WinPcap has support for remote capture via rpcapd, would be great to see its support in this project.
https://www.winpcap.org/docs/docs_41/html/group__remote.html

Hi @orweis Thanks for sharing this project. It works great. I was working with this library and I am stuck in between so I need to read a pcap file now. Is it possible to do so with this project ? I tried Winpcaputils.capture_on(filename, function callback) but it doesnt seem to work. Some help would be very useful! Thanks in advance!

My work environment is Win10 64bit, Python 3.5.2, Win10Pcap:

>>> from winpcapy import WinPcapDevices
>>> with WinPcapDevices() as devices:
...     for device in devices:
...         print (device.addresses.contents.addr.contents.sa_data)
b''

>>> from winpcapy import winpcapy_types as wtypes
>>> import ctypes
>>> err_buffer = ctypes.create_string_buffer(wtypes.PCAP_ERRBUF_SIZE)
>>> dev_name = b'...'
>>> valA = ctypes.c_uint(1)
>>> valB = ctypes.c_uint(1)
>>> wtypes.pcap_lookupnet(dev_name, valA, valB, err_buffer)
0
>>> valA
0
>>> valB
0

Not sure if this is an issue with this python wrapper or something deeper in the dependent libs. I am trying to capture all arp traffic and am successfully able to execute WinPcapDevices.list_devices() which lists 7 devices

PS C:..\Documents\DashFun> python
Python 3.7.2 (tags/v3.7.2:9a3ffc0492, Dec 23 2018, 23:09:28) [MSC v.1916 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.

from winpcapy import WinPcapDevices
from winpcapy import WinPcapUtils
WinPcapDevices.list_devices()
{'\Device\NPF_{4C1C61CB-C267-44B4-A9D5-AB971C6EA2A1}': 'Oracle', '\Device\NPF_{5AFCFB2F-4B4B-40D4-93E7-D33CAE09C27A}': 'Microsoft', '\Device\NPF_{B7F2EEE3-F20A-4FD5-A058-C10CE5BF9A61}': 'Microsoft', '\Device\NPF_{EB9FAC54-26D6-4600-B05D-94DB2970E0AF}': 'TAP-Windows Adapter V9', '\Device\NPF_{54F044BB-A844-4917-BC8C-7BC0F0FA2F4B}': 'Microsoft', '\Device\NPF_{87BBC5C7-E69D-4AB7-A4E8-D6BA999FA273}': 'Oracle', '\Device\NPF_{91DA82B0-F636-47B5-B809-C926019959C0}': 'Realtek PCIe GBE Family Controller'}

However my Realtek wifi device is missing and therefor doesn't work using the WinPcapUtils.capture_on_and_print("Ethernet") command. Any advice?

C:\Users\liu>python
Python 3.5.2 (v3.5.2:4def2a2901a5, Jun 25 2016, 22:01:18) [MSC v.1900 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.

from winpcapy import WinPcapUtils
Traceback (most recent call last):
File "", line 1, in
File "C:\Users\liu\AppData\Local\Programs\Python\Python35-32\lib\site-packages\winpcapy_init_.py", line 12, in
from winpcapy import WinPcap, WinPcapDevices, WinPcapUtils
ImportError: cannot import name 'WinPcap'

**Hi,
I had on my computer 2 nics with same description.
It could not distinguish between the two and opened always the first one. In winpcapy.py I saw it looks for match with the description only.

@classmethod
def get_matching_device(cls, glob=None):
    for name, description in cls.list_devices().items():
        if fnmatch.fnmatch(description, glob):
            return name, description
    return None, None

I've added a search with the name and left the search by description (for backward comparability purposes). Now you can look for your nic either with a name or with the description.
Note that the name can includes the full GUID !!

@classmethod
def get_matching_device(cls, glob=None):
    for name, description in cls.list_devices().items():
        if fnmatch.fnmatch(name, glob) :
            return name, description
    for name, description in cls.list_devices().items():
        if fnmatch.fnmatch(description, glob):
            return name, description
    return None, None

This is not really an issue. Just wanted to say thanks.
This is a must have on windows. Pcap was giving me nightmares.

Keep it up!

(Fell free to close this. Or I'll do it in a day or two.)

when I try to close the "WinPcapUtils.capture_on()" function, I find that WinPcap.stop() function is no use ,how to fix this problem ?

Hello.

Could somebody provide me with filter example. What if i want to get only vrrp packets (0x70 in hex, protocol number 112). In pcapy it looks like pcap = pcapy.open_live (interface, 1524, 1, timeout) and pcap.setfilter ('proto 112'). In winpcapy it must be compile method with filter expression first and than setfilter for applying this filter if i understand right. So how expression should looks like?

Thank you.

In winpcapy.py, the name Callable is imported from collections at the top. However I think that it's supposed to be typing; the code throws an error when I replace the name, and Callable is a type from typings.

from winpcapy import WinPcapUtils

ImportError: cannot import name 'Callable' from 'collections'

when I try to execute the example

>>> from winpcapy import WinPcapUtils
>>> WinPcapUtils.capture_on_and_print("*Ethernet*")
>>>

just show nothing
why capture can not work?