First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

How to capture the internal Ethernet data packets using npcap driver ?

  • retag add tags

Hi,

We wrote one application to capture the Ethernet packets using npcap driver. We're able to capture the Ethernet packets which we are receiving from outside world, but not able to capture the packets which we are trying to send out using our property tools. We are able to see the both Tx/Rx packets on Wireshark

  • my question is how the Wireshark is able to capture the packets ?

  • is Wireshark using npcap or any other drives..?

  • if Wireshark using npcap driver, is there any additional requirements we need to do...?

Cvnsaikumar's avatar
1
Cvnsaikumar
asked 2019-08-27 08:01:29 +0000
Jaap's avatar
13.7k
Jaap
updated 2019-08-27 10:17:13 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Wireshark uses a capture library to capture the network traffic, on Windows this was WinPcap for many years, but from Wireshark 3.0 onwards, npcap is used.

The Wireshark installer will install npcap unless the user opts to not to do so. In this case Wireshark will not be able to capture traffic, only load capture files obtained from elsewhere.

If your question is about using npcap with another application then you should use the npcap support system, noting the licence for npcap which restricts commercial use.

grahamb's avatar
23.8k
grahamb
answered 2019-08-27 08:52:03 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Note that Npcap's (and WinPcap's) API is pretty much the libpcap API.

You will need the Npcap SDK in order to write your own programs using Npcap.

Guy Harris's avatar Guy Harris (2019-08-27 18:30:16 +0000) edit
more
  • delete

we opts to not install the npcap while installing the Wireshark. but when we run the application with Wincap driver, my application was crashed. but still wireshark able to capture the packets. So after that we have installed the npcap driver, now application not crashing but unable to capture the packets and wireshark able to capture.

if i want to use Wincap driver, do we need any additional requirements..?

Cvnsaikumar's avatar Cvnsaikumar (2019-08-28 07:09:30 +0000) edit
more
  • delete

To use WinPcap see the WinPcap website and use the WinPcap SDK. Note that WinPcap is obsolete and unsupported and does not support local loopback capture.

grahamb's avatar grahamb (2019-08-28 09:48:01 +0000) edit
more
  • delete

Can we see the code in your application that makes pcap library calls? That code may be buggy.

Guy Harris's avatar Guy Harris (2019-08-28 10:54:06 +0000) edit
more
  • delete

Hi Guy Harris, I am using the following pcap API to capture the Ethernet packets.

pcap_open_live() - to open the port. pcap_findalldevs() - to list the available no.of adapters. pcap_sendpacket() - to transmit the eth packets. pcap_next_ex() - to receive the eth packets, this API we are calling periodically.

is there any additional APIs are there to use..?

Cvnsaikumar's avatar Cvnsaikumar (2019-09-03 10:29:56 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer