The WinPcap driver does a per-capture-instance binding on the underlying networking architecture. This means that if you are not capturing, WinPcap is not connected to the flow of packets in the networking stack, at all. When you capture, the WinPcap driver is seen by the system as a protocol, so it's at the same level of tcpip.sys, but it doesn't interact with it directly. Of course, especially under high network loads, the WinPcap activity (in partucular the one at software interrupt level) will impact on TCP/IP responsiveness.
Loris > > We have a high performance (milliseconds count) server on which I'd like to > install WinPCAP to capture some system interactions. Doing the capture > externally to the machine is not feasible at this time. > > However, I am hesitate to install WinPCAP for fear that its kernel packet > driver might increase the codepath through which all packets (i.e., even > during "normal" non-capture operations) flow. > > Does the mere act of installing WinPCAP have any performance implications on > the windows networking stack? > > If not--> > If I run Ethereal (uses WinPCAP) and then quit, do I need to reboot/restart > the machine to completely disengage the capture drivers? If so, is there an > easier way? > > Andrew Athan > > > > > > ================================================================== > This is the WinPcap users list. It is archived at > http://www.mail-archive.com/[EMAIL PROTECTED]/ > > To unsubscribe use > mailto: [EMAIL PROTECTED] > ================================================================== ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/[EMAIL PROTECTED]/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
