winpcap not working with Windows 10

[obilodeau]

Not sure if winpcap will release an update with Windows 10 support but meanwhile win10pcap works.

It is not packaged by chocolatey...

For reference, we discussed winpcap on Windows in issue #1.

[Svieg]

Using msiexec <PATH_TO_MSI_INSTALL> /quiet /qn /norestart, I was able to install it but I had one prompt to accept to trust the new device and that was it. If we can fix that, we could have a chocoltey package easily.

[Svieg]

So it's a certificate verification thing to trust the new device and I think we should not package that with that check disabled to make sure no one installs it. I suggest we add a couple of lines in the install tools script scripts/windows/installtools.ps1 so that it downloads the msi installer and run it with the SKIP_SRVR_CERT_REQ option as mentionned here. That should solve our problem.

[obilodeau]

Sounds fair

[hsluoyz]

You would like to try Npcap: https://github.com/nmap/npcap, it's a fork of WinPcap and supports Win10. It has been supported by many softwares like Nmap, Wireshark, libpcap, etc. and under active development now.

[obilodeau]

Nice! Thanks for the pointer.

[obilodeau]

I tested npcap and it works with Wireshark's development branch (2.1.x rather than 2.0.x). However chocolatey only has the stable version in its repository.

@hsluoyz can you enable the winpcap compatibility mode in npcap's chocolatey package? That way we can automate the installation of a working wireshark + npcap in our tool. Thanks!

[hsluoyz]

Hi.

Npcap supports changing installation options even in silent install. Is it possible to use this command?

choco install npcap -packageParameters '/winpcap_mode=yes'

All the options are described here: https://htmlpreview.github.io/?https://github.com/nmap/npcap/blob/master/docs/npcap-guide-wrapper.html#npcap-redistribution-options

[obilodeau]

Didn't notice the options. It's exactly what I'm looking for, thanks!

Using this:

--- a/malboxes/profiles/snippets/provision_powershell.json
+++ b/malboxes/profiles/snippets/provision_powershell.json
@@ -12,6 +12,8 @@
        {
                "type": "windows-shell",
                "inline": [
+                       "choco install npcap --version 0.08 -packageParameters '/winpcap_mode=yes' -y",
+                       "choco install --ignore-dependencies wireshark -y",
                        "choco install {{ choco_packages }} -y"
                ]
        }

There is a problem where the npcap install hangs the VM. It's a Windows 10 64 bit VM. malboxes log:

    virtualbox-iso: Downloading npcap
    virtualbox-iso: from 'https://github.com/nmap/npcap/releases/download/v0.08-r3/npcap-0.08-r3.exe'
    virtualbox-iso: Progress: 96% - Saving 934.57 KB of 977.46 KB (957004/1000920)
    virtualbox-iso: Download of npcap-0.08-r3.exe (977.46 KB) completed.
    virtualbox-iso: Installing npcap...


^C==> virtualbox-iso: Unregistering and deleting virtual machine...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored: Build was cancelled.

To further troubleshoot, I tried installing it interactively on a Windows 10 32 bit. It results in a non-working install with -packageParameters '/winpcap_mode=yes'. I also tried --package-parameters since the -- seems mandatory and it didn't work.

• Is there a verbose mode to the installer so that I can log where it hangs?
• Also do you want me to file an issue on nmap's issue tracker, npcap-package's or we continue here?

[hsluoyz]

I have released Npcap 0.08 r4 at:
https://github.com/nmap/npcap/releases

It has added the installation log in: C:\Program Files\Npcap\install.log. Please sliently install it and provide me that file, thanks!

I have also submitted 0.08 r4 to chocolatey, and it has updated, so you can also use the choco command.

Also, could you provide your chocolatey log? It should be: C:\ProgramData\chocolatey\logs\chocolatey.log

[obilodeau]

Here's a gist with the requested log files: https://gist.github.com/obilodeau/b4a0053204f997a52237eeea5fdf0bc0

I think I see two issues:

1. the chocolatey package fails to pass the parameters to the nsis installer
2. the shutdown command fails (doesn't matter for my use case since the machine will get rebooted later anyway)

[hsluoyz]

the chocolatey package fails to pass the parameters to the nsis installer

I forgot to update the .ps1 script to pass on the parameters. I have updated it:) Please try again.

the shutdown command fails (doesn't matter for my use case since the machine will get rebooted later anyway)

I saw your gist, and the only shutdown command occurrence is here. I googled the 1116 error, and found out it means Unable to abort the system shutdown because no shutdown was in progress.(1116). So it's actually not an error. I don't know why chocolatey tries to stop a non-existing shutdown. But it's not very important I think.

[obilodeau]

It works! Thanks for your help.

[obilodeau]

The npcap package hangs at installation when I use it via a packer windows-shell provider.

I can't access the install.log because the VM is crashed and whenever I cancel the packer build the VM is destroyed so I can't extract the file. I added -v and -d to the choco install and here's where it hangs: https://gist.github.com/obilodeau/2ac85936f9ae5931d346d6d8312eb0a0

I left it there for more than an hour and it still didn't make any progress.

^C==> virtualbox-iso: Unregistering and deleting virtual machine...
==> virtualbox-iso: Deleting output directory...
Build 'virtualbox-iso' errored: Build was cancelled.
Cleanly cancelled builds after being interrupted.
----------------------------------
packer completed with return code: 1
Packer failed. Build failed. Exiting...

real    177m25.322s
user    0m21.634s
sys 0m0.729s

I'm not sure how you can reproduce this unfortunately...

[hsluoyz]

So, when specifying /winpcap_mode=yes, npcap install hangs. And without that parameter, it works. Right?

Can you try this parameter: /winpcap_mode=yes2? This is a private parameter and it will only install the compatible driver. The yes parameter will install two drivers, npcap and compatible drivers.

[obilodeau]

No with or without same problem.

[hsluoyz]

I have repeated the cinst npcap -packageParameters '/winpcap_mode=yes' -y command and it succeeded. So I can't reproduce your issue.

I have a few questions here:

1. What's your install machine? OS version? (win7, 8, 10 or 201x). x86 or x64.
2. Can you test the command npcap-0.08-r4.exe /S /winpcap_mode=yes manually by yourself to see if it's normal?
3. What' your json file for Packer + VirtualBox? And the versions of Packer and VirtualBox?

I knew VirtualBox recent releases have lots of compatible issues. So is it related with this issue: hashicorp/packer#3757?

[hsluoyz]

Hi @obilodeau ,

I have fixed the install halt in Win7/2008 in Npcap 0.08 r9. Please try the latest installer at:
https://github.com/nmap/npcap/releases

[obilodeau]

@hsluoyz sorry for the long wait. I'm testing right now.

[obilodeau]

It works using the -pre version, currently 0.10-r18, installed with:

choco install npcap -pre -y

Now we need to figure out how to get this version accepted before I can officially add npcap to the list of packages installed by default.

[obilodeau]

Turns out that you need to remove the -rXX from your version scheme:

Gary Ewan Park said:
@obilodeau any pre-release package, i.e. one that has -something at the end of the version, is automatically exempted. To get to approved, you would need to push a non pre-release package version

So can you push a non -rXX package update to chocolatey packages?

[hsluoyz]

I have uploaded it to: https://chocolatey.org/packages/npcap/0.78. Waiting for moderation..

[obilodeau]

0.78 was approved. I tested and it works. Thanks!