Closed fyodor closed 3 years ago
We should probably still have an option which prevents DLL install in C:\Windows\System32\ just in case someone needs that.
Removing npf.sys done in nmap/npcap@1453cabc8e5f84d0df8b63b8ed875160d3456df6
Still need to evaluate how the /winpcap_mode option will be handled.
This is done in Npcap 0.9985.
Right now Npcap "native" mode installs DLLs in the Windows\System32\Npcap directory so they don't conflict with an existing WinPcap install in Windows\System32 and it also uses a different driver (named 'npcap') so it doesn't conflict with an existing WinPcap driver (named 'npf'). If you specify Winpcap-compatible mode, Npcap also copies the wpcap.dll and packet.dll into System32 (where WinPcap puts them) and also runs a copy of the driver named npf.
All of this effort to avoid conflicting with WinPcap was more important back when it was a (purportedly) active project. But the last WinPcap release (4.1.3) was in 2013 and they officially abandoned the project in 2018. So enabling both Npcap and WinPcap to be installed and used at the same time on a system is arguably less important now as we approach 2020.
Therefor we might consider just consolidating to one driver (probably 'npcap', though 'npf' is an option) and putting the DLLs in both places so that software currently using either location continues to work. Then we could remove the 'Winpcap compatible' mode option because it would always work in both locations.