Wireshark-dev: Re: [Wireshark-dev] Difference between wiretap, winpcap and libpcap
Hi Vishnu,
WinPCap is effectively an external "branch" (not sure if "fork" is the correct term, since the devs track upstream libpcap) of the libpcap library (which is designed to abstract the packet capturing APIs of at least various UNIXesque OSes, and also MS-DOS) for 32-bit, and 64-bit Windows.
Wiretap is Wireshark's abstraction layer for interfacing with libpcap/WinPCap, and various other capturing mechanisms, as well as parsing various file formats. It also contains infrastructure for discriminating against protocol payload types.
To support privilege separation, a shim binary (dumpcap) is used to actually perform capturing.
I hope that explanation is accurate, and makes sense.
Tyson.
-----Original Message-----
From: Vishnu Bhatt <vishnu.bhatt@xxxxxxxxxxx>
Sender: wireshark-dev-bounces@wireshark.orgDate: Tue, 1 Apr 2014 12:50:12
To: wireshark-dev@xxxxxxxxxxxxx<wireshark-dev@xxxxxxxxxxxxx>
Reply-To: Developer support list for Wireshark <wireshark-dev@xxxxxxxxxxxxx>
Subject: [Wireshark-dev] Difference between wiretap, winpcap and libpcap
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe