Movatterモバイル変換

To build software that uses Npcap, use the latest version of the Npcap Software Development Kit (SDK). The latest SDK can be downloaded onNpcap.org. Updates to the SDK are much less frequent than updates to the Npcap binaries.

Examples of applications using Npcap are availablein the Examples directory in the source distribution. Several of these examples are explored in more depth in thethe section called “Npcap Development Tutorial”.

Npcap developer Yang Luo has also provided an example:UserBridge, which is a tool to redirect all packets from one interface to another.

For the most part, Npcap is completely compatible with software written for WinPcap. Minor changes need to be made tothe section called “DLL loading” and in some casesthe section called “Service name”. However, there have been many improvements to the libpcap API between the last release of WinPcap and the current release of Npcap. Reviewing the changes may help improve performance, reliability, and maintainability of software that uses Npcap.

Apart from the libpcap API, WinPcap exported a few functions used byWinDump that were related to porting a Unix-style tool to Windows but unrelated to packet capture. Those functions were not documented in the WinPcap documentation, have never been included in libpcap, and are therefore not in the Npcap API:getservent,endservent, andeproto_db.

One other function exported by WinPcap,wsockinit, is available via the Npcap API aspcap_wsockinit. It callsWSAStartup for Windows Sockets version 1.1 and ensures thatWSACleanup is called when the process ends.

Sometimes, our user software needs to detect the existence of Npcap/WinPcap at install-time or run-time. Although Npcap's GUI installer has the ability to handle this, you may want to handle it by yourself in some conditions, like you run Npcap installer in silent-mode. The run-time detection is even more useful. Your software probably has some functions that rely on Npcap's particular features (like loopback capture). You need to know if you are running on top of Npcap or the legacy WinPcap to control whether to switch your functions on. Fortunately, Npcap provides you some methods to detect Npcap/WinPcap at install-time and run-time.

GetDllVersion "C:\Program Files\Npcap\NPFInstall.exe" $R0 $R1IntOp $R2 $R0 / 0x00010000IntOp $R3 $R0 & 0x0000FFFFIntOp $R4 $R1 / 0x00010000IntOp $R5 $R1 & 0x0000FFFFStrCpy $inst_ver "$R2.$R3.$R4.$R5"

char *pcap_version = pcap_lib_version();printf("%s", pcap_version);// Npcap output: "Npcap version 0.92, based on libpcap version 1.8.1"// WinPcap output: "WinPcap version 4.1.3"

Prerequisite: Uncheck theInstall Npcap in WinPcap API-compatible Mode option at install-time (which is by default).

Npcap 0.9983 and newer support loopback traffic capture and injection without requiring a particular installation option.

Npcap's loopback adapter device is reported bypcap_findalldevs() as“\Device\NPF_Loopback”. This name is always available even if“Legacy loopback support” was chosen at install time, which puts the name of the legacy loopback adapter in theLoopbackAdapter REG_SZ value of theHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters. Registry key.

Traffic captured and injected on the loopback adapter uses theDLT_NULL data link type, which consists of a 4-byte header in host byte order that is either 2 for IPv4 packets or 24 for IPv6 packets.

The MTU of“Npcap Loopback Adapter” is hard-coded to 65536 by Npcap. Software using Npcap should get this value automatically and no special handling is needed. This value is arbitrary and does not imply a limitation on the Windows loopback stack, so it may be possible to capture packets with a size larger than the adapter's MTU.

Don't try to make OID requests to“Npcap Loopback Adapter” exceptOID_GEN_MAXIMUM_TOTAL_SIZE (MTU). Those requests will still succeed like other adapters do, but they only make sense for NDIS adapters and Npcap doesn't even use the NDIS way to handle the loopback traffic. The only handled OID request by Npcap isOID_GEN_MAXIMUM_TOTAL_SIZE. If you query its value, you will always get 65550 (65536 + 14). If you try to set its value, the operation will always fail.

If you use IP Helper API to get adapter list, you will get an interface named like“Loopback Pseudo-Interface 1”. This interface is a DUMMY interface by Microsoft and can't be seen in NDIS layer. And it also takes the 127.0.0.1/::1 IP address. A good practice for software is replacing theAdapterName of the“Loopback Pseudo-Interface 1” entry with“NPF_Loopback”, as Nmap does in its enhancements to libdnet.

“Legacy loopback support” installs a copy of the Microsft KM-TEST loopback adapter named“Npcap Loopback Adapter” for software that expects to find the loopback adapter via ordinary Windows API calls. The features and operation are no different from standard loopback support, but the name of the adapter will be written to theLoopbackAdapter Registry value.

Prerequisite: Check theSupport raw 802.11 traffic (and monitor mode) for wireless adapters option at install-time.

C:\>WlanHelper.exeWlanHelper for Npcap 0.91 ( https://npcap.com )Usage: WlanHelper [Commands]or: WlanHelper {Interface Name or GUID} [Options]OPTIONS:mode                  : Get interface operation modemode <managed|monitor|master|..>  : Set interface operation modemodes                 : Get all operation modes supported by the interface, comma-separatedchannel               : Get interface channelchannel <1-14>            : Set interface channel (only works in monitor mode)freq                  : Get interface frequencyfreq <VALUE>              : Set interface frequency (only works in monitor mode)modu                  : Get interface modulationmodu <dsss|fhss|irbaseband|ofdm|hrdsss|erp|ht|vht|ihv (VALUE)|..> : Set interface modulationmodus                 : Get all modulations supported by the interface, comma-separatedCOMMANDS:-i                    : Enter the interactive mode-h                    : Print this help summary pageOPERATION MODES:managed   : The Extensible Station (ExtSTA) operation modemonitor   : The Network Monitor (NetMon) operation modemaster    : The Extensible Access Point (ExtAP) operation mode (supported from Windows 7 and later)wfd_device    : The Wi-Fi Direct Device operation mode (supported from Windows 8 and later)wfd_owner : The Wi-Fi Direct Group Owner operation mode (supported from Windows 8 and later)wfd_client    : The Wi-Fi Direct Client operation mode (supported from Windows 8 and later)802.11 MODULATIONS (https://en.wikipedia.org/wiki/IEEE_802.11):802.11-1997   : dsss, fhss802.11a   : ofdm802.11b   : dsss802.11g   : ofdm802.11n   : mimo-ofdm802.11ac  : mimo-ofdmEXAMPLES:WlanHelper Wi-Fi modeWlanHelper 42dfd47a-2764-43ac-b58e-3df569c447da channel 11WlanHelper 42dfd47a-2764-43ac-b58e-3df569c447da freq 2WlanHelper "Wireless Network Connection" mode monitorSEE THE MAN PAGE (https://github.com/nmap/npcap) FOR MORE OPTIONS AND EXAMPLES

C:\>netsh wlan show interfacesThere is 1 interface on the system:Name                   :<Wi-Fi>Description            : Qualcomm Atheros AR9485WB-EG Wireless Network AdapterGUID                   :<42dfd47a-2764-43ac-b58e-3df569c447da>Physical address       : a4:db:30:d9:3a:9aState                  : connectedSSID                   : LUO-PC_NetworkBSSID                  : d8:15:0d:72:8c:18Network type           : InfrastructureRadio type             : 802.11nAuthentication         : WPA2-PersonalCipher                 : CCMPConnection mode        : Auto ConnectChannel                : 1Receive rate (Mbps)    : 150Transmit rate (Mbps)   : 150Signal                 : 100%Profile                : LUO-PC_NetworkHosted network status  : Not availableC:\>WlanHelper.exe<wi-fi> modemanagedC:\>WlanHelper.exe<wi-fi> mode monitorSuccessC:\>WlanHelper.exe<wi-fi> modemonitorC:\>WlanHelper.exe<wi-fi> mode managedSuccessC:\>WlanHelper.exe<wi-fi> modemanaged