Wireshark-users: Re: [Wireshark-users] Wireshark Windows installer no longer redistributable?

From: Gordon Fyodor Lyon <gordon@xxxxxxxx>
Date: Mon, 11 Mar 2019 14:15:55 -0700

On Mon, Mar 11, 2019 at 11:24 AM Laurence Perkins <lperkins@xxxxxxxxxxx> wrote:

So I notice with version 3 that wireshark now bundles npcap instead of winpcap.  From a technical point of view this makes a lot of sense since npcap is actually maintained and has a better feature set. But I notice that the npcap license forbids redistribution without special dispensation.

Hi Laurence.  I'm glad you like Npcap, and thanks for raising this important issue.  I run the Nmap and Npcap Projects and will try to explain the current licensing situation.

First of all, we at the Nmap project are huge Wireshark fans.  In fact we had a user vote and Wireshark won as the #1 security tool (https://sectools.org/)!  So we're very happy to throw all the support we can behind Wireshark, and we're delighted to see our Npcap packet capturing driver/library proving useful for Wireshark users.  We already changed the Npcap license to better accommodate Wireshark (e.g. removing the usage limit) and we're receptive to other ideas for helping Wireshark/Npcap integration that don't threaten the financial health of the Npcap Project itself.

Our main project is the Nmap Security Scanner (https://nmap.org/), which recently turned 21 years old.  During most of that time we were happy users of WinPcap.  But then WinPcap became unmaintained and we had increasing concerns about security, stability, and WinPcap's use of deprecated Windows API's that MS could remove at any time.  Still, we had no desire to get into Windows device driver programming and we waited years hoping that someone else would step up and fix the issues.  That didn't happen, so we took a deep breath and dived in and have spent the last several years creating Npcap (https://npcap.org).  We have been shipping it with Nmap since 2016 and we're approaching our big 1.0 release.  The latest version is 0.99-r9, which now ships with Wireshark 3.

While we're really proud of where Npcap is now, it hasn't come cheaply.  I've personally spent hundreds of thousands of dollars hiring programmers to help make this happen.  That isn't financially sustainable, and I don't want Npcap to go the way of WinPcap and WinPcap Pro.  So the goal is for the Npcap Project to at least break even financially by spreading the development and maintenance cost among those who benefit from it.  This especially includes companies who want to redistribute Npcap as part of the products that they sell.

While we did grant a waiver so the Wireshark Project (Riverbed) and their official mirrors can redistribute Npcap with Wireshark, you are correct that the waiver does not allow everyone to externally redistribute Npcap with Wireshark.  We (Npcap Project) are concerned that such a waiver could open a loophole allowing companies who couldn't normally redistribute Npcap without buying a license to simply redistribute the whole Wireshark+Npcap installer with their product instead and use Npcap that way.   We're also worried about malware authors and other sleazebags to whom we'd never grant a license using this loophole to redistribute Npcap.  Besides being terrible on its own, malware using Npcap could lead to our EV codesigning certificate being blacklisted.  Of course straight-up criminals don't care what our license says, but some sleazebags who purport to be legitimate do.  Remember when Download.com and SourceForge tried adding adware/malware to the Wireshark and Nmap installers?

Please note that Npcap's redistribution limits only apply to external redistribution.  You can still download Npcap (or WinPcap+Npcap) and install it on multiple machines at your organization.  Though for big organizations who want to roll out Npcap on a lot of machines, we recommend our Npcap OEM product which includes a silent installer. See https://nmap.org/npcap/#License.

Also, the Npcap license of course only applies to Wireshark installers that actually bundle Npcap.  The Wireshark project or any user is welcome to build and redistribute a Wireshark installer which doesn't include Npcap and then do whatever they want with it (subject to Wireshark's own license, of course).

Also, we're happy to look at cases where the redistribution limitation is causing pain.  If you have a case where you really need to redistribute Wireshark+Npcap, send me an email.  We can consider individual waivers on a case by case basis, and we are also open to structural/license changes where they solve an important and common need without posing much risk to Npcap's financial sustainability goal.

For what it's worth, Nmap has been shipping with Npcap since 2016 and so the redistribution rule also applies to our Nmap Windows Self-Installer.  While we did worry about that at first, it has not actually proved to be much of a problem in practice.  Users should almost always download Nmap or Wireshark directly from the source anyway so they get the very latest version and avoid accidentally downloading trojans from shady redistributors like Download.com.

Sorry for the long mail, but I hope this helps clarify things.

Sincerely,
Gordon "Fyodor" Lyon