Npcap 1.70

[Karoline Oum]

Fixeda condition where disabling and re-enabling a network adapter while a

capture is active would prevent any packets from being received by the system

until the capture handle was closed. Fixes #710.

Introduced a workaround for a previously-unknown bug in Microsoft's bthpan.sys that was

causing BSoD crashes with INVALID_MDL_RANGE when Npcap or other drivers sent packets over

a Bluetooth-tethered connection. Microsoft intends to patch this Windows bug, but Npcap will

no longer trigger it regardless of patch status. Fixes #708.

Fixed an issue with the Npcap installer that caused it to install duplicate

certificates in the system's certificate store, which caused problems for

some software. The fixed installer will remove the duplicates. Fixes #692.

Fixed an issue causing "failed to set hardware filter to promiscuous mode" errors with NetAdapterCx-based Windows 11 miniport drivers. Npcap was interpreting the NDIS spec too strictly; we have opened an issue with Microsoft to address the fault in netadaptercx.sys. Fixes #628.

Restored original behavior of timestamps in the default case,

PCAP_TSTAMP_HOST_HIPREC_UNSYNCED/TIMESTAMPMODE_SINGLE_SYNCHRONIZATION.

Since Npcap 0.9994, the timestamp was resynchronized after NDIS stack pause

operations, which reduced timestamp drift from wall clock time but made it no

longer monotonic, making packet interval calculations inaccurate. This

restores the default behavior of WinPcap.

Fixed an issue where applications using Npcap 1.20 or later DLLs with a Npcap

1.00 driver would crash due to a stack buffer overrun when the driver returned

too many bytes in response to a request for timestamp modes. Additionally,

changed NPFInstall.exe to attempt to uninstall the Npcap NetCfg component

prior to installation, in case an improperly-uninstalled component persists.

Fixed an issue where promiscuous mode or other hardware packet filters are ignored after a second

handle is opened on the same adapter, including handles opened in the process of listing adapters

with pcap_findalldevs(). Fixes #647.

Increase strictness in checking for and restoring adapter parameters modified during capture:

hardware packet filter and lookahead will only be modified if the original value can be

determined. This fixes issues with connectivity on certain adapter types (WWAN and some WiFi

adapters) after a capture is closed.

Updated build configurations to enable DEP and ASLR for npcap.sys, which were missing from the

original configs inherited from WinPcap. Additionally, enabled Control Flow Guard for Packet.dll

and all helper EXEs.

Restored an undocumented data member of the struct ADAPTER that is not used internally. Directly

accessing members of the ADAPTER struct from Packet32.h is highly discouraged, since the

API in Packet32.h is not intended for use apart from libpcap. Closes #609.

PacketGetNetType() now always sets the LinkSpeed field to 0. Many adapters did not support the OID

that was being used to get the link speed, and libpcap (Npcap's published API) does not pass this

information through, so there should be no impact on the majority of software. Software that needs

link speed may use pcap_oid_get_request() or GetAdaptersAddresses() to get the information.

Packet injection operations are no longer limited to one at a time. Multiple threads can issue

multiple send operations concurrently on the same capture handle without issue, unless system

resource limits result in allocation failures. Additionally, WinPcap's limit of 256 concurrent

sends on each adapter has been removed. Each Write call is still synchronous, however.

Loopback packet capture and injection now uses fewer WFP filters and callbacks, avoids duplicate

packet processing, uses inspection rather than blocking filters, and persists callout driver

objects while still removing callout filters when captures are not using them. These and other

improvements increase loopback capture efficiency and reduce interference with other network

components.

Npcap is only supported on Windows 7 SP1 and later, and requires KB4474419 to support SHA-2

signature validation. The installer will now check these specific requirements, rather than

attempting an installation that will fail anyway.

Fixed a minor issue with Npcap OEM's silent installer: Npcap 1.55 and later ought to avoid

reinstalling the same version if the existing installation options match the requested options,

but /winpcap_mode=no would never match.

Packet sendqueue operations now more strictly check timestamp order. If an out-of-order

timestamp is encountered, the packet will not be transmitted. PacketSendPackets() will

set the last error value to ERROR_INVALID_TIME. Since packets may be

reported slightly out-of-timestamp-order on multiprocessor machines due to

processing delays, only timestamps that are more than 1ms earlier than the

preceding timestamp will generate the error.

Npcap now tracks the original lookahead value (OID_GEN_CURRENT_LOOKAHEAD,

PacketSetMaxLookahead()) before requesting the max value from the miniport, and restores it once

the capture handle is closed. The practice of setting the lookahead to max value was inherited

from WinPcap, and may be changed in the future subject to performance testing.

When I ran WireShark, I get the following message:Local interfaces are unavailable because the packet capture driver isn't loaded.You can fix this by running net start npcapif you have Npcap installed or net start npfif you have WinPcap installed. Both commands must be run as Administrator.

I then installed the latest version of npcap for Windows (1.70) manually and restarted the PC. When I start WireShark, I no longer get the message about Local interfaces being unavailable, but I only see Adaptor for loopback, USBPcap1 and USBPcap2. If run 'net start npf' it tells me that the service is already running.

I made sure both WinPcap and npcap were uninstalled, restarted and then manually installed npcap (1.70) and restarted again.I am still getting the 'Local interfaces are unavailable because the packet capture driver isn't loaded' message when I start WireShark.( I can't upload an image, apparently I need 60 points, whatever that means).

Despite npcap being present in both the Program Files and Windows\System32\Drivers folders, I seem to be unable to get any recognition that npcap is running.If I type 'net start npcap' I get a 'The service name is invalid' response.

Well, I got no response whatsoever on the npcap page.I have 3 PCs, Wireshark runs on all of them but npcap only runs on two of them (both Windows 10). I cannot get npcap to install on Windows 11 PC (doesn't come up with an error, but it doesn't create a service either).I have drawn a blank.

I see the Prerequisites list having to download the Npcap version 1.0 driver, however the npcap website has Npcap 1.50 available and I'm unable to locate the 1.0 version for download. Is Npcap 1.50 supported?

3a8082e126