How To Download and Install Npcap Library For Windows Packet Capture? – POFTUT

How To Download and Install Npcap Library For Windows Packet Capture?


Npcap is packet capture library for Windows operating system. Npcap is created and developed as a Nmap project. Npcap is based on WinPcap project which is currently not actively developed. The most important feature of Npcap is support for Windows 10 operating systems where WinPcap only supports up to Windows 7.

Npcap Features

Npcap provides a lot of powerful features according to WinPcap. Here are some of them.

  • `NDIS 6 support` will make the Npcap work with newer Windows operating systems like Windows 10, Windows Server 2016, etc.
  • `Extra Security` will only provide packet capture to the Administrator level users. If a non-Admin user tries to package capture he should pass UAC (User Account Control).
  • `Loopback Packet Capture` makes Npcap capture loopback interface packet capture which is generally used for different services to communicate on the local host.
  • `Loopback Packet Injection` makes Npcap inject packets to the loopback interfaces.
  • `Libpcap` API support is very useful where popular applications like Wireshark, tcpdump can use Npcap easily like a native application.
  • `WinPcap` compatibility is another useful compatibility feature for Npcap.

Npcap Versions

Npcap is an open source project and provided free for most cases. But as an open source project, it needs some support for costs. So Npcap provides as 2 versions for open source and commercial use

  • Opensource Npcap source code can be downloaded, compiled and used for internal use.
  • Npcap OEM Commercial license is provided with enterprise features like silent installer and commercial support. With Npcap OEM commercial license npcap can be redistributed with different products and libraries.
LEARN MORE  Wireshark - How To Capture, Filter , Inspect Network Packets?

Download Npcap

Npcap can be downloaded from the following URL. The latest version of the Npcap is 0.996 .

https://nmap.org/npcap/dist/npcap-0.996.exe

Install Npcap

Windows 10 operating systems provide SmartScreen as a security measure. We can bypass SmartScreen check by clicking Run in the following window.

Bypass SmartScreen
Bypass SmartScreen

As Npcap requires access to the system functions the installation requires Administrative privileges with the following screen in order to start the installation. We will simply click Yes.

Npcap UAC
Npcap UAC

If there is an already install Npcap version it will be uninstalled automatically with the following screen.

Uninstall Older Npcap
Uninstall Older Npcap

In the following screen, we will accept the License Agreement of Npcap by clicking I Agree

Accept Npcap License
Accept Npcap License

The most important part of the Npcap installation is the following screen where we will set and provide installation options.

  • `Support loopback traffic` will provide support for Loopback adapter packet capture and injection which will create a Npcap  Loopback Adapter.
  • `Restrict Npcap driver’s access to Administrators only` will secure access to npcap packet capture to Administrative users
  • `Support raw 802.11 traffic for wireless adapters` will add wireless traffic capture support with IEEE 802.11 protocols
  • `Install Npcap in WinPcap API-compatible Mode` will set fully WinPcap compatibility.
Npcap Installation Options
Npcap Installation Options

The installation will take a little time to complete.

When the Npcap installation is completed successfully we will see the following screen.

Npcap Installation Completed
Npcap Installation Completed

Print Npcap Service Status

Npcap is installed as a driver with a service. In order to capture packets, the Npcap service should be working. The service is named as npcap and we can print or display service status from the command line with sc command. We will open an MS-DOS or PowerShell with Administrator privileges like below.

LEARN MORE  What Is Packet Sniffing with List Of Packet Sniffers?

Windows CMD.exe or Command Shell Tutorial with Examples

> sc query npcap

We can see that the npcap service status is currently running.

Start Npcap Service

We can also start Npcap service with the sc command like below. This operation also requires Administrative privileges.

> sc start npcap

Stop Npcap Service

We can stop  Npcap service with the sc command like below. This operation also requires Administrative privileges.

> sc stop npcap

Leave a Comment