Dangerous behavior with nmap/npcap silent install

[milesgratz]

During a silent installation of nmap or npcap, the default behavior is to automatically create the loopback adapter. This will temporarily disrupt network connectivity on a production server, and potentially break the network configuration altogether.

There are no parameters that can be passed to the Nullsoft install wizard besides /S and /D (installation directory), so the only alternative is to recompile the installer.

[milesgratz]

Nevermind, this is just poorly documented. I found the parameters in some of the code....

${GetParameters} $cmd_line ; $cmd_line = '/npf_startup=yes /loopback_support=yes /dlt_null=no /admin_only=no /dot11_support=no /vlan_support=no /winpcap_mode=no'

[dmiller-nmap]

Documentation for the Npcap Installer is in the Npcap Users' Guide, but we can improve how it is presented. Where would you expect to find this information?

Do you have specific examples of a system configuration where Npcap Loopback Adapter breaks network configuration? We would like to make Npcap as stable as possible.

[milesgratz]

Hi, I searched for quite a while in the following places but never found that User's Guide you linked:

• Dozens of Google Searches related to nmap / npcap silent installation
• github.com/nmap/npcap
• nmap.org/npcap/
• nmap.org/book/install.html (all links under Ch 2. Windows section)

I ended up finding the answer by searching for the word "silent" in the nmap GitHub issues and stumbled on Issue nmap/nmap#881 that references npcap-0.86.exe /S /winpcap_mode=yes. Did a string search through the source files for that specific phrase /winpcap_mode=yes which was how I ended up finding the additional parameters that can be passed to the installer.

I think it would make sense to offer more visibility on silent/automated installation on the GitHub readme. I write a lot of PowerShell automation and needed to automate a TCP traceroute from 150 servers located in different network zones. I wanted to automate the use of nmap (nmap -Pn --traceroute -p 445 destination.com) but couldn't afford to risk the default installation of the Loopback Adapter in our production environment. I'm not sure if it would have impacted the servers, but it did break the network configuration on my work laptop (although I'm not surprised since we have strict VPN settings.) A few automated installation examples might be nice as well, especially since Windows lacks the package management system that makes automating nmap on *nix so much easier.

My $0.02. Thanks!

[dmiller-nmap]

We are working on improving Npcap documentation. Silent installation is now a feature of Npcap OEM, which can be licensed for redistribution or for internal use by contacting sales@nmap.com . Thanks for helping us improve!