6.3. Capturing packets

Capturing takes packets from a network adapter and saves them to a file on your hard disk.

Since raw network adapter access requires elevated privileges, these functions are isolated to the dumpcap program. Placing the capture functionality into dumpcap allows the rest of the code (dissectors, user interface, etc.) to run with normal user privileges.

To hide all the low-level machine dependent details from Wireshark, the libpcap and Npcap (see Section 5.9, “libpcap or Npcap (Optional, But Strongly Recommended)”) libraries are used. These libraries provide a general purpose interface to capture packets and are used by a wide variety of applications.