Re: Difference between wiretap, winpcap and libpcap

["Tyson Key" <tyson.key () gmail com>]

Hi Vishnu,

WinPCap is effectively an external "branch" (not sure if "fork" is the correct term, since the devs track upstream 
libpcap) of the libpcap library (which is designed to abstract the packet capturing APIs of at least various UNIXesque 
OSes, and also MS-DOS) for 32-bit, and 64-bit Windows.

Wiretap is Wireshark's abstraction layer for interfacing with libpcap/WinPCap, and various other capturing mechanisms, 
as well as parsing various file formats. It also contains infrastructure for discriminating against protocol payload 
types.

To support privilege separation, a shim binary (dumpcap) is used to actually perform capturing.

I hope that explanation is accurate, and makes sense.

Tyson.
-----Original Message-----
From: Vishnu Bhatt <vishnu.bhatt () aricent com>
Sender: wireshark-dev-bounces@wireshark.orgDate: Tue, 1 Apr 2014 12:50:12 
To: wireshark-dev () wireshark org<wireshark-dev () wireshark org>
Reply-To: Developer support list for Wireshark <wireshark-dev () wireshark org>
Subject: [Wireshark-dev] Difference between wiretap, winpcap and libpcap

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe