Eli Greenhut wrote: > Does the traffic captured by wireShark is before the driver or after the > driver?
Before the driver. On Windows, Wireshark uses WinPcap to capture packets, and, on various UN*Xes, it uses libpcap. WinPcap includes its own driver, which connects to the networking code above the network device driver (it plugs into the "top half" of the NDIS mechanism, and networking drivers plug into the "bottom half"), and the mechanisms libpcap uses either plug into the networking code above the network device drivers or get packets supplied by the driver. You won't, for example, see raw GSM/UMTS/cdmaOne/cdma2000/etc. radio traffic, if that's what you're trying to see. _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
