Wireshark · Wireshark-dev: Re: [Wireshark-dev] Newbie question about capture point

Wireshark-dev: Re: [Wireshark-dev] Newbie question about capture point

From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>

Date: Thu, 28 Jun 2007 16:06:47 -0700

wireshark doesn't actually capture the packets on its own. It uses WinPcap to capture the packets from the stack.

WinPcap is implemented as an NDIS protocol driver, so it works in parallel with other protocols like TCP/IP. Things are a bit more complex when it comes to VPNs and dialup adapters.

I hope this answers your questions.

Have a nice day

----- Original Message -----

From: Gajan Nadarajan

To: wireshark-dev@xxxxxxxxxxxxx

Sent: Thursday, June 28, 2007 1:43 PM

Subject: [Wireshark-dev] Newbie question about capture point

Hello,

I was wondering where exactly does wireshark capture eth packets or frames on the windows stack( or somwhere on NDIS)?

Would it be before it reaches the device driver?

Thank you.

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev

References:
- [Wireshark-dev] Newbie question about capture point
  - From: Gajan Nadarajan

Prev by Date: [Wireshark-dev] Newbie question about capture point
Next by Date: [Wireshark-dev] 0.99.6 release postponed
Previous by thread: [Wireshark-dev] Newbie question about capture point
Next by thread: [Wireshark-dev] 0.99.6 release postponed
Index(es):
- Date
- Thread