You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On Windows, Npcap's DiagReport.bat starts by running the command "net session" and assumes any error from this requires that it asks the OS to rerun it as an Administrator.
This has two fatal flaws:
If "net session" fails for any other reason, "DiagReport.bat" will relaunch itself as administrator in an infinite recursive loop, essentially DOS-ing the shell and window manager, as each relaunch pops up a console window on top of all regular windows, stealing keyboard focus away from any attempts to kill the madness other than an external power off. (Test note: The runaway happens once it is already running as administrator, as there will be no further UAC prompt).
At least on Windows 8.1, if the SMB server service named "LanmanServer" or just "Server" is stopped (as a general OS hardening measure), "net session" will fail with an explicit error message to this effect, triggering this npcap bug.
Manual workaround:
Step 0: If already runaway, log off or power off the computer.
Step 1: Convert DiagReport.bat from LF to CRLF format.
Step 2: Comment out the line "net session >nul 2>&1" near the top of the file.
Step 3: Manually run DiagReport.bat as Administrator ("elevated").
Thanks for reporting this! I'll investigate alternatives. This article seems to be a well-researched discussion of the topic of detecting elevated privileges: https://www.robvanderwoude.com/battech_elevation.php
Ended up using the whoami /Groups method to check for SID S-1-16-12288, high integrity level, which works from Vista onwards. Npcap is not supported on systems older than Windows Vista.
On Windows, Npcap's DiagReport.bat starts by running the command "net session" and assumes any error from this requires that it asks the OS to rerun it as an Administrator.
This has two fatal flaws:
If "net session" fails for any other reason, "DiagReport.bat" will relaunch itself as administrator in an infinite recursive loop, essentially DOS-ing the shell and window manager, as each relaunch pops up a console window on top of all regular windows, stealing keyboard focus away from any attempts to kill the madness other than an external power off. (Test note: The runaway happens once it is already running as administrator, as there will be no further UAC prompt).
At least on Windows 8.1, if the SMB server service named "LanmanServer" or just "Server" is stopped (as a general OS hardening measure), "net session" will fail with an explicit error message to this effect, triggering this npcap bug.
Manual workaround:
Step 0: If already runaway, log off or power off the computer.
Step 1: Convert DiagReport.bat from LF to CRLF format.
Step 2: Comment out the line "net session >nul 2>&1" near the top of the file.
Step 3: Manually run DiagReport.bat as Administrator ("elevated").
This was seen in WireShark bundled Npcap 0.995, 64 bit. As of today, the broken code is still at https://github.com/nmap/npcap/blob/master/installer/DiagReport.bat
The text was updated successfully, but these errors were encountered: