<!DOCTYPE html> <html lang="en"> <head> <title>Npcap: Windows Packet Capture Library &amp; Driver</title> <meta name="description" content="Npcap is the packet capture library for Windows 10 and 11. Fast, secure, and compatible successor to WinPcap. Free to use."> <meta name="keywords" content="Npcap,Npcap OEM,packet capture,winpcap,pcap,pcap windows 9,pcap windows 11,npcap download"> <meta name="viewport" content="width=device-width,initial-scale=1"> <meta name="theme-color" content="#2A0D45"> <link rel="preload" as="image" href="/images/sitelogo.png" imagesizes="168px" imagesrcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x"> <link rel="preload" as="image" href="/shared/images/nst-icons.svg"> <link rel="stylesheet" href="/shared/css/nst.css?v=2"> <script async src="/shared/js/nst.js?v=2"></script> <link rel="stylesheet" href="/shared/css/nst-foot.css?v=2" media="print" onload="this.media='all'"> <link rel="stylesheet" href="/site.css"> <!--Google Analytics Code--> <link rel="preload" href="https://www.google-analytics.com/analytics.js" as="script"> <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-11009417-1', 'auto'); ga('send', 'pageview'); </script> <!--END Google Analytics Code--> <META NAME="ROBOTS" CONTENT="NOARCHIVE"> <link rel="shortcut icon" href="/shared/images/tiny-eyeicon.png" type="image/png"> </head> <body><div id="nst-wrapper"> <div id="menu"> <div class="blur"> <header id="nst-head"> <a id="menu-open" href="#menu" aria-label="Open menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#menu"> </a> <a id="menu-close" href="#" aria-label="Close menu"> <img width="44" height="44" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#close"> </a> <a id="nst-logo" href="/" aria-label="Home page"> <img alt="Home page logo" srcset="/images/sitelogo.png, /images/sitelogo-2x.png 2x" src="/images/sitelogo.png" onerror="this.onerror=null;this.srcset=this.src" height=90 width=168></a> <nav id="nst-gnav"> <a class="nlink" href="https://nmap.org/">Nmap.org</a> <a class="nlink" href="https://npcap.com/">Npcap.com</a> <a class="nlink" href="https://seclists.org/">Seclists.org</a> <a class="nlink" href="https://sectools.org">Sectools.org</a> <a class="nlink" href="https://insecure.org/">Insecure.org</a> </nav> <form class="nst-search" id="nst-head-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> </header> </div> </div> <main id="nst-content"> <nav id="nst-sitenav"> <a class="nlink" href="/guide/">Docs</a> <a class="nlink" href="/#download">Download</a> <a class="nlink" href="/oem/">Licensing</a> <a class="nlink" href="/windows-10.html">Windows 11</a> <a class="nlink" href="/vs-winpcap.html">WinPcap</a> </nav> <!-- schema.org markup --> <script type="application/ld+json">{ "@context": "https://schema.org", "@type": "WebSite", "url": "https://npcap.com/", "image": "https://npcap.com/images/sitelogo.png", "potentialAction": { "@type": "SearchAction", "target": { "@type": "EntryPoint", "urlTemplate": "https://npcap.com/search.html?q={term}" }, "query-input": "required name=term" } } </script> <p style="display:none" vocab="http://schema.org/" typeof="SoftwareApplication"> <span property="name">Npcap</span> <span property="applicationCategory">Library</span> <span property="applicationSubCategory">Networking Library</span> <span property="operatingSystem">Microsoft Windows 11</span> <span property="operatingSystem">Microsoft Windows 10</span> <span property="operatingSystem">Microsoft Windows Server 2019</span> <span property="operatingSystem">Microsoft Windows Server 2016</span> <span property="operatingSystem">Microsoft Windows 8.1</span> <span property="operatingSystem">Microsoft Windows Server 2012 R2</span> <span property="operatingSystem">Microsoft Windows 8</span> <span property="operatingSystem">Microsoft Windows Server 2012</span> <span property="operatingSystem">Microsoft Windows 7</span> <span property="operatingSystem">Microsoft Windows Server 2008 R2</span> <a href="https://npcap.com/#download" property="downloadUrl">Download Npcap</a> <a href="https://npcap.com/license" property="license">Npcap License</a> <a href="https://npcap.com/changelog" property="releaseNotes">Npcap Changelog</a> <span property="softwareVersion">1.80</span> <span property="dateCreated">2024-9-16</span> </p> <section id="intro"> <!-- INTRODUCTION ********************************************************* --> <h1 class="purpleheader">Packet capture library for Windows</h1> <p>Npcap is the Nmap Project's packet capture (and sending) library for Microsoft Windows. It implements the open <a href="https://en.wikipedia.org/wiki/Pcap">Pcap API</a> using a custom Windows kernel driver alongside our Windows build of <a href="http://www.tcpdump.org/">the excellent libpcap library</a>. This allows Windows software to capture raw network traffic (including wireless networks, wired ethernet, localhost traffic, and many VPNs) using a simple, portable API. Npcap allows for sending raw packets as well. Mac and Linux systems already include the Pcap API, so Npcap allows popular software such as <a href="https://nmap.org">Nmap</a> and <a href="https://www.wireshark.org/">Wireshark</a> to run on all these platforms (and more) with a single codebase. Npcap began in 2013 as some improvements to the (now discontinued) WinPcap library, but has been largely rewritten since then with <a href="https://npcap.com/changelog">hundreds of releases</a> improving Npcap's speed, portability, security, and efficiency. In particular, Npcap now offers: <ul> <li><b>Loopback Packet Capture and Injection</b>: Npcap is able to sniff loopback packets (transmissions between services on the same machine) by using the <a href="https://msdn.microsoft.com/en-us/library/windows/desktop/aa366510(v=vs.85).aspx"> Windows Filtering Platform (WFP)</a>. After installation, Npcap supplies an interface named <code>NPF_Loopback</code>, with the description &ldquo;Adapter for loopback capture&rdquo;. Wireshark users can choose this adapter to capture all loopback traffic the same way as other non-loopback adapters. Packet injection works as well with the <a href="guide/wpcap/pcap_inject.html">pcap_inject() function</a>. <li><b>Support for all Current Windows Releases</b>: Npcap supports all versions of Windows and Windows Server that Microsoft themselves still support. To avoid limiting ourselves just to the features and API's of our oldest supported Windows release, we build and ship drivers for each major platform generation. That way we can use all of Microsoft's latest technology in our Win10 driver while still supporting legacy systems. Npcap works on Windows 7 and later by making use of the <a href="https://msdn.microsoft.com/en-us/library/windows/hardware/ff565492(v=vs.85).aspx"> NDIS 6 Light-Weight Filter (LWF)</a> API. It's faster than the deprecated <a href="https://docs.microsoft.com/en-us/windows-hardware/drivers/network/overview-of-ndis-versions"> NDIS 5</a> API used by WinPcap. Also, the driver is signed with our EV certificate and countersigned by Microsoft so that it works even with the stricter driver signing requirements imposed by Windows 10. We don't know exactly when Microsoft will remove NDIS 5 or cease the grandfathering of older less secure driver signatures, but WinPcap will cease working when that happens. <li><b>Libpcap API</b>: Npcap uses the excellent <a href="https://www.tcpdump.org/">Libpcap library</a>, enabling Windows applications to use a portable packet capturing API that is also supported on Linux and MacOS. While WinPcap was based on LibPcap 1.0.0 from 2009, Npcap includes the latest Libpcap release along with all of the improvements we contribute back upstream to them. <li><b>Support for all Windows architectures (x86, x86-64, and ARM)</b>: Npcap has always supported both Windows 64-bit and 32-bit Intel x86 platforms. But starting with version 1.50 we also support the new <a href="https://docs.microsoft.com/en-us/windows/arm/">Windows on ARM architecture</a>! This allows PC's to use the same power-efficient mobile chipsets as smartphones for all-day battery life and always-on LTE connectivity. Users can now run apps like <a href="https://nmap.org">Nmap</a> and <a href="https://www.wireshark.org/">Wireshark</a> on a new generation of devices like the <a href="https://www.microsoft.com/en-us/surface/business/surface-pro-x">Microsoft Surface Pro X tablet</a> and the <a href="https://www.samsung.com/us/computing/galaxy-book-go/">Samsung Galaxy Book Go laptop</a>. <li><b>Extra Security</b>: Npcap can (optionally) be restricted so that only Administrators can sniff packets. If a non-Admin user tries to utilize Npcap through software such as <a href="https://nmap.org/">Nmap</a> or <a href="https://www.wireshark.org/">Wireshark</a>, the user will have to pass a <a href="http://windows.microsoft.com/en-us/windows/what-is-user-account-control#1TC=windows-7"> User Account Control (UAC)</a> dialog to utilize the driver. This is conceptually similar to UNIX, where root access is generally required to capture packets. We've also enabled the Windows ASLR and DEP security features and signed the driver, DLLs, and executables to prevent tampering. <li><b>WinPcap compatibility</b>: Software written for WinPcap is generally source-code compatible with WinPcap so it simply needs to be recompiled with the Npcap SDK to receive all of Npcap's performance, compatability, and security benefits. In fact there is even some binary compatability&mdash;software compiled with the WinPcap SDK often still works with modern Npcap. We don't suggest relying on that, however, since compilers and other stack technology has changed dramatically since the last WinPcap SDK release in 2013. When porting legacy WinPcap software to Npcap, we do suggest <a href="guide/npcap-devguide.html#npcap-devguide-updating">a few minor changes</a>, mostly to ensure your software uses Npcap in preference to WinPcap on systems with both libraries installed. By default Npcap replaces any old WinPcap software installs with its own drivers, but you can install both by unchecking Npcap's &ldquo;WinPcap Compatible Mode.&rdquo; installer option. <li><b>Raw (monitor mode) 802.11 wireless capture</b>: Npcap can be configured to read raw 802.11 traffic, including radiotap header details, and this functionality is directly supported by Wireshark. More details <a href="guide/npcap-devguide.html#npcap-feature-dot11">can be found here</a>. </ul> <p>Many more details about Npcap are available in the <a href="guide/">Npcap User/Developer Guide</a>. We've also created a <a href="vs-winpcap.html">feature comparison between Npcap and WinPcap</a>.</p> </section> <section id="download"> <h2 class="purpleheader">Downloading and Installing Npcap Free Edition</h2> <p>The free version of Npcap may be used (but not externally redistributed) on up to 5 systems (<a href="https://github.com/nmap/npcap/blob/master/LICENSE">free license details</a>). It may also be used on unlimited systems where it is only used with <a href="https://nmap.org">Nmap</a>, <a href="https://www.wireshark.org/">Wireshark</a>, and/or <a href="https://docs.microsoft.com/en-us/defender-for-identity/what-is">Microsoft Defender for Identity</a>. Simply run the executable installer. The full source code for each release is available, and developers can build their apps against the SDK. The improvements for each release are documented in the <a href="https://npcap.com/changelog">Npcap Changelog</a>.</p> <ul> <li><a href="dist/npcap-1.80.exe">Npcap 1.80 installer</a> for Windows 7/2008R2, 8/2012, 8.1/2012R2, 10/2016, 2019, 11 (x86, x64, and ARM64).</li> <li><a href="dist/npcap-sdk-1.13.zip">Npcap SDK 1.13</a> (ZIP).</li> <li><a href="dist/npcap-1.80-DebugSymbols.zip">Npcap 1.80 debug symbols</a> (ZIP).</li> <li><a href="dist/npcap-1.80.zip">Npcap 1.80 source code</a> (ZIP).</li> </ul> <p>The latest development source is in our <a href="https://github.com/nmap/npcap">Github source repository</a>. Windows XP and earlier are not supported; you can use <a href="https://www.winpcap.org/">WinPcap</a> for these versions.</p> </section> <section id="oem"> <h2 class="purpleheader">Npcap OEM for Commercial Use and Redistribution</h2> <p>We fund the Npcap project by selling Npcap OEM. This special version of Npcap includes enterprise features such as the silent installer and commercial support as well as special license rights allowing customers to redistribute Npcap with their products or to install it on more systems within their organization with easy enterprise deployment. The <a href="https://github.com/nmap/npcap/blob/master/LICENSE">Npcap free license</a> only allows five installs (with a few exceptions) and does not allow for any redistribution. We offer two commercial license types:</p> <p><a href="oem/redist.html">Npcap OEM Redistribution License</a>: The redistribution license is for companies that wish to distribute Npcap OEM within their products (the free Npcap edition <a href="https://github.com/nmap/npcap/blob/master/LICENSE">does not allow this</a>). Licensees generally use the Npcap OEM silent installer, ensuring a seamless experience for end users. Licensees may choose between a perpetual unlimited license or an annual term license, along with options for commercial support and updates. [<a href="oem/redist.html">Redistribution license details</a>]</p> <p><a href="oem/internal.html">Npcap OEM Internal-Use License</a>: The corporate internal license is for organizations that wish to use Npcap OEM internally, without redistribution outside their organization. This allows them to bypass the <a href="https://github.com/nmap/npcap/blob/master/LICENSE">5-system usage cap</a> of the Npcap free edition. It includes commercial support and update options, and provides the extra Npcap OEM features such as the silent installer for enterprise-wide deployment. [<a href="oem/internal.html">Internal-use license details</a>]</p> </section> <section id="docs"> <h2 class="purpleheader">Documentation</h2> <p>The primary documentation for Npcap is the <a href="guide/">Npcap User's Guide</a>. You can also refer to the <a href="https://github.com/nmap/npcap/blob/master/README.md">README file</a> on Github. The changes in each new release are documented in the <a href="https://npcap.com/changelog">Npcap Changelog</a>. </p> </section> <section id="etc"> <!-- PATCHES, BUG REPORTS, ETC ******************************************** --> <h2 class="purpleheader">Patches, Bug Reports, Questions, Suggestions, etc</h2> <p>Npcap bug reports can be filed on the <a href="https://github.com/nmap/npcap/issues/">Npcap Issues Tracker</a>. Please test with the latest version of Npcap first to ensure it hasn't already been fixed. It is also helpful if you search the current issues first to find out if it has already been reported. Then you can leave a comment on the existing issue rather than creating duplicates. Feature enhancement requests can be made on the tracker as well <p> Questions, comments and bug reports are always welcome. One option is the Nmap development mailing list (nmap-dev). To subscribe, please visit: <a href="http://nmap.org/mailman/listinfo/dev">http://nmap.org/mailman/listinfo/dev</a>.<br><br> <p>Code patches to fix bugs are even better than bug reports. Instructions for creating patch files and sending them are <a href="http://nmap.org/svn/HACKING">available here.</a> <p>Bug reports for Npcap can also be filed on the <a href="https://issues.npcap.org/">Npcap bug tracker</a>. </section> </main><!-- content --> <footer id="nst-foot"> <form class="nst-search" id="nst-foot-search" action="/search/"> <input class="nst-search-q" name="q" type="search" placeholder="Site Search"> <button class="nst-search-button" title="Search"> <img style="width:100%;aspect-ratio:1/1;" alt="" aria-hidden="true" src="/shared/images/nst-icons.svg#search"> </button> </form> <div class="flexlists"> <div class="fl-unit"> <h2><a class="nlink" href="https://nmap.org/">Nmap Security Scanner</a></h2> <ul> <li><a class="nlink" href="https://nmap.org/book/man.html">Ref Guide</a> <li><a class="nlink" href="https://nmap.org/book/install.html">Install Guide</a> <li><a class="nlink" href="https://nmap.org/docs.html">Docs</a> <li><a class="nlink" href="https://nmap.org/download.html">Download</a> <li><a class="nlink" href="https://nmap.org/oem/">Nmap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://npcap.com/">Npcap packet capture</a></h2> <ul> <li><a class="nlink" href="https://npcap.com/guide/">User's Guide</a> <li><a class="nlink" href="https://npcap.com/guide/npcap-devguide.html#npcap-api">API docs</a> <li><a class="nlink" href="https://npcap.com/#download">Download</a> <li><a class="nlink" href="https://npcap.com/oem/">Npcap OEM</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://seclists.org/">Security Lists</a></h2> <ul> <li><a class="nlink" href="https://seclists.org/nmap-announce/">Nmap Announce</a> <li><a class="nlink" href="https://seclists.org/nmap-dev/">Nmap Dev</a> <li><a class="nlink" href="https://seclists.org/fulldisclosure/">Full Disclosure</a> <li><a class="nlink" href="https://seclists.org/oss-sec/">Open Source Security</a> <li><a class="nlink" href="https://seclists.org/dataloss/">BreachExchange</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://sectools.org">Security Tools</a></h2> <ul> <li><a class="nlink" href="https://sectools.org/tag/vuln-scanners/">Vuln scanners</a> <li><a class="nlink" href="https://sectools.org/tag/pass-audit/">Password audit</a> <li><a class="nlink" href="https://sectools.org/tag/web-scanners/">Web scanners</a> <li><a class="nlink" href="https://sectools.org/tag/wireless/">Wireless</a> <li><a class="nlink" href="https://sectools.org/tag/sploits/">Exploitation</a> </ul> </div> <div class="fl-unit"> <h2><a class="nlink" href="https://insecure.org/">About</a></h2> <ul> <li><a class="nlink" href="https://insecure.org/fyodor/">About/Contact</a> <li><a class="nlink" href="https://insecure.org/privacy.html">Privacy</a> <li><a class="nlink" href="https://insecure.org/advertising.html">Advertising</a> <li><a class="nlink" href="https://nmap.org/npsl/">Nmap Public Source License</a> </ul> </div> <div class="fl-unit social-links"> <a class="nlink" href="https://twitter.com/nmap" title="Visit us on Twitter"> <img width="32" height="32" src="/shared/images/nst-icons.svg#twitter" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://facebook.com/nmap" title="Visit us on Facebook"> <img width="32" height="32" src="/shared/images/nst-icons.svg#facebook" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://github.com/nmap/" title="Visit us on Github"> <img width="32" height="32" src="/shared/images/nst-icons.svg#github" alt="" aria-hidden="true"> </a> <a class="nlink" href="https://reddit.com/r/nmap/" title="Discuss Nmap on Reddit"> <img width="32" height="32" src="/shared/images/nst-icons.svg#reddit" alt="" aria-hidden="true"> </a> </div> </div> </footer> </div><!-- wrapper --> </body> </html>