[Winpcap-users] Npcap 0.04, based on original WinPcap 4.1.3, call for test

Tue Sep 1 02:56:13 UTC 2015

Hi Mark,

On Tue, Sep 1, 2015 at 8:02 AM, Mark Pizzolato - Winpcap-Users <
winpcap-users-20040408 at subscriptions.pizzolato.net> wrote:

> Hi Yang,
>
>
>
> Thanks for doing this.
>
>
>
> I have 2 comments and one bug/issue.
>
>
>
> Comments:
>
> 1)      Windows XP and Vista systems are still somewhat common.  It would
> be great if the installer could be setup to install the original WinPcap
> binaries on these platforms.  Then there could be a single pcap installer
> for all Windows platforms.
>
In fact, Npcap has integrated the original WinPcap files for XP and Vista.
The installer will install stock WinPcap when running on XP and Vista
systems. You can try it if you like.

> 2)      The Administrator mode is a good enhancement.  It would be nice
> if a middle position (between completely open and completely admin) were
> available for some environments.  Maybe membership in a paritular security
> group….
>
We have talked about this plan (see Plan C at the end of the mail) and
didn't go along that way ( at last chooses Plan A). But I don't think it's
impossible for now. Maybe we can create a new user group called "Npcap
Users" and leave it empty at first, then if a user trying to use Npcap is a
member of "Npcap Users", he will be permitted, if he is not a member, Npcap
will check if he has Admin right, if yes, then permit too. What do you
think about this? You can submit this idea as an issue on the list.

>
> Bug/Issue:
>
>
>
> With the Npcap package installed, I was unable to map a shared folder for
> a system on my LAN which had worked previously.   Uninstalling the Npcap
> package immediately allowed access to the shared folder on the other system.
>

Npcap has released 1.00 version now, maybe you'd like to try the latest
installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-1.00.exe

I have installed 1.00 version on my Win10 host, and accessed a shared
folder at \\192.168.0.80\osv with no issue. Can you access the Internet
when you found this issue?

>
>
> Maybe you want to enable ‘issues’ in the github repository to track things
> like this.
>

Npcap uses the same issue list with Nmap at
https://github.com/nmap/nmap/issues, you can fire an issue there.

>
>
> Thanks again.
>
>
>
> -          Mark Pizzolato
>
>
>

Cheers,
Yang

>
>
> *From:* winpcap-users-bounces at winpcap.org [mailto:
> winpcap-users-bounces at winpcap.org] *On Behalf Of *?????V5
> *Sent:* Saturday, August 22, 2015 6:02 AM
> *To:* winpcap-users at winpcap.org
> *Subject:* [Winpcap-users] Npcap 0.04, based on original WinPcap 4.1.3,
> call for test
>
>
>
> Hi list,
>
>
>
> Npcap is an update of WinPcap to NDIS 6 Light-Weight Filter (LWF)
> technique. Within Google Summer of Code 2013 and 2015, Npcap has added many
> features and become stable in its 0.04 version. I hope that you guys could
> test its functionalities, and I'd like to see WinPcap official adopt
> features of Npcap.
>
>
>
> The features of Npcap are listed as belows:
>
> 1) NDIS 6 Support
>
> 2) "Admin-only Mode" Support
>
> 3) "WinPcap Compatible Mode" Support
>
> 4) Loopback Packets Capture Support
>
> 5) Loopback Packets Send Support
>
>
>
> For more details, please go to:
>
> https://github.com/nmap/npcap
>
>
>
> The lastest installer will always be in:
>
> https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/
>
>
>
> The current latest version is:
>
> npcap-nmap-0.04-r5.exe
> <https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r5.exe>
>
>
>
> Notice:
>
> 1) You need to try it under Win7 and later, and no need to change the
> installation options, just click the "Next"s. Npcap installed in "WinPcap Compatible
> Mode" is exclusive with WinPcap, so you must uninstall WinPcap first
> (installer will prompt you this).
>
> 2) If you have installed WinPcap, better to reboot the PC after
> uninstalling WinPcap and then install Npcap.
>
>
>
>
>
> Cheers,
>
> Yang
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>

-------------------------------------------------------------------------------------------------------------------------------------------------------
Forwarded:

I want to let you decide which plan we will use for our function: *Add
privilege support to Npcap so we can limit it to users with administrator
access*

*Last week I said there are three options as below:*

Plan A: Allow Administrators group to use the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed.

Plan B: Allow Users group to use the driver. All members of Users group can
use the driver directly.

Plan C: Create a custom group named Nmap Users and add all Administrators
group members intoNmap Users during NPcap installation, then allow Nmap
Users group to access the driver. The drawback is if a new user added
to Administrators
group, there's no graceful ways to let that user join our Nmap Users group
automatically. Admins need to add that user manually.

*As Plan B and Plan C are crossed out in our last meeting, we will only
talk about Plan A here, depending on whether we really want to check the
"true" administrator privilege, We have Plan A-1 and Plan A-2 as belows:*

Plan A-1: Add access control to the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed. When being denied, we can show our
custom dialog to user which says like "You need to re-run the program as an
Administrator to use NPcap, please restart your program as an
Administrator". Notice Windows has no way to elevate a process during
run-time, the Admin privilege is only granted when a process is started. So
for this solution, Nmap *MUST* restart if not started with Run as
Administrator option. Here what we can do as NPcap is that we prompt a
customized error dialog then quit. Let the user restart a new Nmap by
himself.

Plan A-2: We don't add access control to the driver, we only checks whether
the current user is a member of Administrators group in our DLL
(packet.dll). This solution has nothing to do with UAC and privilege
elevation. So the current user do NOT have to run nmap withRun as
Administratoroption. If the current user is a member of Admin group, then
nmap can use NPcap normally, if the current user is not, we can prompt a
customized dialog says "Your current account is not in Administrator group,
please restart your program under an account within Administrator group.

To sum up,
1) Both solutions need to restart the program (such as Nmap) if the user
fails our check. No way to elevate the privilege at run-time.
2) The difference between the two solutions is that Plan A-1 needs a "true"
administrator privilege, so the not built-in members of Administrators
group must run nmap with Run as Administrator option. Plan A-2 do not need
a "true" administrator privilege, so all members of Administrators group
can run nmap normally without Run as Administrator option.

*Personally, I prefer Plan A-2, because this solution will give the end
users less trouble. So there will be less complaints when user first adopts
our NPcap. At the same time It's less safer than Plan A-1. What about your
suggestions?*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20150901/0d5fb78c/attachment-0001.html>