Npcap is packet capture library for Windows operating system. Npcap is created and developed as a Nmap project. Npcap is based on WinPcap project which is currently not actively developed. The most important feature of Npcap is support for Windows 10 operating systems where WinPcap only supports up to Windows 7.
Npcap Features
Npcap provides a lot of powerful features according to WinPcap. Here are some of them.
- `NDIS 6 support` will make the Npcap work with newer Windows operating systems like Windows 10, Windows Server 2016, etc.
- `Extra Security` will only provide packet capture to the Administrator level users. If a non-Admin user tries to package capture he should pass UAC (User Account Control).
- `Loopback Packet Capture` makes Npcap capture loopback interface packet capture which is generally used for different services to communicate on the local host.
- `Loopback Packet Injection` makes Npcap inject packets to the loopback interfaces.
- `Libpcap` API support is very useful where popular applications like Wireshark, tcpdump can use Npcap easily like a native application.
- `WinPcap` compatibility is another useful compatibility feature for Npcap.
Npcap Versions
Npcap is an open source project and provided free for most cases. But as an open source project, it needs some support for costs. So Npcap provides as 2 versions for open source and commercial use
- Opensource Npcap source code can be downloaded, compiled and used for internal use.
- Npcap OEM Commercial license is provided with enterprise features like silent installer and commercial support. With Npcap OEM commercial license npcap can be redistributed with different products and libraries.
Download Npcap
Npcap can be downloaded from the following URL. The latest version of the Npcap is 0.996 .
https://nmap.org/npcap/dist/npcap-0.996.exe
Install Npcap
Windows 10 operating systems provide SmartScreen as a security measure. We can bypass SmartScreen check by clicking Run in the following window.
As Npcap requires access to the system functions the installation requires Administrative privileges with the following screen in order to start the installation. We will simply click Yes.
If there is an already install Npcap version it will be uninstalled automatically with the following screen.
In the following screen, we will accept the License Agreement of Npcap by clicking I Agree
The most important part of the Npcap installation is the following screen where we will set and provide installation options.
- `Support loopback traffic` will provide support for Loopback adapter packet capture and injection which will create a Npcap Loopback Adapter.
- `Restrict Npcap driver’s access to Administrators only` will secure access to npcap packet capture to Administrative users
- `Support raw 802.11 traffic for wireless adapters` will add wireless traffic capture support with IEEE 802.11 protocols
- `Install Npcap in WinPcap API-compatible Mode` will set fully WinPcap compatibility.
The installation will take a little time to complete.
When the Npcap installation is completed successfully we will see the following screen.
Print Npcap Service Status
Npcap is installed as a driver with a service. In order to capture packets, the Npcap service should be working. The service is named as npcap and we can print or display service status from the command line with sc command. We will open an MS-DOS or PowerShell with Administrator privileges like below.
Windows CMD.exe or Command Shell Tutorial with Examples
> sc query npcap
We can see that the npcap service status is currently running.
Start Npcap Service
We can also start Npcap service with the sc command like below. This operation also requires Administrative privileges.
> sc start npcap
Stop Npcap Service
We can stop Npcap service with the sc command like below. This operation also requires Administrative privileges.
> sc stop npcap