决方案：

• https://blog.csdn.net/timenianlun/article/details/134352313
• https://www.catalog.update.microsoft.com/search.aspx?q=kb4474419
  
  

3、Npcap启动失败

问题描述：
Npcap安装成功后，通过命令行查看启动失败且命令无法启动成功

sc query Npcap
sc qc Npcap
sc start Npcap

解决方案：
尝试重启操作系统后正常【由于是客户现场问题，不确定安装成功后是否有提示重启操作系统】

4、某Win11版本 Npcap1.73"failed to set hardware filter to promiscuous mode"错误

问题描述：

解决方案：

• 方案一：
  https://www.jianshu.com/p/3112103b4fa1
  https://www.280i.com/tech/11714.html
• 方案二（推荐）:
  更新Npcap版本(Npcap 1.74已修复该问题)
  
  

5、某Win11版本 packetsendpacket failed

问题描述：
错误打印：packetsendpacket failed: A device attached to the system is not functioning.(31)
抓包：wireshark能抓到发出去的包，但接收不到设备对此的回应包【由于是远程客户现场，无法进一步抓包】
解决方案【未解决】：
尝试安装Npcap-1.60，packetsendpacket不报错，但仍未接收到回应包,猜测只是老版本没返回错误而已
问题跟踪