Capture engines

- To effectively capture and analyze traffic,…there must be a way to gather…the raw traffic from the network.…A packet capture, or PCAP, engine provides…an application programming interface to capture traffic.…Wireshark uses one of several capture engines,…libpcap, WinPcap, AirPcap, and Npcap.…Libpcap is a capture engine originally developed…for Unix-like operating systems,…and it's baked right into Snort, tcpdump, WinDump,…and other packet analyzers to grab packets…as they come off the network interface.…

A version of libpcap was adapted…for Windows, and is called WinPcap.…WinPcap is an industry standard…that has been around for many years.…It works well in a Windows environment,…specifically the Windows NT family.…WinPcap enables packet capture right from…a network interface, and presents it to Wireshark…before any processing is done by the operating system.…

WinPcap must be installed on…a Windows operating system to capture packets.…During the installation process,…Wireshark will look for a copy of WinPcap,…and prompt the user to install it if it's not present.…