WinPcap is the industry-standard tool for link-layer network access in Windows environments: WinPcap will allow programs to capture and transmit network packets bypassing the protocol stack, and has additional useful features, including kernel-level packet filtering, a network statistics engine and support for remote packet capture.

WinPcap consists of a driver, that extends the operating system to provide low-level network access, and a library that is used to easily access the low-level network layers. This library also contains the Windows version of the well known libpcap Unix API.

Thanks to its set of features, WinPcap is the packet capture and filtering engine of many open source and commercial network tools, including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators and network testers. Some of these tools, like Ethereal, Nmap, Snort, ntop are known and used throughout the networking community.

Winpcap.org is also the home of WinDump, the Windows version of the popular tcpdump tool. WinDump can be used to watch, diagnose and save to disk network traffic according to various complex rules.

Here are some key features of "WinPcap":

· High performance. WinPcap implements all of the classic optimizations described in the packet capture literature (e.g., kernel-level filtering and buffering, context switch mitigation, partial packet copy), plus some original ones, like JIT filter compilation and kernel-level statistic processing. For these reasons, WinPcap outperforms other comparable approaches.
· Popular. WinPcap is used as the network interface by many tools -- both free and commercial including protocol analyzers, network monitors, network intrusion detection systems, sniffers, traffic generators, network testers, etc. Some of these tools, like Ethereal, Nmap, Snort, WinDump, ntop are very well known in the networking community. WinPcap is downloaded thousands of times every day.
· Tested and Reliable. Many users have contributed over the years in testing WinPcap on a wide range of platforms, and in finding the most subtle bugs. WinPcap developers are experienced Windows driver writers, and their approach to software development emphasizes rock-solid stability. Remember: a buggy driver means blue screens.
· Easy to use for the final user. WinPcap is distributed as a single small executable that runs on every supported operating system. You launch the executable, and from that moment Windows is able to capture and send raw network traffic. It couldn't be easier.
· Easy to use for the programmer. Every version of WinPcap comes with a developer's pack that includes documentation, libraries and include files needed to immediately start with your own new application. The developer's pack contains a set of sample programs ready to be compiled both with Visual Studio and Cygnus, and are available as excellent starting points.
· Multi-platform. WinPcap is actively maintained on Windows NT, Windows 2000, Windows XP and Windows Server 2003. WinPcap can also work on Windows 95, Windows 98 and Windows ME, but these OSes are not maintained any longer. Windows Vista has a preliminary support, with some features disabled.
· Portable. WinPcap is completely compatible with libpcap. This means that you can use it to port your existing Unix or Linux tools to Windows. This also means that your Windows applications will be easily portable to Unix.
· Well documented. The WinPcap manual documents the API and the internals in an easy-to-follow hyperlinked manner. The documentation includes a tutorial that takes you step-by-step through all of the features of WinPcap.

What's New in This Release: [ read full changelog ]

· Added support for Vista x64 by digitally signing all the binaries of the WinPcap distribution.
· Better error handling in the installer - if the installation of the Microsoft Network Monitor Driver (NetMon) fails.
· Improved the documentation layout and readability - updated the style sheet and migrated to Doxygen 1.5.1.