Suricata - For getting clarity on Suricata dependency configuration

Hi
I am doing a POC with suricata. I need to monitor the network activity, detect the rule violations and prevent it. I tried to implement it in Windows. I extracted the suricata MSI and ran it by using the node script. When I ran the code I got a message The code execution cannot proceed because wpcap.dll was not found. Reinstalling the program may fix the issue.****. After some research, I installed a packet monitor Npcap and the suricata worked without any issues. I could simulate all my use cases; I tried the part of my POC.

Later I realized, the Npcap is not open source. After some research, I found some online responses like you can use pktmon and Rawcap instead of Npcap in Windows. I installed pktmon and Rawcap and uninstalled Npcap from my Windows machine. But I got the same issue, wpcap.dll was not found.

I have some doubts related to this

1. Can we run the suricata without Npcap?
2. If possible, is there any open-source package for the windows platform?
3. If we can use Pktmon or Rawcap, how do we configure suricata?

Could you please help me to resolve this issue? I am looking forward to your reply.

Hi there,

In trying to answer this one:

From our GitHub CI workflows, I see two options that don’t seem to use Npcap:

• With LibPcap: suricata/.github/workflows/builds.yml at master · OISF/suricata · GitHub
• With WinDivert: suricata/.github/workflows/builds.yml at master · OISF/suricata · GitHub

[Disclaimer: I’m not a Windows user nor have I tried installing Suricata on it. ]

Curious: is there a reason why you don’t want to use Npcap?

is there a reason why you don’t want to use Npcap?

• I noticed that Npcap have license to use. I am more interested in open source.