Installing Npcap on my machine causes all Wi-Fi access to be limited connectivity.

[therealjumbo]

On several different Windows 7 laptops, once I install Npcap, my Wi-Fi access fails, Windows displays that the Wi-Fi network has 'limited connectivity.'

I can reproduce the issue with both npcap-nmap-0.07 and npcap-nmap-0.06-r4. As far as I can tell, it doesn't matter which install time options I select, it happens regardless. Installing Npcap is the only step necessary to reproduce. It has happened on every machine I've tried. Has anybody else not seen this issue? Has anyone else seen this issue? The correct behavior I expect is that the Wi-Fi access does not fail with the 'limited connectivity' message. The correct behavior I also expect is that I'm able to disable the Npcap driver on a specific wireless interface. For an example of what I mean, see the link below. That is my workaround, but it doesn't work with the latest release.

I came up with a very weird workaround to restore Wi-Fi access without uninstalling Npcap, but it requires you to use npcap-nmap-0.06-r4. You can see my procedure here: superuser

I can produce logs if necessary, but I don't know what your looking for.

[hsluoyz]

Hi @therealjumbo,

On several different Windows 7 laptops, once I install Npcap, my Wi-Fi access fails, Windows displays that the Wi-Fi network has 'limited connectivity.'

You said it doesn't matter which install time options I select, but I still need to warn that **Don't check on the Support raw 802.11 traffic (and monitor mode) for wireless adapters option. You can also check OFF the Support loopback traffic ("Npcap Loopback Adapter" will be created) option if you like. So only the last installation option is remaining.

I can reproduce the issue with both npcap-nmap-0.07 and npcap-nmap-0.06-r4.

Could you please try other installers? like Npcap 0.05, if 0.05 is bad, then 0.04, 0.03. I should know what I mean. If this is a bug introduced in a specific version, I want to know which version Npcap actually introduced it.

It has happened on every machine I've tried. Has anybody else not seen this issue? Has anyone else seen this issue?

Unfortunately, it doesn't happen to my machines, a physical host and several VMware VMs. And no other people report this issue to me for now. So I believe it's some kind of compatible issue on your side.

Have you installed any anti-virus, firewall, VPN softwares? They can mess with Npcap. So please uninstall them, reboot, then try Npcap again. (if you know how to stop a driver uisng the "net stop XXX" command, you can do this step without uninstalling).

I came up with a very weird workaround to restore Wi-Fi access without uninstalling Npcap, but it requires you to use npcap-nmap-0.06-r4. You can see my procedure here: superuser

It's weird, I can do your step 4 in Npcap 0.07.

And there is a commit (https://github.com/nmap/npcap/commit/f64b3f4ee72f253768c261e2aae60975f8c54510) that may influence this behavior possibly. This commit is between Npcap 0.06 r7 and Npcap 0.06 r8. So I suggest you test these two versions to see if they can do your step 4.

Cheers, Yang

[therealjumbo]

Have you installed any anti-virus, firewall, VPN softwares? They can mess with Npcap.

After some trial and error, I found that all software from the company "Avaya" needs to be removed. Once that software is removed, everything works as expected thus far. Both my Wi-Fi connections and my Npcap with Loopback and Wireshark. This is a corporate laptop, so I can't remove anything and everything like the anti-virus software, but I can remove the Avaya software and everything works, so I consider that to be good enough.

I made sure I did not check the Support raw 802.11 traffic (and monitor mode) for wireless adapters option.

[therealjumbo]

Why do you say to leave the Support raw 802.11 traffic (and monitor mode) for wireless adapters option unchecked? Is that feature unfinished or was that just a debugging recommendation?

[hsluoyz]

Hi @therealjumbo,

After some trial and error, I found that all software from the company "Avaya" needs to be removed.

That software is also network related. It uses the same technique as Npcap and can mess up with Npcap.

Why do you say to leave the Support raw 802.11 traffic (and monitor mode) for wireless adapters option unchecked? Is that feature unfinished or was that just a debugging recommendation?

Because it's still not that perfect. And Windows forbids Npcap to send raw 802.11 packets. So if you checked that option, the softwares using Npcap to send packets (like Nmap) probably won't work. This is why I unchecked it for now.

[therealjumbo]

Hi @hsluoyz, thanks for the update. You can close this issue if you want since I figured out a workaround and there's probably no way to fix Npcap to avoid the issue. You could compile a list of programs that mess up Npcap and shouldn't be present on the system, and these programs would be a good place to start. If you want to do that, reply here and I'll find the names of the exact programs. Otherwise just close this issue.

[hsluoyz]

Hi @therealjumbo

It's an interesting idea to make an incompatible list for Npcap. I support it. You can list some software you know having this issue, and I will list them on the main page later. Thanks for this advice:)

[therealjumbo]

The programs I had trouble with:

• Avaya Collaboration Services
• Avaya Collaboration Services x64
• Avaya UCA Type Library

After I removed these the problem went away. Thanks for your help @hsluoyz.

[hsluoyz]

Hi,

I have added the list, see: https://github.com/nmap/npcap/commit/86decca63e9b1ec82586c62315410e4687ea2707

[hsluoyz]

Hi @therealjumbo,

I forgot to ask, Does original WinPcap 4.1.3 work with the Avaya software?

[therealjumbo]

Yes I'm pretty sure it does.

The use case we are trying to solve with Npcap is this: we have a device that implements a special wireless networking interface that Windows doesn't recognize as a network interface. The device is plugged in over USB. We have software from the manufacturer of this device that will forward the packets from the network onto a pipe, file, or socket in Windows. A socket is best because then I get correct timestamps, which allows me to correlate packet times with event logs from the devices themselves. So what I want to use Npcap for is for loopback.

I use the manufacturers software to forward their packets to the loopback interface created by Npcap. (Actually to the static IP I assign to that interface). Then I have Wireshark listen on that interface and I get the packets into Wireshark with the correct timestamps since they came in on a socket.

So if I use WinPCap, I need to use a pipe from the manufacturers software and not a socket. Then I need to make Wireshark listen on that pipe. As far as I can tell this works fine out of the box, with the Avaya software, but my timestamps are all junk.

[therealjumbo]

I forgot to mention, the failure in step nmap/nmap#4 of my workaround, was not due to a different version of Npcap. I'm pretty sure it's simply due to a change in the Avaya software that was pushed by the corporate IT department.

[hsluoyz]

I use the manufacturers software to forward their packets to the loopback interface created by Npcap. (Actually to the static IP I assign to that interface).

One thing need to clarify, the static IP of Npcap Loopback Adapter (something like 169.254.x.x) is not used by Npcap. In fact, you can forward the packets to any local IP (like an IP of the Ethernet adapter). Npcap Loopback Adapter will see that traffic too, not just the 169.254.x.x IP.

So if I use WinPCap, I need to use a pipe from the manufacturers software and not a socket. Then I need to make Wireshark listen on that pipe. As far as I can tell this works fine out of the box, with the Avaya software, but my timestamps are all junk.

WinPcap and Npcap are based on different models. WinPcap is NDIS 5 and Npcap is NDIS 6. A NDIS 5 software doesn't quite conflict with a NDIS 6 software. So it can be expected that WinPcap doesn't have the compatible issue with Avaya software.

And I'm a little confused. Is the manufacture software the same with the Avaya software? I hope not. Have your issue solved by removing Avaya software?

[therealjumbo]

In fact, you can forward the packets to any local IP (like an IP of the Ethernet adapter). Npcap Loopback Adapter will see that traffic too, not just the 169.254.x.x IP.

Good to know.

Is the manufacture software the same with the Avaya software? I hope not. Have your issue solved by removing Avaya software?

The manufacturer is not Avaya. The manufacturer is Texas Instruments. The issue was solved for a short while by simply removing all Avaya software. However, the issue came back after my machine downloaded some mandatory updates from corporate IT, but my old workaround works again. I think the workaround broke when Avaya's software was updated.

[hsluoyz]

The manufacturer is not Avaya. The manufacturer is Texas Instruments. The issue was solved for a short while by simply removing all Avaya software. However, the issue came back after my machine downloaded some mandatory updates from corporate IT, but my old workaround works again. I think the workaround broke when Avaya's software was updated.

OK. So weird.. Let me know if you find any more incompatible softwares:)

[pmthompson]

I just experienced the same loss of wi-fi connectivity after running the Windows 7.30 installer (https://nmap.org/dist/nmap-7.30-setup.exe). I don't recall which install options I selected. Loss of connectivity only affects wi-fi -- I was using wired fine without a problem. This is on a Dell M4800 with Intel AC-7260, driver is from Intel ver 18.33.0.2 1/28/2016. Sorry I don't have time to troubleshoot. Uninstalling npcap restored wi-fi.

[hsluoyz]

@pmthompson Please provide your DiagReport to me, thanks!

[silk42]

Hello there. Same problem here. Since I've installed nmap+npcap I'm unable to connect to ANY wifi network. I also tried with an additional usb wifi dongle with no success. Win 7 Ent 64bit English Disinstalling nmap+npcap won't work, neither would disabling the protocol driver fro the network. I've also already checked for restore points with no luck. I'm stuck. Any hints?

[keithjones73]

I have the same problem with a fresh install of nmap 7.31 on a new ThinkPad P50. I am unable to join any wireless network including a Cisco WLC/LAP network, an iPhone hotspot, and a public xfinity hotspot. The client associates but never receives a DHCP address. I am using the built-in Windows 7 wireless client. Wired connectivity was not impacted. I had to uninstall nmap and the npcap library to be able to use my laptop over wireless again. I then installed nmap 7.12 with the winpcap library and have no further problems with this older release.

[hsluoyz]

@keithjones73 , please install the latest Npcap 0.10-r12 version, and provide your DiagReport to me, thanks!

[toriaezunama]

I am having the same problem with Npcap 0.10-r12 on a Windows 7 laptop.

once I install Npcap, my Wi-Fi access fails, Windows displays that the Wi-Fi network has 'limited connectivity.'

DiagReport-20161102-103355.txt

[richrumble]

Same. Removing npcap from add/remove programs works. Only affects WiFi adapter, no Avaya or TI here. Installed 7.31 stable, breaks two different LT's wifi cards. Uninstall, reboot, works fine.

[hsluoyz]

@therealjumbo , I didn't see any incompatible software in your DiagReport. I will look into this issue.

Please try net stop npcap and net stop npf to see if the issue is fixed?

[hsluoyz]

This issue should have been fixed in latest Npcap `0.10 r15. Please try it at: https://github.com/nmap/npcap/releases

[hsluoyz]

As there's no further feedback, I assume it has been fixed and close the issue for now.

[toriaezunama]

I haven't had a chance to check it yet. I'll try it tomorrow and let you know. Thanks.

[toriaezunama]

Just tested with 0.10 r18 and the problem is fixed. Thanks for the quick response.

[hsluoyz]

I want to explain a little about the fix: https://github.com/nmap/npcap/commit/c8d805b1725a3807c5435c9bf6a155b9deb39794 to this issue here.

This commit only means that Npcap driver doesn't forward any OID_GEN_CURRENT_PACKET_FILTER request for a wireless adapter. Because I tested, any packet filter setting on a wireless adapter would cause https://github.com/nmap/nmap/issues/373. And Nmap or Wireshark will try to set it every time it runs, so the user feels it.

Currently, the only packet filter supported by Npcap/WinPcap/libpcap is the promiscuous mode. T he promiscuous mode is a very useful tool to capture all traffic on Ethernet. However, its meaning for a wireless adapter is obscure or even harmful. As https://wiki.wireshark.org/CaptureSetup/WLAN said:

If you experience any problems capturing packets on WLANs, try to switch promiscuous mode off.

In fact, if you want to capture "all possible" traffic on a wireless adapter, you usually use the "monitor mode" instead of the promiscuous mode. "monitor mode" means you don't connect to any Wi-Fi hotspot and try to "sniff" all traffic in the air. And "monitor mode" is one of the features supported by Npcap.

So we can see that we actually don't need promiscuous mode on a wireless adapter, so we don't need to send the OID_GEN_CURRENT_PACKET_FILTER request. Since it also causes bad things like https://github.com/nmap/nmap/issues/373, I think we should just disable it in the driver. This change won't hurt or any existing functions or software. Besides this patch, I also attempted to confirm this interesting issue with Jeffery from Microsoft on Stackoverflow here: http://stackoverflow.com/questions/40434620/why-does-my-ndis-lwf-cause-loss-of-wifi-connectivity-for-90-100-seconds but not received feedback yet.

Personally, I think the story in Wireshark Wiki has a big possibility to be the cause: a wireless adapter (or its driver) just doesn't like any OID_GEN_CURRENT_PACKET_FILTER request.

[pmthompson]

Sorry @hsluoyz, I do not know how to get a diagreport.

I just downloaded and installed nmap 7.31. I'll verify wifi connectivity when I get some time.

Question: page "https://github.com/nmap/npcap/releases" shows npcap version 0.78 and version 0.11. Those version numbers are drastically different. Where are versions 0.12 - 0.77 ?? Do I want 0.78 or 0.11 or one of the many 0.10 rxx versions??

Thanks in advance.

[hsluoyz]

@pmthompson ,

Sorry hsluoyz, I do not know how to get a diagreport.

Please refer to: https://github.com/nmap/npcap#diagnostic-report

I just downloaded and installed nmap 7.31. I'll verify wifi connectivity when I get some time.

The Npcap in Nmap 7.31 is out-dated. Please get latest Npcap at: https://github.com/nmap/npcap/releases

Question: page "https://github.com/nmap/npcap/releases" shows npcap version 0.78 and version 0.11. Those version numbers are drastically different. Where are versions 0.12 - 0.77 ?? Do I want 0.78 or 0.11 or one of the many 0.10 rxx versions??

Absent extraordinary circumstances, you should always use the latest Npcap version. Nmap decided the current Npcap code is 78% mature. Since 1.0 means 100% mature, we just jump the version from 0.11 to 0.78.

[cmundi]

Confirmed: wifi connectivity issue is resolved in npcap 0.78

[Geo-Ron]

Currently experiencing Wi-Fi issue with npcap 0.78r5. Silent installed, no extra parameters used. Any tips?

The issue occurs after the first reboot of the machine. Attached the diag report : DiagReport-20161227-092122.txt

NET STOP NPCAP doesn't change the behavior. Tried 0.78r4 and the effect is still the same.

Uninstall and reboot fixes everything Note: NPCAP loopback adapter wasn't removed, had to do this manually

[frinks22]

Add that problem, after the installation of nmap 7.40 with npcap 0.78, when connecting via wifi. Do not receive dhcp. Packets are sent from nic but do not receive any packet. Tried to uninstalled and install npcap 0.80 and the problem persists. Disabled on the wifi nic the npcap packet driver, disabled the nic and enable and the nic starts to work OK, so the problem is with npcap. My wifi nic is an Atheros AR9002WB-1NG.

[zandr14]

The same issue is with 0.80. Log is attached. The only partially workable solution is to install with boot option turned off (logs are with that option) and then start npf and npcap manually, but after the required work it needs to uninstall all the stuff or reboot the box, otherwise i loose wifi forever after, for example, hibernation. Tried on two different boxes with Win 7 SP1. Note: Win10pcap installs and works ok, though it lacks some functionality against npcap, e.g. on one of my box it doesn't see WiFi adapters.

DiagReport-20170208-181039.txt install.txt NPFInstall.txt loadorder.txt

[Varunram]

@dmiller-nmap @hsluoyz Do take a look at this

[willrhodespgparks]

I am having the same experience. 0.78-r5 and 0.80 break my wifi

[dmiller-nmap]

@zandr14 @willrhodespgparks @frinks22 Have you installed with 802.11 WiFi capture on? Does reinstalling without this feature fix the issue?

[zandr14]

@dmiller-nmap Already tried with both off/on. The same effect.

[willrhodespgparks]

Same for me. I've installed it with capture on and off.

[dmiller-nmap]

Since the originally reported issue has been fixed, I am moving further discussion regarding limited/no WiFi connectivity affecting Npcap 0.78r5 and later to nmap/npcap#443.

[dmiller-nmap]

Anyone still affected by this or similar connectivity problems, please try Npcap 0.90 and report if it fixes this issue. Thanks!