Npcap 1.00 was just released and a new Nmap is on the way!

By | September 29, 2020

Hello everyone. I hope you are all safe and well during this nasty
pandemic. I obviously haven’t been wearing my marketing hat enough given
that this is my first mail to the Nmap Announcement list since last
August’s Nmap 7.80 release. But we’ve been heads-down programming since
then and have great news to report!

The biggest news is that, after more than 7 years of development and 170
previous public releases, we’re delighted to release Npcap 1.00! Some
products may start at version one or rush to get there, but we took our
time making sure Npcap was completely stable and ready for production use.
After all, driver crashes can take down your whole system. You may recall
that we started the Npcap project because Nmap needed a better way to send
and receive raw packets on Windows. WinPcap was great for its time, but
ceased development in 2013 and used a deprecated Windows API that never
worked well on Windows 10. We also wanted improved stability, performance,
and security.

While we created Npcap for Nmap, it turns out that many other projects and
companies had the same need. Wireshark switched to Npcap with their big
3.0.0 release last February, and Microsoft publicly recommends Npcap for
their Azure ATP (Advanced Threat Protection) product. We introduced the
Npcap OEM program allowing companies to license Npcap OEM for use within
their products (redistribution license: or for company-internal use with
commercial support and deployment automation (  This project that was expected
to be a drain on our resources (but worthwhile since it makes Nmap so much
better) is now helping to fund the Nmap project.  The Npcap OEM program has
also helped ensure Npcap’s stability by deploying it on some of the fastest
networks at some of the largest enterprises in the world.

Npcap 1.00 is now available for download from Even
though I failed to actually announce recent Npcap releases (we’ve made 15
in the last year), you can read about those dozens of performance
improvements, bug fixes, and feature enhancements at

I’d like to thank Daniel Miller (@bonsaiviking on Github and Twitter) for
doing most of the Npcap dev work in recent years, and Yang Luo (@hsluoyz)
for all of his help in the early years.

It turns out that Windows kernel development is hard work (LOL), so Npcap
has taken a huge amount of our time recently. We’ve made many Nmap
improvements in Github, but haven’t had a formal Nmap release since last
year’s Defcon. I’m happy to report that is about to change. We’re hoping to
finish a new Nmap release this week with all of the accumulated changes
plus of course Npcap 1.00!  And now that Npcap has proven itself extremely
stable, we are turning more of our attention to Nmap proper. Stay tuned!