Vroeger was je op het Windows-platform aangewezen op WinPcap wanneer je het netwerkverkeer wilde opvangen of bewerken. De ontwikkeling daarvan werd echter in 2013 volledig gestaakt. Onder andere Nmap maakte gebruik van deze packet capture library en deze ontwikkelaars zijn toen begonnen met het ontwikkelen van Npcap waar verschillende verbeteringen in terug te vinden zijn. Zo worden recente libpcaps ondersteund, en kan het loopback verkeer opvangen of versturen. Npcap wordt tegenwoordig door verschillende netwerktools gebruikt, zoals Nmap en Wireshark. Het ontwikkelteam van Npcap heeft het recentelijk aangedurft om eindelijk versie 1.00 uit te brengen. De aankondiging daarvan ziet er als volgt uit: Npcap 1.00 was just released and a new Nmap is on the way! Hello everyone. I hope you are all safe and well during this nasty pandemic. I obviously haven’t been wearing my marketing hat enough given that this is my first mail to the Nmap Announcement list since last August’s Nmap 7.80 release. But we’ve been heads-down programming since then and have great news to report! The biggest news is that, after more than 7 years of development and 170 previous public releases, we’re delighted to release Npcap 1.00! Some products may start at version one or rush to get there, but we took our time making sure Npcap was completely stable and ready for production use. After all, driver crashes can take down your whole system. You may recall that we started the Npcap project because Nmap needed a better way to send and receive raw packets on Windows. WinPcap was great for its time, but ceased development in 2013 and used a deprecated Windows API that never worked well on Windows 10. We also wanted improved stability, performance, and security. While we created Npcap for Nmap, it turns out that many other projects and companies had the same need. Wireshark switched to Npcap with their big 3.0.0 release last February, and Microsoft publicly recommends Npcap for their Azure ATP (Advanced Threat Protection) product. We introduced the Npcap OEM program allowing companies to license Npcap OEM for use within their products (redistribution license: https://nmap.org/npcap/oem/redist.html) or for company-internal use with commercial support and deployment automation ( https://nmap.org/npcap/oem/internal.html). This project that was expected to be a drain on our resources (but worthwhile since it makes Nmap so much better) is now helping to fund the Nmap project. The Npcap OEM program has also helped ensure Npcap’s stability by deploying it on some of the fastest networks at some of the largest enterprises in the world. Npcap 1.00 is now available for download from https://npcap.org. Even though I failed to actually announce recent Npcap releases (we’ve made 15 in the last year), you can read about those dozens of performance improvements, bug fixes, and feature enhancements at https://npcap.org/changelog. I’d like to thank Daniel Miller (@bonsaiviking on Github and Twitter) for doing most of the Npcap dev work in recent years, and Yang Luo (@hsluoyz) for all of his help in the early years. It turns out that Windows kernel development is hard work (LOL), so Npcap has taken a huge amount of our time recently. We’ve made many Nmap improvements in Github, but haven’t had a formal Nmap release since last year’s Defcon. I’m happy to report that is about to change. We’re hoping to finish a new Nmap release this week with all of the accumulated changes plus of course Npcap 1.00! And now that Npcap has proven itself extremely stable, we are turning more of our attention to Nmap proper. Stay tuned! Cheers, Gordon “Fyodor” Lyon
