食肉大灰兔V5
2015-09-01 02:56:13 UTC
Hi Mark,
On Tue, Sep 1, 2015 at 8:02 AM, Mark Pizzolato - Winpcap-Users <
The installer will install stock WinPcap when running on XP and Vista
systems. You can try it if you like.
didn't go along that way ( at last chooses Plan A). But I don't think it's
impossible for now. Maybe we can create a new user group called "Npcap
Users" and leave it empty at first, then if a user trying to use Npcap is a
member of "Npcap Users", he will be permitted, if he is not a member, Npcap
will check if he has Admin right, if yes, then permit too. What do you
think about this? You can submit this idea as an issue on the list.
installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-1.00.exe
I have installed 1.00 version on my Win10 host, and accessed a shared
folder at \\192.168.0.80\osv with no issue. Can you access the Internet
when you found this issue?
https://github.com/nmap/nmap/issues, you can fire an issue there.
Yang
Forwarded:
I want to let you decide which plan we will use for our function: *Add
privilege support to Npcap so we can limit it to users with administrator
access*
*Last week I said there are three options as below:*
Plan A: Allow Administrators group to use the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed.
Plan B: Allow Users group to use the driver. All members of Users group can
use the driver directly.
Plan C: Create a custom group named Nmap Users and add all Administrators
group members intoNmap Users during NPcap installation, then allow Nmap
Users group to access the driver. The drawback is if a new user added
to Administrators
group, there's no graceful ways to let that user join our Nmap Users group
automatically. Admins need to add that user manually.
*As Plan B and Plan C are crossed out in our last meeting, we will only
talk about Plan A here, depending on whether we really want to check the
"true" administrator privilege, We have Plan A-1 and Plan A-2 as belows:*
Plan A-1: Add access control to the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed. When being denied, we can show our
custom dialog to user which says like "You need to re-run the program as an
Administrator to use NPcap, please restart your program as an
Administrator". Notice Windows has no way to elevate a process during
run-time, the Admin privilege is only granted when a process is started. So
for this solution, Nmap *MUST* restart if not started with Run as
Administrator option. Here what we can do as NPcap is that we prompt a
customized error dialog then quit. Let the user restart a new Nmap by
himself.
Plan A-2: We don't add access control to the driver, we only checks whether
the current user is a member of Administrators group in our DLL
(packet.dll). This solution has nothing to do with UAC and privilege
elevation. So the current user do NOT have to run nmap withRun as
Administratoroption. If the current user is a member of Admin group, then
nmap can use NPcap normally, if the current user is not, we can prompt a
customized dialog says "Your current account is not in Administrator group,
please restart your program under an account within Administrator group.
To sum up,
1) Both solutions need to restart the program (such as Nmap) if the user
fails our check. No way to elevate the privilege at run-time.
2) The difference between the two solutions is that Plan A-1 needs a "true"
administrator privilege, so the not built-in members of Administrators
group must run nmap with Run as Administrator option. Plan A-2 do not need
a "true" administrator privilege, so all members of Administrators group
can run nmap normally without Run as Administrator option.
*Personally, I prefer Plan A-2, because this solution will give the end
users less trouble. So there will be less complaints when user first adopts
our NPcap. At the same time It's less safer than Plan A-1. What about your
suggestions?*
On Tue, Sep 1, 2015 at 8:02 AM, Mark Pizzolato - Winpcap-Users <
Hi Yang,
Thanks for doing this.
I have 2 comments and one bug/issue.
1) Windows XP and Vista systems are still somewhat common. It would
be great if the installer could be setup to install the original WinPcap
binaries on these platforms. Then there could be a single pcap installer
for all Windows platforms.
In fact, Npcap has integrated the original WinPcap files for XP and Vista.Thanks for doing this.
I have 2 comments and one bug/issue.
1) Windows XP and Vista systems are still somewhat common. It would
be great if the installer could be setup to install the original WinPcap
binaries on these platforms. Then there could be a single pcap installer
for all Windows platforms.
The installer will install stock WinPcap when running on XP and Vista
systems. You can try it if you like.
2) The Administrator mode is a good enhancement. It would be nice
if a middle position (between completely open and completely admin) were
available for some environments. Maybe membership in a paritular security
groupâŠ.
We have talked about this plan (see Plan C at the end of the mail) andif a middle position (between completely open and completely admin) were
available for some environments. Maybe membership in a paritular security
groupâŠ.
didn't go along that way ( at last chooses Plan A). But I don't think it's
impossible for now. Maybe we can create a new user group called "Npcap
Users" and leave it empty at first, then if a user trying to use Npcap is a
member of "Npcap Users", he will be permitted, if he is not a member, Npcap
will check if he has Admin right, if yes, then permit too. What do you
think about this? You can submit this idea as an issue on the list.
With the Npcap package installed, I was unable to map a shared folder for
a system on my LAN which had worked previously. Uninstalling the Npcap
package immediately allowed access to the shared folder on the other system.
Npcap has released 1.00 version now, maybe you'd like to try the latesta system on my LAN which had worked previously. Uninstalling the Npcap
package immediately allowed access to the shared folder on the other system.
installer at:
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-1.00.exe
I have installed 1.00 version on my Win10 host, and accessed a shared
folder at \\192.168.0.80\osv with no issue. Can you access the Internet
when you found this issue?
Maybe you want to enable âissuesâ in the github repository to track things
like this.
Npcap uses the same issue list with Nmap atlike this.
https://github.com/nmap/nmap/issues, you can fire an issue there.
Thanks again.
- Mark Pizzolato
Cheers,- Mark Pizzolato
Yang
*Sent:* Saturday, August 22, 2015 6:02 AM
*Subject:* [Winpcap-users] Npcap 0.04, based on original WinPcap 4.1.3,
call for test
Hi list,
Npcap is an update of WinPcap to NDIS 6 Light-Weight Filter (LWF)
technique. Within Google Summer of Code 2013 and 2015, Npcap has added many
features and become stable in its 0.04 version. I hope that you guys could
test its functionalities, and I'd like to see WinPcap official adopt
features of Npcap.
1) NDIS 6 Support
2) "Admin-only Mode" Support
3) "WinPcap Compatible Mode" Support
4) Loopback Packets Capture Support
5) Loopback Packets Send Support
https://github.com/nmap/npcap
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/
npcap-nmap-0.04-r5.exe
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r5.exe>
1) You need to try it under Win7 and later, and no need to change the
installation options, just click the "Next"s. Npcap installed in "WinPcap Compatible
Mode" is exclusive with WinPcap, so you must uninstall WinPcap first
(installer will prompt you this).
2) If you have installed WinPcap, better to reboot the PC after
uninstalling WinPcap and then install Npcap.
Cheers,
Yang
_______________________________________________
Winpcap-users mailing list
https://www.winpcap.org/mailman/listinfo/winpcap-users
-------------------------------------------------------------------------------------------------------------------------------------------------------*Subject:* [Winpcap-users] Npcap 0.04, based on original WinPcap 4.1.3,
call for test
Hi list,
Npcap is an update of WinPcap to NDIS 6 Light-Weight Filter (LWF)
technique. Within Google Summer of Code 2013 and 2015, Npcap has added many
features and become stable in its 0.04 version. I hope that you guys could
test its functionalities, and I'd like to see WinPcap official adopt
features of Npcap.
1) NDIS 6 Support
2) "Admin-only Mode" Support
3) "WinPcap Compatible Mode" Support
4) Loopback Packets Capture Support
5) Loopback Packets Send Support
https://github.com/nmap/npcap
https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/
npcap-nmap-0.04-r5.exe
<https://svn.nmap.org/nmap-exp/yang/NPcap-LWF/npcap-nmap-0.04-r5.exe>
1) You need to try it under Win7 and later, and no need to change the
installation options, just click the "Next"s. Npcap installed in "WinPcap Compatible
Mode" is exclusive with WinPcap, so you must uninstall WinPcap first
(installer will prompt you this).
2) If you have installed WinPcap, better to reboot the PC after
uninstalling WinPcap and then install Npcap.
Cheers,
Yang
_______________________________________________
Winpcap-users mailing list
https://www.winpcap.org/mailman/listinfo/winpcap-users
Forwarded:
I want to let you decide which plan we will use for our function: *Add
privilege support to Npcap so we can limit it to users with administrator
access*
*Last week I said there are three options as below:*
Plan A: Allow Administrators group to use the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed.
Plan B: Allow Users group to use the driver. All members of Users group can
use the driver directly.
Plan C: Create a custom group named Nmap Users and add all Administrators
group members intoNmap Users during NPcap installation, then allow Nmap
Users group to access the driver. The drawback is if a new user added
to Administrators
group, there's no graceful ways to let that user join our Nmap Users group
automatically. Admins need to add that user manually.
*As Plan B and Plan C are crossed out in our last meeting, we will only
talk about Plan A here, depending on whether we really want to check the
"true" administrator privilege, We have Plan A-1 and Plan A-2 as belows:*
Plan A-1: Add access control to the driver, nmap run by built-in
Administrator account can use the driver directly. The other members of
Administrators group must run nmap with Run as Administrator option, or the
driver will refuse to be accessed. When being denied, we can show our
custom dialog to user which says like "You need to re-run the program as an
Administrator to use NPcap, please restart your program as an
Administrator". Notice Windows has no way to elevate a process during
run-time, the Admin privilege is only granted when a process is started. So
for this solution, Nmap *MUST* restart if not started with Run as
Administrator option. Here what we can do as NPcap is that we prompt a
customized error dialog then quit. Let the user restart a new Nmap by
himself.
Plan A-2: We don't add access control to the driver, we only checks whether
the current user is a member of Administrators group in our DLL
(packet.dll). This solution has nothing to do with UAC and privilege
elevation. So the current user do NOT have to run nmap withRun as
Administratoroption. If the current user is a member of Admin group, then
nmap can use NPcap normally, if the current user is not, we can prompt a
customized dialog says "Your current account is not in Administrator group,
please restart your program under an account within Administrator group.
To sum up,
1) Both solutions need to restart the program (such as Nmap) if the user
fails our check. No way to elevate the privilege at run-time.
2) The difference between the two solutions is that Plan A-1 needs a "true"
administrator privilege, so the not built-in members of Administrators
group must run nmap with Run as Administrator option. Plan A-2 do not need
a "true" administrator privilege, so all members of Administrators group
can run nmap normally without Run as Administrator option.
*Personally, I prefer Plan A-2, because this solution will give the end
users less trouble. So there will be less complaints when user first adopts
our NPcap. At the same time It's less safer than Plan A-1. What about your
suggestions?*