Windows Packet Capture (WinPcap)
WinPcap is the Windows version of the libpcap library; it includes a driver to support capturing packets.
Wireshark uses this library to capture live network data on Windows.
See CaptureSetup/CapturePrivileges for information about using the WinPcap driver with Wireshark.
General information about the WinPcap project can be found at the WinPcap web site.
The libpcap/WinPcap file format description can be found at: Development/LibpcapFileFormat
We strongly recommend that you use version 4.1.2 or 3.1. Some annoying bugs are fixed in these versions!
See the "Add or Remove Programs" list of the "Control Panel" for the installed version.
Latest Stable Release: 4.1.2
The current WinPcap release version is 4.1.2. The 4.1.x versions contain the following improvements:
- Support for Windows XP, Vista, 2008, Win7 and 2008R2 64 bit
- Allows remote capture to work with Wireshark
- Based on libpcap 1.0
WinPcap 4.x does not support Windows 3.1, 95, 98, or ME.
Previous Stable Release: 3.1
This version contains substantial bug fixes and extensions above the 3.0 release:
- based on libpcap 0.9.3, with many fixes and extensions above the older version
- dial-up connections (e.g. PPP) can be captured on Windows 2000, Windows XP, and Windows Server 2003, as well as Windows 95, Windows 98, and Windows Me, which were supported by previous releases
- "can't get a list of interfaces" error fixed
See the change log for WinPcap for a more complete list (although some of those bugs might be bugs in older 3.1 betas rather than in 3.0).
The Wireshark installer will copy the WinPcap installer and call it, so you get installation done "all in one place". This is the same WinPcap installer that you can get from WinPcap's download page.
However, you might need to install WinPcap by the standalone installer, if you want to try the latest alpha/beta, or there might even be a new WinPcap release version available.
The User's Guide Installing Wireshark under Windows page will also describe how to install WinPcap.
You'll find complete information about this topic at WinPcap FAQ #14.
Vista (aka Longhorn)
Works except for capturing on PPP/WAN interfaces. See: WinPcap FAQ #28.
XP 64 bit
Works except for capturing on PPP/WAN interfaces. See: WinPcap FAQ #14.
Laurent Rabret mentioned (if it's not working with WinPcap): "There's a workaround. You should be able to use the "netcap" application (on the support tools of the Windows XP CD-ROM http://support.microsoft.com/?id=310875 ) With netcap, it's possible to record network traffic in a file Wireshark can handle. Therefore, it's a 2 steps process but it's better than nothing!"