Wireshark · Ethereal-dev: Re: [Ethereal-dev] Dynamic support for other capture drivers....

[Guy Harris <guy@xxxxxxxxxxxx>]

On Sep 9, 2003, at 8:45 AM, Steve Erickson wrote:

> I am working on a project which includes a driver which intercepts 
> packets
> on Windows systems. We would like to provide the ability for our 
> driver to
> act as the packet capture driver for Ethereal on Windows platforms. 
> Does
> Ethereal for Windows support the concept of using capture drivers 
> other than
> WinPcap?

No.

However, the current CVS version of libpcap has some support for the 
concept of using capture mechanisms other than the one that captures on 
network interfaces known to the native networking stack.  The only 
mechanism currently plugged in for that is the DAG library from Endace 
Measurement Systems, for capturing on their passive-capture devices, 
and the support for opening those devices and enumerating them is only 
in the Linux and BPF "capture open" routines, but there's no reason why 
it couldn't be extended to support other platforms and other additional 
capture mechanisms as well.

Current WinPcap releases aren't yet based on that version of libpcap, 
but they should pick that up eventually.