Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Performance Testing: WinPcap versus Npcap

Wireshark for Windows users are probably familiar with WinPcap. WinPcap is basically the driver that Wireshark and other applications use to communicate with their network adapters.

WinPcap is automatically installed by Wireshark, but few people know that you also could use Npcap. Npcap has a few advantages over WinPcap including:

  • Support for Windows 10
  • Libpcap version 1.8.1 vs WinPcap (1.0.0)
  • You can create and inject loopback traffic
  • You can capture raw 802.11 frames from more adapters

Those who read my articles know it was just a matter of time before I put Npcap through its paces. Since WinPcap and Npcap are both drivers, I wanted to see if there were any performance differences.

I decided to set up my traffic generator and measured how many packets Wireshark can capture with either driver.

In my tests, I decided to use Windows 8.1 since WinPcap officially supports it and the GUI interface, rather than the CLI tools. Here is the video of my test:



In conclusion, Npcap outperformed WinPcap, but I always recommend using hardware-based analyzers on ‘busy’ links.