top of page

Updating npcap


For those of you who are not aware, this is worth covering.

Even though the latest version of Wireshark provided an updated npcap driver I still believe this is relevant.

As of Wireshark 3.0 for Windows, Winpcap is replaced with npcap. The first thing to check is that if you do not have any other applications that rely on Winpcap, make sure it is removed by checking under you installed programs section in your control panel. If you are not sure, then you probably don’t need it. Those who use other winpcap applications will know if its required.

On to npcap. I ran into an issue where a client was having some really weird behavior with Wireshark 3.0. Its important to note that this computer has never had issues with previous versions of Wireshark/WinPcap.

First thing I checked was to ensure that his work laptop doesn’t have any endpoint software or configuration that would interfere with the installation process. After confirming this, I focused on npcap since he would open trace files without issue.

I went to https://nmap.org/npcap and noticed the current version was different than the version that Wireshark installed. I figured I have nothing to lose, so we manually uninstalled npcap, downloaded the current version, installed and rebooted to be on the safe side.

And to my surprise the computer consistently saw the network interface and was able to capture for more than 10 seconds.

As I mentioned in the video, this is worth checking with my next Wireshark upgrade to see if Wireshark is keeping npcap current, or a troubleshooting tip for any future issues.


461 views
bottom of page