Home page logo

Npcap Library Networking Library Microsoft Windows 10 Microsoft Windows Server 2016 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Download Npcap Npcap License Npcap Changelog 0.995 2019-05-10

Packet capture library for Windows

Npcap is the Nmap Project's packet sniffing (and sending) library for Windows. It is based on the discontinued WinPcap library, but with improved speed, portability, security, and efficiency. In particular, Npcap offers:

  • WinPcap for Windows 10: Npcap works on Windows 7 and later by making use of the new NDIS 6 Light-Weight Filter (LWF) API. It's faster than the deprecated NDIS 5 API, which Microsoft could remove at any time. Also, the driver is signed with our EV certificate and countersigned by Microsoft, so it works even with the stricter driver signing requirements in Windows 10 1607.
  • Extra Security: Npcap can (optionally) be restricted so that only Administrators can sniff packets. If a non-Admin user tries to utilize Npcap through software such as Nmap or Wireshark, the user will have to pass a User Account Control (UAC) dialog to utilize the driver. This is conceptually similar to UNIX, where root access is generally required to capture packets. We've also enabled the Windows ASLR and DEP security features and signed the driver, DLLs, and executables to prevent tampering.
  • Loopback Packet Capture: Npcap is able to sniff loopback packets (transmissions between services on the same machine) by using the Windows Filtering Platform (WFP). After installation, Npcap will create an adapter named Npcap Loopback Adapter for you. If you are a Wireshark user, choose this adapter to capture, you will see all loopback traffic the same way as other non-loopback adapters. Try it by typing in commands like “ping” (IPv4) or “ping ::1” (IPv6).
  • Loopback Packet Injection: Npcap is also able to send loopback packets using the Winsock Kernel (WSK) technique. User-level software such as Nping can just send the packets out using Npcap Loopback Adapter just like any other adapter. Npcap then does the magic of removing the packet's Ethernet header and injecting the payload into the Windows TCP/IP stack.
  • Libpcap API: Npcap uses the excellent Libpcap library, enabling Windows applications to use a portable packet capturing API that is also supported on Linux and Mac OS X. While WinPcap was based on LibPcap 1.0.0 from 2009, Npcap includes the latest Libpcap release along with improvements that we also contribute back upstream to Libpcap.
  • WinPcap compatibility: For applications that don't yet make use of Npcap's advanced features, Npcap can be installed in “WinPcap Compatible Mode.” This will replace any existing WinPcap installation. If compatibility mode is not selected, Npcap can coexist alongside WinPcap; applications which only know about WinPcap will continue using that, while other applications can choose to use the newer and faster Npcap driver instead.

Unsure whether to use WinPcap or Npcap? Check out our feature comparison and decide for yourself.

Downloading and Installing Npcap Free Edition

The free version of Npcap may be used (but not externally redistributed) on up to 5 systems. It may also be used on unlimited systems where it is only used with Nmap and/or Wireshark. Simply run the executable installer. The full source code for each release is available, and developers can build their apps against the SDK. The improvements for each release are documented in the Npcap Changelog.

The latest development source is in our Github source repository. Windows XP and earlier are not supported; you can use WinPcap for these versions.

Npcap OEM for Commercial Use and Redistribution

We fund the Npcap project by selling Npcap OEM. This special version of Npcap includes enterprise features such as the silent installer and commercial support as well as special license rights allowing customers to redistribute Npcap with their products or to install it on more systems within their organization with easy enterprise deployment. We offer two license types:

Npcap OEM Redistribution License: The redistribution license is for companies that wish to distribute Npcap OEM within their products (the free Npcap edition does not allow this). Licensees generally use the Npcap OEM silent installer, ensuring a seamless experience for end users. Licensees may choose between a perpetual unlimited license or an annual term license, along with options for commercial support and updates. [Redistribution license details]

Npcap OEM Internal-Use License: The corporate internal license is for organizations that wish to use Npcap OEM internally, without redistribution outside their organization. This allows them to bypass the 5-system usage cap of the Npcap free edition. It includes commercial support and update options, and provides the extra Npcap OEM features such as the silent installer for enterprise-wide deployment. [Internal-use license details]


The primary documentation for Npcap is the Npcap User's Guide. You can also refer to the README file on Github. The changes in each new release are documented in the Npcap Changelog.

Patches, Bug Reports, Questions, Suggestions, etc

Questions, comments and bug reports are always welcome. Please use the Nmap development mailing list (nmap-dev). To subscribe, please visit: http://nmap.org/mailman/listinfo/dev.

Code patches to fix bugs are even better than bug reports. Instructions for creating patch files and sending them are available here.

Bug reports for Npcap can also be filed on the Nmap bug tracker.

Nmap Site Navigation

Intro Reference Guide Book Install Guide
Download Changelog Zenmap GUI Docs
Bug Reports OS Detection Propaganda Related Projects
In the Movies In the News
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]