On Apr 1, 2014, at 12:20 AM, Vishnu Bhatt <[email protected]> wrote:
> Can somebody explain to me the exact difference between the above three? I
> read in the doc that wiretap is used to read .pcap or any other extn file and
> winpcap and libpcap are libraries used to capture packets in wireshark.
libpcap is a library for UN*X systems that:
1) supports capturing network packets, using the various very
platform-dependent mechanisms for capturing packets on various UN*Xes, and
providing a platform-independent API (so that a packet capture program can run
on *BSD/OS X and on Linux and on Solaris and on HP-UX and on AIX and on Tru64
UNIX and on IRIX and so on);
2) supports reading pcap and, in libpcap 1.1 and later, pcap-ng files;
3) supports writing pcap filess.
WinPcap is a port of libpcap to Windows, supporting many of the same APIs
(currently, there's no version of WinPcap based on the current version of
libpcap, so some newer APIs aren't supported), so programs to capture packets,
using the APIs supported by both, can run on various UN*Xes *and* Windows.
Wiretap is a library that's part of Wireshark, which supports reading a number
of different packet capture files, including but not limited to pcap and
pcap-ng files. It's not based on libpcap/WinPcap.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <[email protected]>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:[email protected]?subject=unsubscribe
