2

I'm using scapy to make ansyncronous sniffer throught an usb-ethernet adapter.

from scapy.all import *
t = AsyncSniffer(iface="ASIX AX88772B USB2.0 to Fast Ethernet Adapter",filter="ether proto 0x5337")
t.start()
print("hey")
time.sleep(10) 
packets= t.stop()
print (packets.summary())

doing so I'm getting the following warning message:

WARNING: WinPcap is now deprecated (not maintained). Please use Npcap instead

I've tried to install Npcap but honestly I'ven't understood how to do the same async acquisition using Npcap instead.

martinmistere
  • 229
  • 2
  • 14
  • What happens if you just un-install WinPcap and install Npcap with "WinPcap compatibility mode" checked, and then try your Python code without any changes? Npcap should be compatible with WinPcap and the libpcap level (it's just based on a newer version of libpcap, but libpcap attempts to preserver binary compatibility), so Scapy should Just Work. – user16139739 Sep 18 '22 at 23:25
  • yes I've had the same idea but the problem is that on this PC the installed windows is not compatible with Npcap. – martinmistere Sep 19 '22 at 12:39
  • 1
    "on this PC the installed windows is not compatible with Npcap." So presumably it's Windows Vista or earlier; the current version of Npcap is supported on Windows 7 and later. (If Npcap doesn't work on Windows 7 or later, please report that as an issue at https://github.com/nmap/npcap/issues. – user16139739 Sep 22 '22 at 05:31
  • it is a windows embedded standard with SP1 – martinmistere Sep 22 '22 at 07:10
  • 1
    There appear to be multiple versions of Windows Embedded Standard; is this Windows Embedded Standard 7 with SP1, or another version? – user16139739 Sep 22 '22 at 22:24
  • 1
    yes windows embedded standard 7 with sp1 – martinmistere Sep 23 '22 at 08:07

1 Answers1

2

Npcap, like WinPcap, provide 1) the libpcap library and 2) a driver, and a library that communicates with the driver, for libpcap to use in order to perform traffic capture and packet injection.

The standard WinPcap and Npcap API is the libpcap API, so it's not as if a program using that API would need to be different for WinPcap and Npcap.

So the same Scary code should work regardless of whether you have WinPcap or Npcap installed.

As for Npcap on Windows Embedded Standard 7, I've filed Npcap issue #637, asking whether Npcap is supported on Windows Embedded Standard 7, given that it's supported on Windows 7.

If the Npcap developers indicate that it's not supported, you're out of luck, and will have to use WinPcap and live with the warning message.

If they indicate that it is supported, then:

  • if you weren't able to install it, please add detailed information on that problem to that issue, so that the Npcap developers know the details of the problem and can attempt to fix it;
  • if you were able to install it, but it doesn't work, please add detailed information on that problem to that issue, so that the Npcap developers know the details of the problem and can attempt to fix it;
  • if you didn't try to install it, try doing so, and then, if it can't be installed or doesn't work after you install it, add detailed information on that problem to that issue, as per the above.

UPDATE:

The Npcap developers indicate that it should, in fact, work on Windows Embedded Standard 7. I.e., they indicate that the OS on your PC should be compatible with Npcap.

user16139739
  • 862
  • 3
  • 5