npcap0.86 : when winpcap installed then winpcap_mode cmdline param is not respected

[Paqi]

When I attempt a silent install of npcap like so:

npcap-0.86.exe /S /winpcap_mode=yes

the wincap_mode param is not respected.

I'm trying to use Elasticsearch Packetbeat on that machine, and after my attempted installation, it complains about wpcap.dll being missing from the machine. When I run npcap-0.86.exe and check "Install Ncap in WinPcap API-Compatible mode", Packetbeat no longer complains about missing the wpcap.dll.

[dmiller-nmap]

Thanks for this report! Can you provide the \Program Files\Npcap\install.log file that was created when you did the silent install? We'll try to reproduce here, too, but this is the surest way of debugging your issue.

[dmiller-nmap]

@rabrahamOpti I tried it here, and it looks like wpcap.dll and Packet.dll are properly installed in %SYSTEMROOT%, which should make them available to any program that wants to use them. In addition to the install.log (which you'll have to rename to install.txt before Github will allow you to upload) could you also run DiagReport.bat and attach the resulting DiagReport-*.txt file? This will check the expected files and registry settings.

[Paqi]

Thanks for spending the time @dmiller-nmap

Attached are four files (two sets of install and DiagReport files). Here's what I did:

• I verified npcap was not installed on the machine.
• I ran npcap-0.86.exe /S /winpcap_mode=yes
• I verified that attempting to run packetbeat resulted in an error about a missing wpcap.dll.
• I grabbed the install.log and DiagReport file, copied and saved them as Silentinstall.txt and SilentDiagReport-20170518-162138.txt respectively. (They're attached)
• I ran npcap-0.86.exe, which opened the GUI installer, and checked off "Install Ncap in WinPcap API-Compatible mode"
• I grabbed the install.log and DiagReport file, copied and saved them as GUIinstall.txt and GUIDiagReport-20170518-162633.txt respectively. (They're attached)
• I verified that I was able to successfully run packetbeat.

I did a diff of Silentinstall.txt and GUIinstall.txt. It looks like the installer just appended to install.log when I reinstalled via the GUI.

I also did a diff of the two DiagReports. There were several differences, including WinPcapCompatible being set to 1 in the GUI report, and 0 in the silent install report.

Let me know if you could use more information.

Thanks!

GUIDiagReport-20170518-162633.txt GUIinstall.txt SilentDiagReport-20170518-162138.txt Silentinstall.txt

[dmiller-nmap]

I am really sorry, but I can't reproduce this error or find what may be going wrong. The log appears to show that the .onInit function is not being executed, but that doesn't make sense and I can't make it happen here. Did you previously have WinPcap installed? What version? Does this happen on other systems?

[Paqi]

The machine I'm having trouble with is an Azure Cloud Instance running Windows Server 2012 r2. I attempted a clean deploy of the cloud instance VMs (so no state persists), and encountered the same problem.

I do not have this problem on a local VM running Windows 10. Is Windows Server 2012 R2 supported?

[Paqi]

I did the same procedure I outlined above, except this time I uninstalled between the commandline attempt and the GUI attempt. I also deleted the install.log from the initial install attempt. Below are the two resulting install.log files, just in case diffing them would be useful.

commandLineInstall.txt GuiInstall2.txt

[Paqi]

I came back to trying to debug this, and I can no longer recreate this issue on my Azure Cloud Instance. There must have been something in the instance's environment that was causing problems for the installer, which may have went away during an update pushed by Microsoft.

In any case, I'm closing the issue. Thanks for looking into it.