Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] Difference between wiretap, winpcap and libpcap

From: "Tyson Key" <tyson.key@xxxxxxxxx>
Date: Tue, 1 Apr 2014 07:33:39 +0000
Hi Vishnu,

WinPCap is effectively an external "branch" (not sure if "fork" is the correct term, since the devs track upstream libpcap) of the libpcap library (which is designed to abstract the packet capturing APIs of at least various UNIXesque OSes, and also MS-DOS) for 32-bit, and 64-bit Windows.

Wiretap is Wireshark's abstraction layer for interfacing with libpcap/WinPCap, and various other capturing mechanisms, as well as parsing various file formats. It also contains infrastructure for discriminating against protocol payload types.

To support privilege separation, a shim binary (dumpcap) is used to actually perform capturing.

I hope that explanation is accurate, and makes sense.

Tyson.
-----Original Message-----
From: Vishnu Bhatt <vishnu.bhatt@xxxxxxxxxxx>
Sender: [email protected]: Tue, 1 Apr 2014 12:50:12 
To: wireshark-dev@xxxxxxxxxxxxx<wireshark-dev@xxxxxxxxxxxxx>
Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: [Wireshark-dev] Difference between wiretap, winpcap and libpcap

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe