Npcap breaks wifi stack on Win7

[zhouska]

I have been pulling my hair our for the past 24 hours. It turns out Npcap v0.82 when installed on a fresh install (SP1) of Win7 (x64) or fully patched Win7 (x64) install completely breaks any and all wifi functionality. Tried it on WPA2 only SSIDs with a few different USB cards (MS stock drivers or drivers from vendor) so far. The result is always the same. Wifi comes back to senses once Npcap is uninstalled.

[Varunram]

Does installing previous versions of Npcap cause the same issue?

[dmiller-nmap]

@zhouska Thanks for the report. Can you be very specific about what is broken? We've gotten a few other reports (e.g. nmap/nmap#610) of limited connectivity, but you sound like you're describing something bigger. Here's a series of questions we'd like answers to:

1. Please attach output from DiagReport.bat and the NPFInstall.log from \Program Files\Npcap\
2. Are you able to see any WiFi networks (SSIDs), or is discovery completely broken?
3. Does Windows attempt to join the networks, or is it completely unresponsive?
4. Does Windows think that it has joined a network, but has no connectivity, or does it report an error when joining?
5. If you installed with any of the extra options (Loopback, raw 802.11, or 802.1Q), does reinstalling without one of them fix the issue?

Thanks very much for your help. We want to make Npcap as stable as possible for everyone!

[zhouska]

@dmiller-nmap Sorry, I should have been more specific about the issue. See my comments below:

1. See the attachment
2. I see every SSID within my reach (depends on the Wifi card I use)
3. When I attempt to join a specific SSID, it fails with an error message "WIndows was unable to connect to XXX"
4. No, I'm unable to join the network, plain and simple
5. I have selected the raw 802.11, DOT1Q, loopback, autostart and compatibility mode. I have established by trial and error that raw 802.11 option is causing the problem. The event viewer shows following reason "The specific network is not available" (Event 8002)

[zhouska]

@dmiller-nmap Snap, github won't let me to attach the files, even if I zip them together.

[Varunram]

@zhouska Could you push it to one of your repos and give a link here?

[dmiller-nmap]

@zhouska you have to rename the .log to .txt, then it ought to work. Sorry!

[dmiller-nmap]

Great, so you've narrowed it to the raw 802.11 WiFi capture portion. We will do our best to figure out what is wrong there, but at least by removing that, you should have full IP packet capture support, the same as WinPcap always had.

[dmiller-nmap]

@zhouska One more thing if you can: Run powershell.exe and provide the output of this command:

Get-WmiObject -Namespace root\wmi -List  | Where-Object {$_.name -Match “MSNdis” } | Sort-Object

An earlier fix for a similar issue ended up being tied to a particular NdisPhysicalMediumType, so this queries for all your interfaces and their types. Please do provide the DiagReport.txt even if Github won't let you upload the NPFInstall.log; it's a very important part of diagnostics.

[zhouska]

@dmiller-nmap Here is the output from powershell you asked for.

objects.txt

[zhouska]

@ Varunram Mea culpa, it should work now... DiagReport-20170303-163236.txt

NPFInstall.txt

[zhouska]

@dmiller-nmap @Varunram Tested it with v0.83 and raw 802.11 option selected. I get a pop up asking for security key now, but connections still fails (limited access). Version 0.82 had no pop up at all. SSID used is WPA2 with AES.

However, there seems to beat least one more issue present in Npcap:

it completely breaks connectivity to 802.1X enabled SSIDs (in my case PEAP), deselecting NPCAP/NPF doesn't help, only a complete uninstall will (I can replicate this one)

[oscaronactual]

Here's another one for you:

1) Files attached. 2) Can see and select all networks, but cannot join. 3) It attempts to join, with varying speed, but eventually states 'Windows cannot connect to X' and offers diag. 4) Does not join/fails. 5) Installs with Default (1 and 2). Installs with 1,2 and 5 (raw 802.11). Dies when I add option 6 (802.1Q)

DiagReport-20170308-173618.txt

install.txt

[oscaronactual]

Note. I did a re-install over top a 'broken-wifi' install and removed the 802.1Q option and wifi started working immediately.

[Varunram]

DiagReport-20170311-144634.txt NPFInstall.txt DiagReport-20170311-153342.txt NPFInstall.txt

Finally setup my Windows 7 environment and did a few tests

Setup: Windows 7 Ultimate SP1, 64 bit

1. Process 1 - Install with Raw 802.11, Raw 802.1Q: Fails
2. Process 2 - Install Raw 802.1Q: Works fine
3. Process 3 - Install 802.1Q and WinPcap: Works fine
4. Process 4 - Install 802.11 and WinPcap: Fails

Fail: Windows shows the box "Could not connect to ". The list of all available networks is visible though.

Works fine: Internet connectivity proceeds without any hassle (a small caveat to 802.1Q though)

Npcap 0.83

1. No change
2. No change
3. No change
4. No change

Here, we can infer that it is caused due to our Raw 802.11 feature. Well, moving on to other versions now

Npcap 0.80

1. No change
2. No change
3. No change
4. No change

Npcap 0.78r5

1. Installed with Raw 802.11, Raw 802.1Q and surprisingly, we can connect to a network
2. No change
3. No change
4. Can connect to a network

What's interesting is that the page takes some time to load initially in chrome after installing 802.1Q alone. Chrome says "Downloading proxy script". This might be system specific though.

[dmiller-nmap]

Please try Npcap 0.90 and report if it fixes this issue. Thanks!

[imsh]

I've installed Npcap 0.90 with 802.11 and WinPcap support and can confirm that wifi works. With Npcap ver 0.86 it wasn't.

[guyharris]

I've installed Npcap 0.90 with 802.11 and WinPcap support and can confirm that wifi works. With Npcap ver 0.86 it wasn't.

So can this now be closed?

[dmiller-nmap]

Since we have one report of this being fixed, we are closing this issue. If the issue still persists for @zhouska, @oscaronv1, or @Varunram after Npcap 0.99-r6, please open a new issue and reference this one.