Skip to content

Npcap 1.70
Compare
Choose a tag to compare
@dmiller-nmap dmiller-nmap released this 24 Jun 22:52
v1.70
0e297c9

Installer, debug symbols, and SDK available from https://npcap.org/#download

  • Major overhaul of Packet.dll to improve performance of PacketGetAdapterNames(), used by
    pcap_findalldevs(), and PacketOpenAdapter(), used in all libpcap functions that return a
    pcap_t. Reduced calls to GetAdaptersAddresses(), properly caching results for short periods.
    Errors from lower functions are correctly propagated, making diagnosis of failures easier. Fixes
    #168, #61, and #586.

  • PacketGetNetType() now always sets the LinkSpeed field to 0. Many adapters did not support the OID
    that was being used to get the link speed, and libpcap (Npcap's published API) does not pass this
    information through, so there should be no impact on the majority of software. Software that needs
    link speed may use pcap_oid_get_request() or GetAdaptersAddresses() to get the information.

  • The undocumented char PacketLibraryVersion[] export has been removed. The PacketGetVersion()
    function is the documented way to get the runtime version of the Packet.dll library.

  • Packet injection operations (pcap_inject(), PacketSendPacket(), pcap_sendqueue_transmit(),
    and PacketSendPackets()) now properly pend the related Write IRP until the NBLs have
    been returned by NDIS. This may make packet injection more efficient.

  • Packet injection operations are no longer limited to one at a time. Multiple threads can issue
    multiple send operations concurrently on the same capture handle without issue, unless system
    resource limits result in allocation failures. Additionally, WinPcap's limit of 256 concurrent
    sends on each adapter has been removed. Each Write call is still synchronous, however.

  • Loopback packet capture and injection now uses fewer WFP filters and callbacks, avoids duplicate
    packet processing, uses inspection rather than blocking filters, and persists callout driver
    objects while still removing callout filters when captures are not using them. These and other
    improvements increase loopback capture efficiency and reduce interference with other network
    components.

  • Npcap is only supported on Windows 7 SP1 and later, and requires KB4474419 to support SHA-2
    signature validation. The installer will now check these specific requirements, rather than
    attempting an installation that will fail anyway.

  • Added timeouts to subprocess executions in the installer to prevent a hung installation.

  • Fixed a minor issue with Npcap OEM's silent installer: Npcap 1.55 and later ought to avoid
    reinstalling the same version if the existing installation options match the requested options,
    but /winpcap_mode=no would never match.

  • Packet sendqueue operations (pcap_sendqueue_transmit(), PacketSendPackets())
    with time synchronization (sync parameter) have been improved to use timed waits when
    possible, only falling back to busy wait for inter-packet delays of less than 50
    microseconds. Time difference calculations have been revised to avoid integer overflows
    and loss of precision. Fixes #580.

  • Packet sendqueue operations now more strictly check timestamp order. If an out-of-order
    timestamp is encountered, the packet will not be transmitted. PacketSendPackets() will
    set the last error value to ERROR_INVALID_TIME. Since packets may be
    reported slightly out-of-timestamp-order on multiprocessor machines due to
    processing delays, only timestamps that are more than 1ms earlier than the
    preceding timestamp will generate the error.

  • Npcap is now built with the Win11 SDK and WDK (10.0.22000). We look forward to
    implementing support for the exciting new features of NDIS and WFP.

  • Improve capture handle state transitions within the Npcap driver. State mismatches led
    to issues like #584, where the wrong error code was
    reported when the adapter was detached and reattached.

  • Fix an issue where raw WiFi capture handles (/dot11_support install option) would not
    reattach after a network disconnect and reconnect. Normal handles got this ability in
    Npcap 1.60, but raw WiFi frame captures (monitor mode) did not take advantage of it.
    Fixes #591.

  • Npcap now avoids setting hardware packet filters (OID_GEN_CURRENT_PACKET_FILTER,
    PacketSetHwFilter()) that the miniport does not declare support for. This may improve
    compatibility with WWAN (e.g. 3G and LTE) and VPN connections.

  • Npcap now tracks the original lookahead value (OID_GEN_CURRENT_LOOKAHEAD,
    PacketSetMaxLookahead()) before requesting the max value from the miniport, and restores it once
    the capture handle is closed. The practice of setting the lookahead to max value was inherited
    from WinPcap, and may be changed in the future subject to performance testing.

Assets 2
Loading