Ask Your Question
0

How to capture the internal Ethernet data packets using npcap driver ?

asked 2019-08-27 08:01:29 +0000

Cvnsaikumar gravatar image

updated 2019-08-27 10:17:13 +0000

Jaap gravatar image

Hi,

We wrote one application to capture the Ethernet packets using npcap driver. We're able to capture the Ethernet packets which we are receiving from outside world, but not able to capture the packets which we are trying to send out using our property tools. We are able to see the both Tx/Rx packets on Wireshark

  • my question is how the Wireshark is able to capture the packets ?

  • is Wireshark using npcap or any other drives..?

  • if Wireshark using npcap driver, is there any additional requirements we need to do...?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-08-27 08:52:03 +0000

grahamb gravatar image

Wireshark uses a capture library to capture the network traffic, on Windows this was WinPcap for many years, but from Wireshark 3.0 onwards, npcap is used.

The Wireshark installer will install npcap unless the user opts to not to do so. In this case Wireshark will not be able to capture traffic, only load capture files obtained from elsewhere.

If your question is about using npcap with another application then you should use the npcap support system, noting the licence for npcap which restricts commercial use.

edit flag offensive delete link more

Comments

Note that Npcap's (and WinPcap's) API is pretty much the libpcap API.

You will need the Npcap SDK in order to write your own programs using Npcap.

Guy Harris gravatar imageGuy Harris ( 2019-08-27 18:30:16 +0000 )edit

we opts to not install the npcap while installing the Wireshark. but when we run the application with Wincap driver, my application was crashed. but still wireshark able to capture the packets. So after that we have installed the npcap driver, now application not crashing but unable to capture the packets and wireshark able to capture.

if i want to use Wincap driver, do we need any additional requirements..?

Cvnsaikumar gravatar imageCvnsaikumar ( 2019-08-28 07:09:30 +0000 )edit

To use WinPcap see the WinPcap website and use the WinPcap SDK. Note that WinPcap is obsolete and unsupported and does not support local loopback capture.

grahamb gravatar imagegrahamb ( 2019-08-28 09:48:01 +0000 )edit

Can we see the code in your application that makes pcap library calls? That code may be buggy.

Guy Harris gravatar imageGuy Harris ( 2019-08-28 10:54:06 +0000 )edit

Hi Guy Harris, I am using the following pcap API to capture the Ethernet packets.

pcap_open_live() - to open the port. pcap_findalldevs() - to list the available no.of adapters. pcap_sendpacket() - to transmit the eth packets. pcap_next_ex() - to receive the eth packets, this API we are calling periodically.

is there any additional APIs are there to use..?

Cvnsaikumar gravatar imageCvnsaikumar ( 2019-09-03 10:29:56 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-08-27 08:01:29 +0000

Seen: 886 times

Last updated: Aug 27 '19

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2