Wireshark-dev: Re: [Wireshark-dev] Newbie question about capture point

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Gianluca Varenni" <gianluca.varenni@xxxxxxxxxxxx>
Date: Thu, 28 Jun 2007 16:06:47 -0700
wireshark doesn't actually capture the packets on its own. It uses WinPcap to capture the packets from the stack.
 
WinPcap is implemented as an NDIS protocol driver, so it works in parallel with other protocols like TCP/IP. Things are a bit more complex when it comes to VPNs and dialup adapters.
 
I hope this answers your questions.
 
Have a nice day
GV
 
 
----- Original Message -----
Sent: Thursday, June 28, 2007 1:43 PM
Subject: [Wireshark-dev] Newbie question about capture point

Hello,

I was wondering where exactly does wireshark capture eth packets or frames on the windows stack( or somwhere on NDIS)?

Would it be before it reaches the device driver?

Thank you.

_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev