Wireshark for Windows users are probably familiar with WinPcap. WinPcap is basically the driver that Wireshark and other applications use to communicate with their network adapters.
WinPcap is automatically installed by Wireshark, but few people know that you also could use Npcap. Npcap has a few advantages over WinPcap including:
- Support for Windows 10
- Libpcap version 1.8.1 vs WinPcap (1.0.0)
- You can create and inject loopback traffic
- You can capture raw 802.11 frames from more adapters
Those who read my articles know it was just a matter of time before I put Npcap through its paces. Since WinPcap and Npcap are both drivers, I wanted to see if there were any performance differences.
I decided to set up my traffic generator and measured how many packets Wireshark can capture with either driver.
In my tests, I decided to use Windows 8.1 since WinPcap officially supports it and the GUI interface, rather than the CLI tools. Here is the video of my test:
In conclusion, Npcap outperformed WinPcap, but I always recommend using hardware-based analyzers on ‘busy’ links.