What is Wireshark and WinPcap?

Rod picture Rod · Mar 7, 2012 · Viewed 8.7k times · Source

I'm working with a WCF service I wrote a few years back, which uses TCP. It's causing me problems saying, “…the target machine actively refused” my attempting to connect to it. I've no idea why the target machine (our Windows 2003 Server) should now be actively refusing my connecting to it, when just last week it was all hunky-dory. I've asked on the MSDN forums, and was told to run something called Wireshark. I've never heard of it. Is Wireshark sort of like Fiddler, only including other protocols besides HTTP?

And another thing. I've downloaded Wireshark and have started to install it. Early on in the installation it informed me that it wants to update something called WinPcap. I've never heard of that, either. I've done another search on that and have found on Wikipedia and see that it is the Windows version of pcap, which stands for packet capture. And according to Wireshark's website, whatever version of WinPcap currently on my system is, “… annoying bugs …” and version 4.1.2 of WinPcap fixes them. OK, that's nice and all, but frankly satisfying Wireshark's needs alone isn't what I'm here to do. I'd like to know what impact replacing WinPcap will have on my system. What else relies upon WinPcap?

Answer

tamarintech picture tamarintech · Mar 7, 2012

Wireshark is a tool used to analyze network traffic. [Win]Pcap is a dependency for providing that functionality, as you found out. If you have other tools that require packet capturing they may use pcap. Generally, there shouldn't be anything else on your system using Pcap, but we have no way of knowing what is on your system.....

Using Wireshark to diagnose a connection problem with your application is generally overkill. I would suggest checking that your application correctly binds to a hostname and interface correctly, that the port is actively opened by using another tool like netstat, etc before you go digging around in packet captures.

You might try something like opening up a command prompt window and using: netstat -p tcp -a

You should see a list of all TCP connections and opened ports on your machine. If you don't see an appropriate port that your application should have opened (or a weird IP) then you know there's something up with your application. You can also check the Windows Firewall and add exceptions if you need them.