does anybody know if there is traffic that Wireshak can`t capture, I mean, you don't see this traffic in the program.
asked 18 Feb '15, 13:02
Wireshark can't capture anything....
It uses dumpcap to do the capture for it. How does dumpcap do it? Well, it uses the libpcap library (as applicable for the platform) capabilities to capture traffic.
How does libpcap do it? As said, depending on the platform, it latches on to the network stack and gets its packets from there. This means NDIS5 on Windows, it means (ever more capable) (packet) socket on Un*x like platforms, etc.
So, any traffic that is not passing via a path that libpcap can latch on to cannot be captured.
answered 19 Feb '15, 04:13