替代WinPcap的新型Windows网络数据包截获软件——NPcap
2015-06-13 16:02
621 查看
NPcap是致力于采用Microsoft Light-Weight Filter (NDIS 6)技术对当前最流行的WinPcap工具包进行改进的一个项目。NPcap项目是最初2013年由Nmap网络扫描器项目(创始人Gordon Lyon)和北京大学罗杨博士发起,由Google公司赞助的一个开源项目,遵循MIT协议(与WinPcap一致)。NPcap基于WinPcap
4.1.3源码基础上开发,支持32位和64位架构,在Windows Vista以上版本的系统中,采用NDIS 6技术的NPcap能够比原有的WinPcap数据包(NDIS 5)获得更好的抓包性能,并且稳定性更好。
NPcap源代码采用GitHub托管,其Repository地址为:
https://github.com/nmap/npcap
目前与WinPcap 4.1.3完全兼容的NPcap 1.2.1安装包下载地址:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/winpcap-nmap-4.1.3-NDIS6-1.2.1.exe
NPcap相关开发讨论采用Nmap的开发者列表:
http://seclists.org/nmap-dev/
除了支持NDIS 6技术以外,NPcap还希望增强安全相关的机制,具体包括以下几方面:
http://nmap.org/soc/#winpcap
Support for the newer NDIS 6 API rather than NDIS 4
Privileges support so we can restrict WinPcap uses to users with Administrator access. This is similar to UNIX where you need root access to capture packets.
No-install DLL support would allow Pcap to load and unload automatically while the application runs. Riverbed used to sell a "WinPcap Pro" edition which did that, but they have discontinued that.
Enable Microsoft Driver Signing.
If we release our own “NPcap”, we'd presumably change the function entry point and external variable names so that we don't conflict with original WinPcap. Riverbed WinPcap Pro did this.
目前,NPcap软件的发展方向有所转变(版本号也从1.2.1从新降为0.01),由原来的替代WinPcap,到现在的试图实现与WinPcap的共存,即可同时安装在同一台Windows计算机上,NPcap甚至打算开发一个通用的网络数据包截获框架,支持包括WinPcap、NPcap、Win10Pcap在内的所有软件,由具体的上层应用,如Wireshark、Nmap自己决定要使用哪一个底层截获软件。即便如此,之前的如移植到NDIS 6上的工作仍然会在WinPcap开放源代码Repository后集成到官方代码中。
现在Nmap已经着手进行与新NPcap的兼容工作,采用优先使用NPcap,其次使用WinPcap的策略,下面是相关的开发组信息:
http://seclists.org/nmap-dev/2015/q2/258
附邮件内容:
I have added the NPcap support for Nmap. Only one file is changed: \mswin32\winfix.cc, the repo is here:
Nmap that supports NPcap:
https://svn.nmap.org/nmap-exp/yang/nmap-npcap/
revision: 34614
Latest NPcap 0.01 installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe
revision: 34615
Original WinPcap 4.13 (Nmap) installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/winpcap-nmap-4.13.exe
revision: 34615
Indication:
Using this version of Nmap, type:
nmap -v -A scanme.nmap.org
You will see output in your console like "Using NPCAP service for packet capturing and sending" or "Using NPF service for packet capturing and sending".
Behaviors:
If you install NPcap and WinPcap both, nmap will use NPcap first, and you will see "Using NPCAP service for packet capturing and sending".
If you install NPcap only, you will see "Using NPCAP service for packet capturing and sending".
If you install WinPcap only, you will see "Using NPF service for packet capturing and sending".
If you install neither of them, nmap will cause error as before.
NPcap is for Windows 7 above, so test it on Win7 or Win8.
4.1.3源码基础上开发,支持32位和64位架构,在Windows Vista以上版本的系统中,采用NDIS 6技术的NPcap能够比原有的WinPcap数据包(NDIS 5)获得更好的抓包性能,并且稳定性更好。
NPcap源代码采用GitHub托管,其Repository地址为:
https://github.com/nmap/npcap
目前与WinPcap 4.1.3完全兼容的NPcap 1.2.1安装包下载地址:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/winpcap-nmap-4.1.3-NDIS6-1.2.1.exe
NPcap相关开发讨论采用Nmap的开发者列表:
http://seclists.org/nmap-dev/
除了支持NDIS 6技术以外,NPcap还希望增强安全相关的机制,具体包括以下几方面:
http://nmap.org/soc/#winpcap
Support for the newer NDIS 6 API rather than NDIS 4
Privileges support so we can restrict WinPcap uses to users with Administrator access. This is similar to UNIX where you need root access to capture packets.
No-install DLL support would allow Pcap to load and unload automatically while the application runs. Riverbed used to sell a "WinPcap Pro" edition which did that, but they have discontinued that.
Enable Microsoft Driver Signing.
If we release our own “NPcap”, we'd presumably change the function entry point and external variable names so that we don't conflict with original WinPcap. Riverbed WinPcap Pro did this.
目前,NPcap软件的发展方向有所转变(版本号也从1.2.1从新降为0.01),由原来的替代WinPcap,到现在的试图实现与WinPcap的共存,即可同时安装在同一台Windows计算机上,NPcap甚至打算开发一个通用的网络数据包截获框架,支持包括WinPcap、NPcap、Win10Pcap在内的所有软件,由具体的上层应用,如Wireshark、Nmap自己决定要使用哪一个底层截获软件。即便如此,之前的如移植到NDIS 6上的工作仍然会在WinPcap开放源代码Repository后集成到官方代码中。
现在Nmap已经着手进行与新NPcap的兼容工作,采用优先使用NPcap,其次使用WinPcap的策略,下面是相关的开发组信息:
http://seclists.org/nmap-dev/2015/q2/258
附邮件内容:
I have added the NPcap support for Nmap. Only one file is changed: \mswin32\winfix.cc, the repo is here:
Nmap that supports NPcap:
https://svn.nmap.org/nmap-exp/yang/nmap-npcap/
revision: 34614
Latest NPcap 0.01 installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.01.exe
revision: 34615
Original WinPcap 4.13 (Nmap) installer:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/winpcap-nmap-4.13.exe
revision: 34615
Indication:
Using this version of Nmap, type:
nmap -v -A scanme.nmap.org
You will see output in your console like "Using NPCAP service for packet capturing and sending" or "Using NPF service for packet capturing and sending".
Behaviors:
If you install NPcap and WinPcap both, nmap will use NPcap first, and you will see "Using NPCAP service for packet capturing and sending".
If you install NPcap only, you will see "Using NPCAP service for packet capturing and sending".
If you install WinPcap only, you will see "Using NPF service for packet capturing and sending".
If you install neither of them, nmap will cause error as before.
NPcap is for Windows 7 above, so test it on Win7 or Win8.
相关文章推荐
- HTTP 1.1引入分块传输编码提供了以下几点好处:
- Win7旗舰版无线网络不能保存密码,以及不能创建热点
- 无法连接vCenter Server清单https://IP:10443
- TCP 的有限状态机
- TCP连接的建立与释放
- 5种服务器网络编程模型讲解
- 基于第三代蜜罐网关ROO,简单搭建攻防网络环境。
- (转)HttpClient 4.3.6 教程 前言 【翻译】
- TCP头部解析
- JavaWeb_HTTP协议
- unity开发:TCP socket网络连接
- 网络层协议:IP(Internet Protocol)的分类与子网
- 虚拟机的网络配置
- Linux中基于apache httpd的svn服务器搭建与配置
- 网络流建模总结
- http协议和web本质
- 《TCP/IP入门经典》——TCP/IP的工作方式
- XTU 1207 Welcome to XTCPC (模拟)
- win10网络位置怎么设置 win10网络位置设置图文教程
- 浅析防御僵尸网络基于应用层的DDOS攻击