Ask Your Question
0

What is the position of WinPcap within a Windows server 2016 network stack?

asked 2018-08-27 10:20:07 +0000

GPT gravatar image

updated 2018-08-27 14:34:33 +0000

Jaap gravatar image

Is it possible for an outbound packet to be captured in Wireshark, but then be dumped by other software (eg firewall, antivirus) before it reaches the transmit queue of the network card?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-08-27 14:39:23 +0000

Jaap gravatar image

updated 2018-08-27 18:21:07 +0000

Yes, that is possible. The paper An Architecture for High Performance Network Analysis goes into details, but the TL;DR is that this is an NDIS5 driver, while an NDIS6 driver is a more modern and appropriate capture driver. That is where Npcap steps in, a newly engineered NDIS6 replacement for WinPcap.

edit flag offensive delete link more

Comments

I see that Npcap is not yet stable enough for general deployment - I do look forward to it being deployed then.

Thanks

GPT gravatar imageGPT ( 2018-08-27 14:48:12 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-08-27 10:20:07 +0000

Seen: 931 times

Last updated: Aug 27 '18

Related questions

How can I resolve the issue of not being able to see my computer interfaces?

when I open WS it does not show any interfaces, why?

MDaemon Windows Server SSL Certificates

tshark or dumpcap affecting RDP session on Windows Server 2012R2

How can I use pfSense to capture packets and forward all traffic to the nic on a VM?

Wireshark 2.4.1 GTK Crash on long run

wifi disconnects as wireshark starts

How do I fix "WinPcap will not install" problem?

what determines the final windows scaling factor?

Monitoring UDP data on wireshark shows ARP packet