Capturing takes packets from a network adapter and saves them to a file on your hard disk.
Since raw network adapter access requires elevated privileges, these functions
are isolated to the dumpcap
program. Placing the capture functionality
into dumpcap
allows the rest of the code (dissectors, user interface,
etc.) to run with normal user privileges.
To hide all the low-level machine dependent details from Wireshark, the libpcap and Npcap (see Section 5.9, “libpcap or Npcap (Optional, But Strongly Recommended)”) libraries are used. These libraries provide a general purpose interface to capture packets and are used by a wide variety of applications.