Hi everyone,
We’re trying to install and run Suricata on Windows 11 without using NPCAP, because NPCAP now requires an OEM license for redistribution — which doesn’t fit our current use case.
We had previously used version 0.96 under the free license, but that version is no longer available on the NPCAP website.
As an alternative, we’d like to use WinDivert for packet capture and injection, as described in the official Suricata documentation:
16. Setting up IPS/inline for Windows — Suricata 8.0.1-dev documentation
However, during installation or runtime, Suricata still appears to require wpcap.dll, which suggests a dependency on WinPcap or NPCAP — both of which we’re specifically trying to avoid, since WinPcap is no longer maintained and the free version of NPCAP has been discontinued.
Following Suricata support team’s advice, we’re exploring the possibility of building Suricata from source using libpcap from MSYS2 instead of NPCAP, as shown in this GitHub CI example.
In the meantime, we might temporarily rely on Win10Pcap to provide a quick workaround, despite its limitations.
Has anyone here successfully built and run Suricata on Windows in a WinDivert-only setup, completely avoiding wpcap.dll?
Any additional suggestions, build flags, or packaging tips would be greatly appreciated.
Or has anyone found an alternative approach to fully removing the dependency on NPCAP?
Thanks in advance!
Best regards,
Rossella