Re: Difference between wiretap, winpcap and libpcap

[Guy Harris <guy () alum mit edu>]

On Apr 1, 2014, at 12:20 AM, Vishnu Bhatt <vishnu.bhatt () aricent com> wrote:

> Can somebody explain to me the exact difference between the above three? I read in the doc that wiretap is used to 
> read .pcap or any other extn file and winpcap and libpcap are libraries used to capture packets in wireshark.

libpcap is a library for UN*X systems that:

        1) supports capturing network packets, using the various very platform-dependent mechanisms for capturing 
packets on various UN*Xes, and providing a platform-independent API (so that a packet capture program can run on 
*BSD/OS X and on Linux and on Solaris and on HP-UX and on AIX and on Tru64 UNIX and on IRIX and so on);

        2) supports reading pcap and, in libpcap 1.1 and later, pcap-ng files;

        3) supports writing pcap filess.

WinPcap is a port of libpcap to Windows, supporting many of the same APIs (currently, there's no version of WinPcap 
based on the current version of libpcap, so some newer APIs aren't supported), so programs to capture packets, using 
the APIs supported by both, can run on various UN*Xes *and* Windows.

Wiretap is a library that's part of Wireshark, which supports reading a number of different packet capture files, 
including but not limited to pcap and pcap-ng files.  It's not based on libpcap/WinPcap.
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe