Ask Your Question

Does Wireshark on Windows rely on Npcap and Winpap for all remote pcap functionality?

asked 2024-03-23 23:11:48 +0000

cuuld gravatar image

Just wanted some confirmation. I was discussing some aspects of Npcap in this thread

and the author mentioned

Wireshark have its own rpcap imlimentation it does not use libpcap or npcap for remote capture.

is that statement true or a mistaken assumption?

If true, I'd be curious why rpcap functionality for Wireshark isn't dependent on npcap or libpcap on Windows but does on other OS platforms (why we don't see Wireshark support for rpcap on those platforms without custom compiling with libpcap built with remote capture support)

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2024-03-24 01:58:23 +0000

Guy Harris gravatar image

is that statement true or a mistaken assumption?

It is 100% mistaken. I've added comments to that GitHub issue pointing out that Wireshark uses WinPcap/Npcap APIs to do remote capture on Windows (those are libpcap APIs, so the same code does remote capture on UN*Xes if built with a libpcap that supports remote capture).

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2024-03-23 23:11:48 +0000

Seen: 244 times

Last updated: Mar 24