WinPcap
(ver 4.1.2)
Freeware


WinPcap is an open source library for packet capture and network 
analysis for the Win32 platforms.

Most networking applications access the network through widely used 
operating system primitives such as sockets.  It is easy to access 
data on the network with this approach since the operating system 
copes with the low level details (protocol handling, packet reassembly, 
etc.) and provides a familiar interface that is similar to the one 
used to read and write files.

Sometimes, however, the 'easy way' is not up to the task, since some 
applications require direct access to packets on the network.  That is, 
they need access to the "raw" data on the network without the interposition 
of protocol processing by the operating system.

The purpose of WinPcap is to give this kind of access to Win32 applications; 
it provides facilities to:

    * capture raw packets, both the ones destined to the machine where it's 
        running and the ones exchanged by other hosts (on shared media)
    * filter the packets according to user-specified rules before dispatching 
        them to the application
    * transmit raw packets to the network
    * gather statistical information on the network traffic

This set of capabilities is obtained by means of a device driver, that is 
installed inside the networking portion of Win32 kernels, plus a couple of DLLs.

The WinPcap programming interface can be used by many types of network tools 
for analysis, troubleshooting, security and monitoring. In particular, classical 
tools that rely on WinPcap are:

    * network and protocol analyzers
    * network monitors
    * traffic loggers
    * traffic generators
    * user-level bridges and routers
    * network intrusion detection systems (NIDS)
    * network scanners
    * security tools

Many computer simulators (especially mini-mainframe simulators) require WinPcap.

Note that because WinPcap receives and sends the packets independently from 
the host protocols, like TCP-IP, it isn't able to block, filter or manipulate 
the traffic generated by other programs on the same machine: it simply "sniffs" 
the packets that transit on the wire. Therefore, it does not provide the appropriate 
support for applications like traffic shapers, QoS schedulers, and personal firewalls.


NOTE: This is the last version compatible with Windows 2000.  



