can't find Npcap Loopback Adapter

[Donaldhan]

I install wireshark(Wireshark_win32_2.2.1.0) and nmap-7.50. During installing the nmap, choosed the following items: 1.support loopback traffic（"Npcap Loopback adapter" will be created）
2.install npcap in winpcap api-compat mode but, can't find Npcap Loopback Adapter, for Wireshark is 32bit(os is 64bit)

[hsluoyz]

Please open the About page of Wireshark, copy its content here. It should be something like:

Version 2.2.7 (v2.2.7-0-g1861a96)

Copyright 1998-2017 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8, with
WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares
1.12.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT
Kerberos, with GeoIP, with PortAudio V19-devel (built Jun  1 2017), with
AirPcap.

Running on 64-bit Windows 10, build 14393, with locale English_United
States.1252, without WinPcap, with GnuTLS 3.2.15, with Gcrypt 1.6.2, without
AirPcap.
Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz (with SSE4.2), with 32681MB of
physical memory.

Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

[Donaldhan]

Version 2.2.1 (v2.2.1-0-ga6fbd27 from master-2.2)

Copyright 1998-2016 Gerald Combs gerald@wireshark.org and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (32-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with WinPcap (4_1_3), with GLib 2.38.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 4 2016), with AirPcap.

Running on 64-bit Windows 10, build 14393, with locale Chinese (Simplified)_China.936, with Npcap version 0.91, based on libpcap version 1.8.1, with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz (with SSE4.2), with 8089MB of physical memory.

Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

[hsluoyz]

1. Download the latest Npcap 0.92 from nmap.org and try again.
2. Don't install npcap in winpcap api-compat mode. Wireshark can adapt well without that option.

[Donaldhan]

later，will try ，tk

[Donaldhan]

Version 2.2.7 (v2.2.7-0-g1861a96)

Copyright 1998-2017 Gerald Combs gerald@wireshark.org and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.12.16, with Pango 1.36.8, with WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.8, with SMI 0.4.8, with c-ares 1.12.0, with Lua 5.2.4, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Jun 1 2017), with AirPcap.

Running on 64-bit Windows 10, build 14393, with locale Chinese (Simplified)_China.936, with Npcap version 0.92, based on libpcap version 1.8.1, with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz (with SSE4.2), with 8089MB of physical memory.

Built using Microsoft Visual C++ 12.0 build 40629

Wireshark is Open Source Software released under the GNU General Public License.

Check the man page and http://www.wireshark.org for more information.

[Donaldhan]

not ok

[hsluoyz]

Please provide NPFInstall.log.

[dmiller-nmap]

@Donaldhan Can you check whether the Basic Filtering Engine (BFE) service is running? See nmap/nmap#802

[Donaldhan]

@dmiller-nmap ，#802，i have seen, my BFE service is running!

[Donaldhan]

@hsluoyz my NPFInstall.log:

NPFInstall.txt

any question ? from the log ,LoopbackAdapter was installed, not sure, install rightly, as if npcap install twice?

[hsluoyz]

The install of loopback adapter failed, see the UpdateFn failed: 103 line.

[00003220] 2017-06-29 17:32:35 --> wmain
[00003220] 2017-06-29 17:32:35     _tmain: executing, argv[0] = C:\Program Files\Npcap\NPFInstall.exe.
[00003220] 2017-06-29 17:32:35     _tmain: executing, argv[1] = -n.
[00003220] 2017-06-29 17:32:35     _tmain: executing, argv[2] = -il.
[00003220] 2017-06-29 17:32:35 --> InstallLoopbackAdapter
[00003220] 2017-06-29 17:32:35 --> IsWindowsWin10
[00003220] 2017-06-29 17:32:35     GetVersionEx: osvi.dwMajorVersion = 10, expected value = 10.
[00003220] 2017-06-29 17:32:35 <-- IsWindowsWin10
[00003220] 2017-06-29 17:32:35 --> PrepareRenameLoopbackNetwork2
[00003220] 2017-06-29 17:32:35 --> snapshotInterfaceListBeforeInstall
[00003220] 2017-06-29 17:32:35 --> executeCommand
[00003220] 2017-06-29 17:32:35     executeCommand: executing, strCmd = netsh.exe interface show interface.
[00003220] 2017-06-29 17:32:37     executeCommand: result = 
管理员状态     状态           类型             接口名称
-------------------------------------------------------------------------
已启用            已断开连接          专用               以太网
已启用            已连接            专用               VMware Network Adapter VMnet1
已启用            已连接            专用               VMware Network Adapter VMnet8
已启用            已断开连接          专用               无线网络连接
已启用            已连接            专用               本地连接

.
[00003220] 2017-06-29 17:32:37 <-- executeCommand
[00003220] 2017-06-29 17:32:37 --> getInterfaceNamesFromNetshOutput
[00003220] 2017-06-29 17:32:37     getInterfaceNamesFromNetshOutput: executing, strInterfaceName = 以太网.
[00003220] 2017-06-29 17:32:37     getInterfaceNamesFromNetshOutput: executing, strInterfaceName = VMware Network Adapter VMnet1.
[00003220] 2017-06-29 17:32:37     getInterfaceNamesFromNetshOutput: executing, strInterfaceName = VMware Network Adapter VMnet8.
[00003220] 2017-06-29 17:32:37     getInterfaceNamesFromNetshOutput: executing, strInterfaceName = 无线网络连接.
[00003220] 2017-06-29 17:32:37     getInterfaceNamesFromNetshOutput: executing, strInterfaceName = 本地连接.
[00003220] 2017-06-29 17:32:37 <-- getInterfaceNamesFromNetshOutput
[00003220] 2017-06-29 17:32:37 <-- snapshotInterfaceListBeforeInstall
[00003220] 2017-06-29 17:32:37 <-- PrepareRenameLoopbackNetwork2
[00003220] 2017-06-29 17:32:37 --> InstallLoopbackDeviceInternal
[00003220] 2017-06-29 17:32:37 --> GetLoopbackINFFilePath
[00003220] 2017-06-29 17:32:37     SHGetSpecialFolderPath: succeed, strLoopbackInfPath = C:\WINDOWS\inf\netloop.inf.
[00003220] 2017-06-29 17:32:37 <-- GetLoopbackINFFilePath
[00003220] 2017-06-29 17:32:37 --> cmdInstall
[00003220] 2017-06-29 17:32:38 --> getIntDevID
[00003220] 2017-06-29 17:32:38     _stscanf_s: iMatched = 1, iDevID = 5.
[00003220] 2017-06-29 17:32:38 <-- getIntDevID
[00003220] 2017-06-29 17:32:38 --> cmdUpdate
[00003220] 2017-06-29 17:32:38     UpdateFn failed: 103
[00003220] 2017-06-29 17:32:38     cmdUpdate: failcode = 2.
[00003220] 2017-06-29 17:32:38 <-- cmdUpdate
[00003220] 2017-06-29 17:32:38     cmdInstall: failcode = 2.
[00003220] 2017-06-29 17:32:38 <-- cmdInstall
[00003220] 2017-06-29 17:32:38     cmdInstall: error.
[00003220] 2017-06-29 17:32:38 <-- InstallLoopbackDeviceInternal
[00003220] 2017-06-29 17:32:38     InstallLoopbackDeviceInternal: error.
[00003220] 2017-06-29 17:32:38 <-- InstallLoopbackAdapter
[00003220] 2017-06-29 17:32:38     _tmain: error, nStatus = -1.
[00003220] 2017-06-29 17:32:38 <-- wmain

[hsluoyz]

It seems that UpdateDriverForPlugAndPlayDevices() failed with ERROR_NO_MORE_ITEMS. From the MSDN here, it said:

The function found a match for the HardwareId value, but the specified driver was not a better match than the current driver and the caller did not specify the INSTALLFLAG_FORCE flag.

I'm not sure what it means.

Could you please try Dan's method: check whether the Basic Filtering Engine (BFE) service is running? See nmap/nmap#802

[dmiller-nmap]

We definitely use INSTALLFLAG_FORCE. It appears this error can occur when there is an error in the .inf file so that it does not match the device.

@Donaldhan Can you copy and paste the lines from C:\Windows\INF\setupapi.dev.log that begin with >>> [Device Install (UpdateDriverForPlugAndPlayDevices) - *msloop] and end with <<< [Exit status:? Thanks!

[Donaldhan]

@hsluoyz my BFE Service is running

[Donaldhan]

@dmiller-nmap

file ： C:\Windows\INF\setupapi.dev.log as following：

[Device Install (UpdateDriverForPlugAndPlayDevices) - *msloop]

Section start 2017/06/29 17:32:38.156 cmd: "C:\Program Files\Npcap\NPFInstall.exe" -n -il ndv: INF path: C:\WINDOWS\inf\netloop.inf ndv: Install flags: 0x00000001 ndv: {Update Device Driver - ROOT\NET\0001} ndv: Search options: 0x00000080 ndv: Searching single INF 'C:\WINDOWS\inf\netloop.inf' dvi: {Build Driver List} 17:32:38.170 dvi: Searching for hardware ID(s): dvi: msloop ! inf: Unable to load INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'(00000003) ! inf: Error 3: The system cannot find the path specified. !!! inf: Could not load INF 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'. !!! inf: Error 3: The system cannot find the path specified. dvi: {Build Driver List - exit(0x00000000)} 17:32:38.176 ! ndv: No matching drivers found in single INF dvi: {DIF_SELECTBESTCOMPATDRV} 17:32:38.177 dvi: Default installer: Enter 17:32:38.178 dvi: {Select Best Driver} ! dvi: Selecting driver failed(0xe0000228) dvi: {Select Best Driver - exit(0xe0000228)} ! dvi: Default installer: failed! ! dvi: Error 0xe0000228: There are no compatible drivers for this device. dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 17:32:38.182 ! ndv: Unable to select best compatible driver. Error = 0xe0000228 ndv: No drivers found for device. ndv: {Update Device Driver - exit(00000103)} ! ndv: No better matching drivers found for device 'ROOT\NET\0001'. ndv: {Update Device Driver - ROOT\NET\0002} ndv: Search options: 0x00000080 ndv: Searching single INF 'C:\WINDOWS\inf\netloop.inf' dvi: {Build Driver List} 17:32:38.189 dvi: Searching for hardware ID(s): dvi: msloop ! inf: Unable to load INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'(00000003) ! inf: Error 3: The system cannot find the path specified. !!! inf: Could not load INF 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'. !!! inf: Error 3: The system cannot find the path specified. dvi: {Build Driver List - exit(0x00000000)} 17:32:38.194 ! ndv: No matching drivers found in single INF dvi: {DIF_SELECTBESTCOMPATDRV} 17:32:38.196 dvi: Default installer: Enter 17:32:38.197 dvi: {Select Best Driver} ! dvi: Selecting driver failed(0xe0000228) dvi: {Select Best Driver - exit(0xe0000228)} ! dvi: Default installer: failed! ! dvi: Error 0xe0000228: There are no compatible drivers for this device. dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 17:32:38.201 ! ndv: Unable to select best compatible driver. Error = 0xe0000228 ndv: No drivers found for device. ndv: {Update Device Driver - exit(00000103)} ! ndv: No better matching drivers found for device 'ROOT\NET\0002'. ndv: {Update Device Driver - ROOT\NET\0003} ndv: Search options: 0x00000080 ndv: Searching single INF 'C:\WINDOWS\inf\netloop.inf' dvi: {Build Driver List} 17:32:38.206 dvi: Searching for hardware ID(s): dvi: msloop ! inf: Unable to load INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'(00000003) ! inf: Error 3: The system cannot find the path specified. !!! inf: Could not load INF 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'. !!! inf: Error 3: The system cannot find the path specified. dvi: {Build Driver List - exit(0x00000000)} 17:32:38.213 ! ndv: No matching drivers found in single INF dvi: {DIF_SELECTBESTCOMPATDRV} 17:32:38.214 dvi: Default installer: Enter 17:32:38.215 dvi: {Select Best Driver} ! dvi: Selecting driver failed(0xe0000228) dvi: {Select Best Driver - exit(0xe0000228)} ! dvi: Default installer: failed! ! dvi: Error 0xe0000228: There are no compatible drivers for this device. dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 17:32:38.219 ! ndv: Unable to select best compatible driver. Error = 0xe0000228 ndv: No drivers found for device. ndv: {Update Device Driver - exit(00000103)} ! ndv: No better matching drivers found for device 'ROOT\NET\0003'. ndv: {Update Device Driver - ROOT\NET\0004} ndv: Search options: 0x00000080 ndv: Searching single INF 'C:\WINDOWS\inf\netloop.inf' dvi: {Build Driver List} 17:32:38.225 dvi: Searching for hardware ID(s): dvi: msloop ! inf: Unable to load INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'(00000003) ! inf: Error 3: The system cannot find the path specified. !!! inf: Could not load INF 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'. !!! inf: Error 3: The system cannot find the path specified. dvi: {Build Driver List - exit(0x00000000)} 17:32:38.231 ! ndv: No matching drivers found in single INF dvi: {DIF_SELECTBESTCOMPATDRV} 17:32:38.232 dvi: Default installer: Enter 17:32:38.233 dvi: {Select Best Driver} ! dvi: Selecting driver failed(0xe0000228) dvi: {Select Best Driver - exit(0xe0000228)} ! dvi: Default installer: failed! ! dvi: Error 0xe0000228: There are no compatible drivers for this device. dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 17:32:38.237 ! ndv: Unable to select best compatible driver. Error = 0xe0000228 ndv: No drivers found for device. ndv: {Update Device Driver - exit(00000103)} ! ndv: No better matching drivers found for device 'ROOT\NET\0004'. ndv: {Update Device Driver - ROOT\NET\0005} ndv: Search options: 0x00000080 ndv: Searching single INF 'C:\WINDOWS\inf\netloop.inf' dvi: {Build Driver List} 17:32:38.242 dvi: Searching for hardware ID(s): dvi: *msloop ! inf: Unable to load INF: 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'(00000003) ! inf: Error 3: The system cannot find the path specified. !!! inf: Could not load INF 'C:\WINDOWS\System32\DriverStore\FileRepository\netloop.inf_amd64_818d00c16de7dfdc\netloop.inf'. !!! inf: Error 3: The system cannot find the path specified. dvi: {Build Driver List - exit(0x00000000)} 17:32:38.248 ! ndv: No matching drivers found in single INF dvi: {DIF_SELECTBESTCOMPATDRV} 17:32:38.250 dvi: Default installer: Enter 17:32:38.251 dvi: {Select Best Driver} ! dvi: Selecting driver failed(0xe0000228) dvi: {Select Best Driver - exit(0xe0000228)} ! dvi: Default installer: failed! ! dvi: Error 0xe0000228: There are no compatible drivers for this device. dvi: {DIF_SELECTBESTCOMPATDRV - exit(0xe0000228)} 17:32:38.256 ! ndv: Unable to select best compatible driver. Error = 0xe0000228 ndv: No drivers found for device. ndv: {Update Device Driver - exit(00000103)} ! ndv: No better matching drivers found for device 'ROOT\NET\0005'. ! ndv: No devices were updated. <<< Section end 2017/06/29 17:32:38.265 <<< [Exit status: FAILURE(0x00000103)] from above，the file netloop.inf cann't find , is the reason

[dmiller-nmap]

@Donaldhan Does C:\WINDOWS\inf\netloop.inf exist on your system?

[Donaldhan]

@dmiller-nmap yep.

[dmiller-nmap]

The Npcap Loopback Adapter was known to cause problems with some software, so we removed the need for it in Npcap 0.9983, released today. Be sure to deselect (un-check) the "Legacy loopback support" to get the new loopback capture support without cluttering up the list of real network adapters. Let us know how it works for you.