Suricata - For getting clarity on Suricata dependency configuration

I am doing a POC with suricata. I need to monitor the network activity, detect the rule violations and prevent it. I tried to implement it in Windows. I extracted the suricata MSI and ran it by using the node script. When I ran the code I got a message The code execution cannot proceed because wpcap.dll was not found. Reinstalling the program may fix the issue.****. After some research, I installed a packet monitor Npcap and the suricata worked without any issues. I could simulate all my use cases; I tried the part of my POC.

Later I realized, the Npcap is not open source. After some research, I found some online responses like you can use pktmon and Rawcap instead of Npcap in Windows. I installed pktmon and Rawcap and uninstalled Npcap from my Windows machine. But I got the same issue, wpcap.dll was not found.

I have some doubts related to this

  1. Can we run the suricata without Npcap?
  2. If possible, is there any open-source package for the windows platform?
  3. If we can use Pktmon or Rawcap, how do we configure suricata?

Could you please help me to resolve this issue? I am looking forward to your reply.

Hi there,

In trying to answer this one:

From our GitHub CI workflows, I see two options that don’t seem to use Npcap:

[Disclaimer: I’m not a Windows user nor have I tried installing Suricata on it. ]

Curious: is there a reason why you don’t want to use Npcap?

is there a reason why you don’t want to use Npcap?

  • I noticed that Npcap have license to use. I am more interested in open source.