Does Wireshark on Windows rely on Npcap and Winpap for all remote pcap functionality?

asked 2024-03-23

cuuld

Just wanted some confirmation. I was discussing some aspects of Npcap in this thread

and the author mentioned

Wireshark have its own rpcap imlimentation it does not use libpcap or npcap for remote capture.

is that statement true or a mistaken assumption?

If true, I'd be curious why rpcap functionality for Wireshark isn't dependent on npcap or libpcap on Windows but does on other OS platforms (why we don't see Wireshark support for rpcap on those platforms without custom compiling with libpcap built with remote capture support)

answered 2024-03-24

Guy Harris

is that statement true or a mistaken assumption?

It is 100% mistaken. I've added comments to that GitHub issue pointing out that Wireshark uses WinPcap/Npcap APIs to do remote capture on Windows (those are libpcap APIs, so the same code does remote capture on UN*Xes if built with a libpcap that supports remote capture).

Asked: 2024-03-23 23:11:48 +0000

Seen: 244 times

Last updated: Mar 24