Nmap 7.70 with Npcap 0.99-r2 in WinPcap API-compatible mode can't scan localhost #392
Comments
|
Affects Npcap 0.99-r1 and 0.99-r2, but not earlier releases. |
|
This is because we started using the Service registry key ("HKLM:\System\CurrentControlSet\Services\npcap\Parameters" usually, but also "npf\Parameters" under WinPcap API-compatible mode) to determine installation settings and features. Specifically, the Remaining questions that need to be answered before we can fix it:
|
|
It seems I was mistaken about NPFInstall.exe vs. NPFInstall2.exe. In WinPcap API-compatible mode, the former uses the "npf" name and the latter uses the "npcap" name. I don't see that this is documented anywhere, so I might change it. This would fix the problem for anything using the npcap service, but would then introduce it for things using the "npf" service name. As I mentioned, though, this could be a satisfactory solution, limiting newer features to programs using the Npcap API, not the WinPcap API. |
|
Most likely fix for the next release will be installing the native "npcap service" version of NPFInstall.exe as NPFInstall.exe, and making NPFInstall2.exe be the WinPcap API-compatible "npf service" version. This will effectively shift the bug from the native mode to the compatible mode, which should only be used to allow legacy programs to run until they are rewritten for the Npcap API. |
Nmap 7.70 is failing to inject packets on the Npcap Loopback Adapter, but only when Npcap is installed in WinPcap API-compatible mode. Everything looks fine, but all ports come back
filteredand Wireshark doesn't see the traffic. In native install mode, everything works. In both modes, packet injection on other interfaces (for remote scans) works fine.The text was updated successfully, but these errors were encountered: