[Winpcap-users] winpcap alternatives
Blibbet
blibbet at gmail.com
Thu Feb 13 19:41:39 UTC 2014
> I was wondering if there are any alternatives (free or commercial) which
> can help me to get better results.
>
> For Linux I know of *PF_RING*, but there is no version for Windows.
1) NetMon
NetMon is the Microsoft packet capturing library and API and app.
Windows-centric, created by the LAN Manager team years ago.
Advantage of NetMon over WinPcap: the network stack vendor maintains it,
and cares about performance. Whereas Winpcap uses unix-centric libpcap
code/logic and tries to fit this into the Windows driver model, and this
model doesn't properly handle all platform differences.
NetMon is maintained, whereas whereas Windows Winpcap has been mostly
ignored for many years, and Windows has completely changed their network
stack during that time.
Disadvantage: it's closed-source freeware, not open source like libpcap.
There are a few filters on CodePlex.com for NetMon that're open source,
though. You'll be reliant on MSDN for help, but there's a sample or two
that does as much as the WinPcap samples, not hard to use.
Make sure you ignore all the NetMon v2 stuff and only look at v3 or
later. MSDN is really bad at showing you the old stuff first.
http://www.microsoft.com/en-us/download/details.aspx?id=4865
http://nmexperts.codeplex.com/
http://nmparsers.codeplex.com/
2) NMap's WinPcap.
I think they have a fork of WinPcap that's getting updates, unlike the
main one.
2) For third party libraries, check out:
http://www.pcausa.com
or
http://www.rawether.net/
The OSRonline.com's ntdev mailing list is where the main NT consultants
hang out, and talk about NDIS perf issues with libs like this, among
other things. Search their archives for opinions one these two libs.
HTH,
Lee
More information about the Winpcap-users
mailing list