wireshark doesn't actually capture the packets on its own. It uses WinPcap to capture the packets from the stack.
WinPcap is implemented as an NDIS protocol driver, so it works in parallel with other protocols like TCP/IP. Things are a bit more complex when it comes to VPNs and dialup adapters. I hope this answers your questions. Have a nice day GV ----- Original Message ----- From: Gajan Nadarajan To: [email protected] Sent: Thursday, June 28, 2007 1:43 PM Subject: [Wireshark-dev] Newbie question about capture point Hello, I was wondering where exactly does wireshark capture eth packets or frames on the windows stack( or somwhere on NDIS)? Would it be before it reaches the device driver? Thank you. ------------------------------------------------------------------------------ _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
