Windows Packet Capture (WinPcap)

WinPcap is the Windows version of the libpcap library; it includes a driver to support capturing packets.

Wireshark uses this library to capture live network data on Windows.

See CaptureSetup/CapturePrivileges for information about using the WinPcap driver with Wireshark.

General information about the WinPcap project can be found at the WinPcap web site.

The libpcap/WinPcap file format description can be found at: Development/LibpcapFileFormat

WinPcap Versions

/!\ We strongly recommend that you use version 4.1.2 or 3.1. Some annoying bugs are fixed in these versions!

See the "Add or Remove Programs" list of the "Control Panel" for the installed version.

Latest Stable Release: 4.1.2

The current WinPcap release version is 4.1.2. The 4.1.x versions contain the following improvements:

WinPcap 4.x does not support Windows 3.1, 95, 98, or ME.

Previous Stable Release: 3.1

This version contains substantial bug fixes and extensions above the 3.0 release:

See the change log for WinPcap for a more complete list (although some of those bugs might be bugs in older 3.1 betas rather than in 3.0).

Installation

The Wireshark installer will copy the WinPcap installer and call it, so you get installation done "all in one place". This is the same WinPcap installer that you can get from WinPcap's download page.

However, you might need to install WinPcap by the standalone installer, if you want to try the latest alpha/beta, or there might even be a new WinPcap release version available.

The User's Guide Installing Wireshark under Windows page will also describe how to install WinPcap.

Windows Versions

You'll find complete information about this topic at WinPcap FAQ #14.

Vista (aka Longhorn)

Works except for capturing on PPP/WAN interfaces. See: WinPcap FAQ #28.

XP 64 bit

Works except for capturing on PPP/WAN interfaces. See: WinPcap FAQ #14.

Laurent Rabret mentioned (if it's not working with WinPcap): "There's a workaround. You should be able to use the "netcap" application (on the support tools of the Windows XP CD-ROM http://support.microsoft.com/?id=310875 ) With netcap, it's possible to record network traffic in a file Wireshark can handle. Therefore, it's a 2 steps process but it's better than nothing!"

WinPcap (last edited 2013-03-08 19:02:36 by Alexey Nikitinsky)