This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

what version of winpcap for wireshark 2.2.0 for win10 should be installed ?

or wireshark alone 2.2.0 is enough to run and capture packet on win10 ?

http://www.winpcap.org/install/default.htm

the above link says winpcap 4.1.3 does not support win 10 .

please advice.

asked 09 Sep '16, 11:51

inergi's gravatar image

inergi
6223
accept rate: 0%


I'll just post this as answer so it's clearer to anyone coming to the question the first time.

The version of WinPCap (4.1.3) incorporated in the Wireshark 2.2.x installers runs perfectly well on all Windows OS's supported by Wireshark itself, there are no difference in capabilities running on Windows 10 as opposed to Windows Vista.

Npcap is a replacement for WinPcap sponsored and run by the Nmap project that works at the NDIS 6 level as opposed to the NDIS 5 level of WinPcap, so has different capabilities. Npcap is in the current beta of nmap so is starting to get wider exposure. When it is judged that Npcap has reached sufficient stability, Wireshark is likely to incorporate it in the Wireshark installers, the next opportunity to do so is likely to be in the 2.4.x release.

Current versions of Wireshark can use Npcap if it's installed in WinPcap "compatibility" mode and the Wireshark installer will detect this and not install WinPcap.

permanent link

answered 10 Sep '16, 03:37

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

edited 10 Sep '16, 03:39

sindy's gravatar image

sindy
6.0k4851

Noté that Wireshark 2.2 (just released) also supports Npcap installed without compatibility mode. If both WinPcap and Npcap (without WinPcap compatibility mode) are installed, it will pick WinPcap.

(10 Sep '16, 05:00) Pascal Quantin

Use npcap instead.

permanent link

answered 09 Sep '16, 12:58

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

Note that Npcap still has some stability issues, that are being resolved when reported. So it cannot be considered as stavle as WinPcap yet. WinPcap is known to work on Windows 10 but Npcap might be more performance (due to the use of NDIS6 versus NDIS5) and for sure allows to capture on some interfaces not seen by WinPcap.

(09 Sep '16, 13:12) Pascal Quantin

Well, I guess my answer was way too brief. There is also the dark side of it: while NPcap can capture on some interfaces not seen by WinPcap, it can not capture on some interfaces on which WinPcap can. In particular, it is possible to set up a software bridge between two NICs on a single machine and capture the transit traffic on one of them using WinPcap, but NPcap stops seeing an interface as soon as it becomes part of a bridge and can capture only on the virtual NIC representing the bridge into the machine, which the transit traffic doesn't reach.

(09 Sep '16, 13:20) sindy

I am curious if Wireshark developers are planning to include npcap into the installer package once it is deemed stable.

(09 Sep '16, 20:19) Rooster_50
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×72
×11
×4

question asked: 09 Sep '16, 11:51

question was seen: 5,428 times

last updated: 10 Sep '16, 05:00

p​o​w​e​r​e​d by O​S​Q​A