Starting with version 3.0.0, the Wireshark for Windows installation programs are distributed with Npcap in stead of WinPcap. Prior Wireshark Windows versions already supported Npcap, but the installer still came bundled with WinPcap.
Npcap is a library for packet capturing and sending on Windows, developed by the Nmap project, and is actively maintained, while WinPcap is no longer actively maintained (unless WinPcap's community steps in).
If you have a prior version of Wireshark installed on Windows (like 2.6.7), and you perform an upgrade to 3.0.0, Npcap will be installed by default:
One feature offered by Npcap and lacking in WinPcap, is capturing traffic on the loopback adapter:
Wireshark with WinPcap:
Wireshark with Npcap:
You can also sniff WiFi if your driver supports it.
If you have WinPcap installed, and Npcap is installed with default options, then WinPcap remains installed:
WinPcap and Npcap can coexist. Unless you choose to have the Npcap installer install a WinPcap API compatible DLL. Then WinPcap will be uninstalled.
This WinPcap API compatible DLL allows other applications, depending on WinPcap and without support for Npcap, to run with Npcap only installed.
Mar 11th 2019
4 months ago