Ask Your Question
0

What is the position of WinPcap within a Windows server 2016 network stack?

asked 2018-08-27 10:20:07 +0000

GPT gravatar image

updated 2018-08-27 14:34:33 +0000

Jaap gravatar image

Is it possible for an outbound packet to be captured in Wireshark, but then be dumped by other software (eg firewall, antivirus) before it reaches the transmit queue of the network card?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-27 14:39:23 +0000

Jaap gravatar image

updated 2018-08-27 18:21:07 +0000

Yes, that is possible. The paper An Architecture for High Performance Network Analysis goes into details, but the TL;DR is that this is an NDIS5 driver, while an NDIS6 driver is a more modern and appropriate capture driver. That is where Npcap steps in, a newly engineered NDIS6 replacement for WinPcap.

edit flag offensive delete link more

Comments

I see that Npcap is not yet stable enough for general deployment - I do look forward to it being deployed then.

Thanks

GPT gravatar imageGPT ( 2018-08-27 14:48:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-27 10:20:07 +0000

Seen: 932 times

Last updated: Aug 27 '18