Windows Packet Capture

Npcap and WinPcap are Windows versions of the libpcap library. One of them must be installed in order to capture live network traffic on Windows.

The Wireshark installer from 3.0 onwards includes Npcap, where versions before include WinPcap.
Even with the older Wireshark versions Npcap might work better for you, especially if you run Windows 10.
Npcap has a Yes/No comparison chart - Npcap or WinPcap?

See CaptureSetup/CapturePrivileges for information about using Npcap and WinPcap with Wireshark.

The libpcap/WinPcap file format description can be found at: Development/LibpcapFileFormat

Npcap Versions

Npcap gets regular bug fixes and upgrades on its own release schedule, which means the version bundled with the Wireshark installer may not be the latest. Please use an updated version when possible.

See the "Add or Remove Programs" list of the "Control Panel" for the installed version.

WinPcap Versions

warning We strongly recommend that you use version 4.1.3 or 3.1. Some annoying bugs are fixed in these versions!

See the "Add or Remove Programs" list of the "Control Panel" for the installed version.

Latest Stable Release: 4.1.3

The current and last WinPcap release version is 4.1.3. The 4.1.x versions contain the following improvements:

  • Support for Windows XP, Vista, 2008, Windows 7, 2008R2 64 bit, Windows 8 and Server 2012
  • Allows remote capture to work with Wireshark
  • Based on libpcap 1.0

WinPcap 4.x does not support Windows 3.1, 95, 98, or ME.

Previous Stable Release: 3.1

This version contains substantial bug fixes and extensions above the 3.0 release:

  • based on libpcap 0.9.3, with many fixes and extensions above the older version
  • dial-up connections (e.g. PPP) can be captured on Windows 2000, Windows XP, and Windows Server 2003, as well as Windows 95, Windows 98, and Windows Me, which were supported by previous releases
  • "can't get a list of interfaces" error fixed

See the change log for WinPcap for a more complete list (although some of those bugs might be bugs in older 3.1 betas rather than in 3.0).

Installation

The Wireshark installer will copy the WinPcap installer and call it, so you get installation done "all in one place". This is the same WinPcap installer that you can get from WinPcap's download page.

However, you might need to install WinPcap by the standalone installer, if you want to try the latest alpha/beta, or there might even be a new WinPcap release version available.

The User's Guide Installing Wireshark under Windows page will also describe how to install WinPcap.

Windows Versions

You'll find complete information about this topic at WinPcap FAQ #14.


Imported from https://wiki.wireshark.org/WinPcap on 2020-08-11 23:27:29 UTC