Software update: Npcap 1.00

In the past, on the Windows platform, you had to rely on WinPcap when you wanted to capture or edit network traffic. However, its development was completely discontinued in 2013. Nmap, among others, made use of this packet capture library and these developers then started developing Npcap where several improvements can be found in. For example, recent libpcaps are supported, and it can receive or send loopback traffic. Npcap is used by several networking tools today, such as Nmap and Wireshark. The Npcap development team recently dared to finally release version 1.00. The announcement looks like this:

Npcap 1.00 was just released and a new Nmap is on the way!

Hello everyone. I hope you are all safe and well during this nasty pandemic. I obviously haven’t been wearing my marketing hat enough given that this is my first mail to the Nmap Announcement list since last August’s Nmap 7.80 release. But we’ve been heads-down programming since then and have great news to report!

The biggest news is that, after more than 7 years of development and 170 previous public releases, we’re delighted to release Npcap 1.00! Some products may start at version one or rush to get there, but we took our time making sure Npcap was completely stable and ready for production use. After all, driver crashes can take down your whole system. You may recall that we started the Npcap project because Nmap needed a better way to send and receive raw packets on Windows. WinPcap was great for its time, but ceased development in 2013 and used a deprecated Windows API that never worked well on Windows 10. We also wanted improved stability, performance, and security.

While we created Npcap for Nmap, it turns out that many other projects and companies had the same need. Wireshark switched to Npcap with their big 3.0.0 release last February, and Microsoft publicly recommends Npcap for their Azure ATP (Advanced Threat Protection) product. We introduced the Npcap OEM program allowing companies to license Npcap OEM for use within their products (redistribution license: https://nmap.org/npcap/oem/redist.html) or for company-internal use with commercial support and deployment automation ( https://nmap.org/npcap/oem/internal.html). This project that was expected to be a drain on our resources (but worthwhile since it makes Nmap so much better) is now helping to fund the Nmap project. The Npcap OEM program has also helped ensure Npcap’s stability by deploying it on some of the fastest networks at some of the largest enterprises in the world.

Npcap 1.00 is now available for download from https://npcap.org. Even though I failed to actually announce recent Npcap releases (we’ve made 15 in the last year), you can read about those dozens of performance improvements, bug fixes, and feature enhancements at https://npcap.org/changelog.

I’d like to thank Daniel Miller (@bonsaiviking on Github and Twitter) for doing most of the Npcap dev work in recent years, and Yang Luo (@hsluoyz) for all of his help in the early years.

It turns out that Windows kernel development is hard work (LOL), so Npcap has taken a huge amount of our time recently. We’ve made many Nmap improvements in Github, but haven’t had a formal Nmap release since last year’s Defcon. I’m happy to report that’s about to change. We’re hoping to finish a new Nmap release this week with all of the accumulated changes plus of course Npcap 1.00! And now that Npcap has proven itself extremely stable, we are turning more of our attention to Nmap proper. Stay tuned!

cheers,
Gordon “Fyodor” Lyon