npcap icon indicating copy to clipboard operation
npcap copied to clipboard

Published 20 hours ago verified publisher icon nmap

Npcap silent installation inside windows container

Open gudipudipradeep opened this issue 2 years ago • 2 comments

I couldn't able to install silently inside the docker image. I am using free version of npcap. nmap-7.92-setup.exe @hsluoyz Please help on this to capture the packet inside the windows container. We tried tcpdump, winpcap, wireshark inside container but still we are getting issue to capture packets.

` ** (wireshark:1936) 14:10:05.456066 [GLib WARNING] -- Failed to determine console output code page: The system could not find the environment option that was entered.. Falling back to UTF-8 wireshark: Unable to load Npcap or WinPcap (wpcap.dll); you will not be able to capture packets.

In order to capture packets Npcap or WinPcap must be installed. See

    https://nmap.org/npcap/

for a downloadable version of Npcap and for instructions on how to install it.`

Dockerfile `ARG version=ltsc2019 FROM mcr.microsoft.com/windows/servercore:$version

ENV chocolateyUseWindowsCompression false

RUN powershell -Command
iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'));
choco feature disable --name showDownloadProgress COPY tcpdump.exe C:/tcpdump.exe COPY WinDump.exe C:/WinDump.exe RUN choco install -y wireshark RUN choco install -y winpcap `

gudipudipradeep avatar Dec 15 '21 08:12 gudipudipradeep

As far as I know in Windows containers there is no need to install the Npcap driver, it is sufficient to have it installed in the host.

You may simply want to copy the DLLs wpcap.dll and Packet32.dll inside the container as it is done in the host. However, always to my knowledge and experience there are issues using Npcap functions inside a Windows container, for example I am not able to get the list of of available interfaces:

Error in pcap_findalldevs_ex: PacketGetAdapterNames: The system cannot find the path specified.  (3)

A-Pisani avatar Dec 15 '21 14:12 A-Pisani

We recently did some research into Windows containers. We have not yet received a confirmation that these steps work, but this is the basic idea:

First, install Npcap on the host system. Windows containers do not allow you to install drivers inside the container, so this step is necessary.

Once Npcap has been installed on the host system, you need to make sure the container can access the resources Npcap provides. An application that uses Npcap will need to use the installed wpcap.dll and Packet.dll, access the SOFTWARE Registry key for Npcap, and be able to open the Npcap device, which has an internal name of \Devices\Npcap .

To allow the container to access the Npcap device, you need to allow the device class GUID for Npcap, {26e0d1e0-8189-12e0-9914080022301904}. Reference: https://learn.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/hardware-devices-in-containers

The Registry keys Npcap's DLLs read are in HKLM\SYSTEM\CurrentControlSet\Services\Npcap\Parameters .

Please let us know if you have success with this method. You may have problems identifying network devices to capture on, since the container has its own devices which are different than the driver in the host kernel can see.

dmiller-nmap avatar Sep 08 '23 17:09 dmiller-nmap