Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

what library is used by WireShark to capture Wi-Fi ? Is it Airpcap ? Npcap ? Another one ? Is it fully integrated or installed separately (like a .dll in /system32/) ?

On UN*X, Wireshark uses libpcap to do capturing, whether on Wi-Fi or non-Wi-Fi adapters; on Windows, it can use WinPcap or Npcap, whether on Wi-Fi or non-Wi-Fi adapters.

On UN*X, libpcap runs atop the OS's packet capture mechanism, which is what does the work.

On Windows, libpcap runs atop WinPcap's or Npcap's library and driver, if you're capturing on a regular network interface; it runs atop AirPcap, if you're capturing on an AirPcap adapter.

On UN*X, libpcap is usually a dynamically linked shared library. On most OSes (Linux, *BSD, macOS, Solaris 11 and later, AIX), it's usually supplied as part of the operating system, although somebody could build it from source (if they want a newer version than what's supplied with the operating system) and compile Wireshark themselves, linking with their own version. On other UN*Xes, the user would have to compile and install libpcap themselves - but they'd probably have to do that with Wireshark, as well. In all of those cases, it's not part of Wireshark, it's either part of the OS or something installed by whoever compiled and installed it.

On Windows, you're probably using the libpcap that comes with WinPcap or Npcap. That's not shipped as part of the OS, so it's not "fully integrated" with the OS. Wireshark happens to bundle an installer for WinPcap (in older versions) or Npcap (in current versions), but that doesn't make it "fully integrated" with Wireshark - it's just bundled; we aren't responsible for building WinPcap/Npcap or its installer.