On Apr 1, 2014, at 12:20 AM, Vishnu Bhatt <vishnu.bhatt@xxxxxxxxxxx> wrote:
> Can somebody explain to me the exact difference between the above three? I read in the doc that wiretap is used to read .pcap or any other extn file and winpcap and libpcap are libraries used to capture packets in wireshark.
libpcap is a library for UN*X systems that:
1) supports capturing network packets, using the various very platform-dependent mechanisms for capturing packets on various UN*Xes, and providing a platform-independent API (so that a packet capture program can run on *BSD/OS X and on Linux and on Solaris and on HP-UX and on AIX and on Tru64 UNIX and on IRIX and so on);
2) supports reading pcap and, in libpcap 1.1 and later, pcap-ng files;
3) supports writing pcap filess.
WinPcap is a port of libpcap to Windows, supporting many of the same APIs (currently, there's no version of WinPcap based on the current version of libpcap, so some newer APIs aren't supported), so programs to capture packets, using the APIs supported by both, can run on various UN*Xes *and* Windows.
Wiretap is a library that's part of Wireshark, which supports reading a number of different packet capture files, including but not limited to pcap and pcap-ng files. It's not based on libpcap/WinPcap.
