what version of winpcap for wireshark 2.2.0 for win10 should be installed ? or wireshark alone 2.2.0 is enough to run and capture packet on win10 ? http://www.winpcap.org/install/default.htm the above link says winpcap 4.1.3 does not support win 10 . please advice. asked 09 Sep '16, 11:51 inergi |
2 Answers:
I'll just post this as answer so it's clearer to anyone coming to the question the first time. The version of WinPCap (4.1.3) incorporated in the Wireshark 2.2.x installers runs perfectly well on all Windows OS's supported by Wireshark itself, there are no difference in capabilities running on Windows 10 as opposed to Windows Vista. Npcap is a replacement for WinPcap sponsored and run by the Nmap project that works at the NDIS 6 level as opposed to the NDIS 5 level of WinPcap, so has different capabilities. Npcap is in the current beta of nmap so is starting to get wider exposure. When it is judged that Npcap has reached sufficient stability, Wireshark is likely to incorporate it in the Wireshark installers, the next opportunity to do so is likely to be in the 2.4.x release. Current versions of Wireshark can use Npcap if it's installed in WinPcap "compatibility" mode and the Wireshark installer will detect this and not install WinPcap. answered 10 Sep '16, 03:37 grahamb ♦ edited 10 Sep '16, 03:39 sindy |
Use npcap instead. answered 09 Sep '16, 12:58 sindy Note that Npcap still has some stability issues, that are being resolved when reported. So it cannot be considered as stavle as WinPcap yet. WinPcap is known to work on Windows 10 but Npcap might be more performance (due to the use of NDIS6 versus NDIS5) and for sure allows to capture on some interfaces not seen by WinPcap. (09 Sep '16, 13:12) Pascal Quantin Well, I guess my answer was way too brief. There is also the dark side of it: while NPcap can capture on some interfaces not seen by WinPcap, it can not capture on some interfaces on which WinPcap can. In particular, it is possible to set up a software bridge between two NICs on a single machine and capture the transit traffic on one of them using WinPcap, but NPcap stops seeing an interface as soon as it becomes part of a bridge and can capture only on the virtual NIC representing the bridge into the machine, which the transit traffic doesn't reach. (09 Sep '16, 13:20) sindy I am curious if Wireshark developers are planning to include npcap into the installer package once it is deemed stable. (09 Sep '16, 20:19) Rooster_50 |
Noté that Wireshark 2.2 (just released) also supports Npcap installed without compatibility mode. If both WinPcap and Npcap (without WinPcap compatibility mode) are installed, it will pick WinPcap.