search

nmap / npcap

Nmap Project's Windows packet capture and transmission library
https://npcap.com
Other
2.91k stars 509 forks source link

Npcap silent installation inside windows container #570

Open gudipudipradeep opened 2 years ago

gudipudipradeep commented 2 years ago

I couldn't able to install silently inside the docker image. I am using free version of npcap. nmap-7.92-setup.exe @hsluoyz Please help on this to capture the packet inside the windows container. We tried tcpdump, winpcap, wireshark inside container but still we are getting issue to capture packets.

` ** (wireshark:1936) 14:10:05.456066 [GLib WARNING] -- Failed to determine console output code page: The system could not find the environment option that was entered.. Falling back to UTF-8 wireshark: Unable to load Npcap or WinPcap (wpcap.dll); you will not be able to capture packets.

In order to capture packets Npcap or WinPcap must be installed. See

    https://nmap.org/npcap/

for a downloadable version of Npcap and for instructions on how to install it.`

Dockerfile `ARG version=ltsc2019 FROM mcr.microsoft.com/windows/servercore:$version

ENV chocolateyUseWindowsCompression false

RUN powershell -Command \ iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1')); \ choco feature disable --name showDownloadProgress COPY tcpdump.exe C:/tcpdump.exe COPY WinDump.exe C:/WinDump.exe RUN choco install -y wireshark RUN choco install -y winpcap `

A-Pisani commented 2 years ago

As far as I know in Windows containers there is no need to install the Npcap driver, it is sufficient to have it installed in the host.

You may simply want to copy the DLLs wpcap.dll and Packet32.dll inside the container as it is done in the host. However, always to my knowledge and experience there are issues using Npcap functions inside a Windows container, for example I am not able to get the list of of available interfaces:

Error in pcap_findalldevs_ex: PacketGetAdapterNames: The system cannot find the path specified.  (3)
dmiller-nmap commented 10 months ago

We recently did some research into Windows containers. We have not yet received a confirmation that these steps work, but this is the basic idea:

First, install Npcap on the host system. Windows containers do not allow you to install drivers inside the container, so this step is necessary.

Once Npcap has been installed on the host system, you need to make sure the container can access the resources Npcap provides. An application that uses Npcap will need to use the installed wpcap.dll and Packet.dll, access the SOFTWARE Registry key for Npcap, and be able to open the Npcap device, which has an internal name of \Devices\Npcap .

To allow the container to access the Npcap device, you need to allow the device class GUID for Npcap, {26e0d1e0-8189-12e0-9914080022301904}. Reference: https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/hardware-devices-in-containers

The Registry keys Npcap's DLLs read are in HKLM\SYSTEM\CurrentControlSet\Services\Npcap\Parameters .

Please let us know if you have success with this method. You may have problems identifying network devices to capture on, since the container has its own devices which are different than the driver in the host kernel can see.