 | 1 | initial version |
A process tree for Wireshark when capturing on Windows show that it uses dumpcap under the covers.
Man page here and an example in the User's Guide.
A couple videos on the topic:
https://www.networkcomputing.com/networking/wireshark-packet-capture-tshark-vs-dumpcap
At What Point Do Laptops Start Dropping Packets?
And a Sharkfest presentation
| | 2 | No.2 Revision |
A process tree for Wireshark when capturing on Windows show that it uses dumpcap under the covers.
Man page here and an example in the User's Guide.
Use dumpcap to perform the capture to a file then open in the Wireshark gui for analysis.
A couple videos on the topic:
https://www.networkcomputing.com/networking/wireshark-packet-capture-tshark-vs-dumpcap
At What Point Do Laptops Start Dropping Packets?
And a Sharkfest presentation
