[Winpcap-users] winpcap alternatives

Giulio Marescotti giulio.marescotti at gmail.com
Fri Feb 14 13:31:11 UTC 2014

thank you for the prompt and valuable response.

I have already considered your last option pcausa/rawether but the owner
wrote me that it is not suitable for my need.
Do you think I would have same issues using NetMon? Here are the reasons of
Mr Divine, owner of PCASA:

"Rawether is based on a NDIS protocol driver. A NDIS protocol driver is a
peer to the host OS TCP/IP protocol driver. All incoming packets ALWAYS are
indicates to all peer NDIS protocol drivers. This is not good for the
implementation that you have in mind. In a product such as I think you have
in mind you want to be able to handle some packets privately without the
host OS seeing them. You would manipulate these "private" packets is some
way and reinject them into the network flow. You can't do this sort of
manipulation with a NDIS protocol driver."

Thank you anyway for your time


2014-02-13 20:41 GMT+01:00 Blibbet <blibbet at gmail.com>:

> > I was wondering if there are any alternatives (free or commercial) which
> > can help me to get better results.
> >
> > For Linux I know of *PF_RING*, but there is no version for Windows.
> 1) NetMon
> NetMon is the Microsoft packet capturing library and API and app.
> Windows-centric, created by the LAN Manager team years ago.
> Advantage of NetMon over WinPcap: the network stack vendor maintains it,
> and cares about performance. Whereas Winpcap uses unix-centric libpcap
> code/logic and tries to fit this into the Windows driver model, and this
> model doesn't properly handle all platform differences.
> NetMon is maintained, whereas whereas Windows Winpcap has been mostly
> ignored for many years, and Windows has completely changed their network
> stack during that time.
> Disadvantage: it's closed-source freeware, not open source like libpcap.
> There are a few filters on CodePlex.com for NetMon that're open source,
> though. You'll be reliant on MSDN for help, but there's a sample or two
> that does as much as the WinPcap samples, not hard to use.
> Make sure you ignore all the NetMon v2 stuff and only look at v3 or later.
> MSDN is really bad at showing you the old stuff first.
> http://www.microsoft.com/en-us/download/details.aspx?id=4865
> http://nmexperts.codeplex.com/
> http://nmparsers.codeplex.com/
> 2) NMap's WinPcap.
> I think they have a fork of WinPcap that's getting updates, unlike the
> main one.
> 2) For third party libraries, check out:
> http://www.pcausa.com
> or
> http://www.rawether.net/
> The OSRonline.com's ntdev mailing list is where the main NT consultants
> hang out, and talk about NDIS perf issues with libs like this, among other
> things. Search their archives for opinions one these two libs.
> HTH,
> Lee
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winpcap.org/pipermail/winpcap-users/attachments/20140214/3cbdf51e/attachment.html>

More information about the Winpcap-users mailing list