Performance Testing: WinPcap versus Npcap
Wireshark for Windows users are probably familiar with WinPcap. WinPcap is basically the driver that Wireshark and other applications use to communicate with their network adapters.
WinPcap is automatically installed by Wireshark, but few people know that you also could use Npcap. Npcap has a few advantages over WinPcap including:
- Support for Windows 10
- Libpcap version 1.8.1 vs WinPcap (1.0.0)
- You can create and inject loopback traffic
- You can capture raw 802.11 frames from more adapters
Those who read my articles know it was just a matter of time before I put Npcap through its paces. Since WinPcap and Npcap are both drivers, I wanted to see if there were any performance differences.
I decided to set up my traffic generator and measured how many packets Wireshark can capture with either driver.
In my tests, I decided to use Windows 8.1 since WinPcap officially supports it and the GUI interface, rather than the CLI tools. Here is the video of my test:
In conclusion, Npcap outperformed WinPcap, but I always recommend using hardware-based analyzers on ‘busy’ links.
Recommended For You
In honor of St. Patrick’s Day, there’s no better time to reflect on those instants when life threw us a curveball, but we were able to hit a home run.
The success of modern enterprises, especially those utilizing real-time communications solutions, is highly reliant on IT infrastructure availability.
To understand the critical role of HTTP/2 in streamlining operations, we must look back at the technologies and implementation gaps that got us where we are today.
A video overview and best practices on how to reduce broadcasts and find other things to tune.
This is a great example of the perfect storm of variables coming together to cause performance issues. Watch the video to see how the problem was found.
Providers should be making infrastructure work for everyone in 2019, improving efficiency and opening up networks for all apps on their infrastructure.