WinPcap: The Windows Packet Capture Library

Documentation

Manuals

• The WinPcap manual and tutorial: inside this manual you will find the documentation of the WinPcap API, a tutorial that will explain how to use the WinPcap functions with several samples, the instructions to compile WinPcap and the applications that use it, a complete description of the internals of WinPcap with links to the source code.
  • The WinPcap manual and tutorial for WinPcap 4.0.2  (an offline version can be found in the developer's pack)
  • The WinPcap manual and tutorial for WinPcap 4.1 beta3  (an offline version can be found in the developer's pack)
• The Chinese version of the WinPcap 4.0.1 manual: http://WinPcap.CoffeeCat.net.cn
• The Japanese version of the WinPcap 3.0 manual: http://dog.tele.jp/winpcap/html/index.html

Further Documentation

• Loris Degioanni, Mario Baldi, Fulvio Risso and Gianluca Varenni, Profiling and Optimization of Software-Based Network-Analysis Applications, Proceedings of the 15^th IEEE Symposium on Computer Architecture and High Performance Computing (SBAC-PAD 2003), Sao Paulo, Brazil, November 2003
• Fulvio Risso, Loris Degioanni, An Architecture for High Performance Network Analysis, Proceedings of the 6^th IEEE Symposium on Computers and Communications (ISCC 2001), Hammamet, Tunisia, July 2001
• (First chapter in Italian) Loris Degioanni, Development of an Architecture for Packet Capture and Network Traffic Analysis, Graduation Thesis, Politecnico Di Torino (Turin, Italy, Mar. 2000)
• (First chapter in Italian) Gianluca Varenni, An Architecture For Unified Packet Filtering, Graduation Thesis, Politecnico Di Torino (Turin, Italy, Nov. 2001)
• (in Italian) Loris Degioanni, Mario Baldi, Fulvio Risso and Gianluca Varenni, WinPcap: una libreria open source per l'analisi di rete, AICA 2003 Annual Congress, Trento, Italy, September 2003
• Fiach Reid, Network Programming in .NET

General Bibliography

[1] S. McCanne and V. Jacobson, The BSD Packet Filter: A New Architecture for User-level Packet Capture. Proceedings of the 1993 Winter USENIX Technical Conference (San Diego, CA, Jan. 1993), USENIX.

[3] Gary R. Wright, W. Richard Stevens, TCP-IP illustrated Volume 2, chapter 31. Addison-Wesley professional computing series.

[4]Microsoft Software Development Kit and Driver Development Kit Examples, Microsoft Corporation.

[5] Lew Perin, Bugs in the NT DDK Packet Protocol Driver Sample, Internet page. Available at http://www.panix.com/~perin/packetbugs.html

[6] Simpson, W., Editor, The Point-to-Point Protocol (PPP), RFC 1548, Daydreamer, December 1993.

[7] Microsoft Corporation, 3Com Corporation, NDIS, Network Driver Interface Specification, May 1988

[8] Microsoft Windows 95, Windows 98, Windows NT and Windows 2000 Driver Development Kit documentation, Microsoft Corporation.

[9] Peter G. Viscarola, W. Anthony Mason, Windows NT Device Driver Development, Macmillan Technical publishing.

[10] Microsoft MSDN Library, Microsoft Corporation, August 1999.

[11] Ricardo Thompson (icardoth@interserver.com.ar), Cpumeter, available on the Internet at http://www.winsite.com/info/pc/win95/sysutil/cpumet12.zip/, 1997

[12] A. Begel, S. McCanne, S.L.Graham, BPF+: Exploiting Global Data-flow Optimization in a Generalized Packet Filter Architecture, Proceedings of ACM SIGCOMM '99, pages 123-134, Conference on Applications, technologies, architectures, and protocols for computer communications, August 30 - September 3, 1999, Cambridge, USA (available also on Begel's web page).

[13] M. Yuhara, B. Bershad, C. Maeda, J.E.B. Moss. Efficient packet demultiplexing for multiple endpoints and large messages. In Proceedings of the 1994 Winter USENIX Technical Conference, pages 153-165, San Francisco, CA, January 1994.

[14] Marcus J. Ranum, Kent Landfield, Mike Stolarchuk, Mark Sienkiewicz, Andrew Lambeth, and Eric Wall (Network Flight Recorder, Inc.) Implementing a Generalized Tool for Network Monitoring (LISA'97 "Best Paper" Award), Eleventh Systems Administration Conference (LISA '97), San Diego, CA, October 26-31, 1997

[15] Dawson R. Engler, and M. Frans Kaashoek, DPF: fast, flexible packet demultiplexing, in Proceedings of ACM Communication Architectures, Protocols, and Applications (SIGCOMM '96).