WinPcap is required by one of several ways to bring up networking in coLinux, see coLinuxNetworking for details about the different coLinux networking modes.

What is it?[]

WinPcap is essentially a set of a Windows driver and two DLL's, which enables applications to send and receive raw network packets to/from network cards. Receiving raw network packets is also known as packet capturing, therefore the name "Windows Packet capture library".

WinPcap is the windows version of it's unixoid counterpart libpcap. Unlike libpcap, WinPcap is also able to send raw packets to the network card. On unixoid systems you would use libnet to send raw packets.

WinPcap will run on all recent Windows platforms (9x,ME,NT,2000,XP,2003) except for WinCE/PocketPC and is licensed under a BSD style license.

How does it work?[]

Using common Windows methods, a usual application (e.g. the Firefox browser) won't even see the network card below it. The TCP/IP stack hides the network card and "only" provides high level TCP/IP services.

The WinPcap driver is required by coLinux, as coLinux requires "direct" access to the network card for native network support, see coLinuxNetworking for details about the coLinux networking modes.

A simplified example diagram of the network stack in this case could look like this:

Linux application (e.g. Mozilla)
Windows application (e.g. Firefox) TCP/IP
Winsock (TCP/IP) coLinux
Windows network driver(s) WinPcap
Network card(s)

The blue part shows the "usual" Windows TCP/IP network access (with the Firefox running in the host Windows system). The green part shows coLinux's network access using WinPcap "attached" to the Windows network driver. The red part shows the guest linux with an application (e.g. the linux version of Mozilla) running on top of it.

Please note: a network build this way is transparent in both ways, e.g. you could set up a DHCP server as a linux application to serve the Winsock TCP/IP with IP addresses. Of course this is also true the other way round, you could run an FTP server in windows and use it from the linux system :-)

Where to get it?[]

From download page of

How to install it?[]

If you had installed a previous WinPcap version before, uninstall it (Control Panel -> Software) and reboot.

Then simply install the new version by executing the downloaded exe file. A(nother) reboot might be a good idea here.


On vista, colinux must be run in Administrator mode to function correctly. Starting colinux from the command line with "runas" doesn't work. However it's possible to start a command shell first, and start colinux from this shell.

Common "cable based" Ethernet cards should usually work without problems.

There are known problems with a lot of Wireless-LAN network drivers (e.g. most of the Intel Centrino (trademark?) drivers are known to fail capturing packets).

So what to do, if you have problems with your WinPcap based coLinux network?

First of all, the vast majority of problems occur with receiving of network packets. Sending of packets will usually work without problems.

If you have problems, you might try if you can get packets from the network card. This can be easily done using one of the Windows tools, WinPcap is often used with:

  • WinDump: open source command line packet capture tool
  • Wireshark: open source GUI packet capture and analysing tool
  • ... there are a lot more out there!

So get one of these (I would suggest Wireshark) and install it.

You should try to capture data (consult the documentation of the program you use how) from the interface (network card) you would like to work with. If you see packets captured from the network card, it's looking good for you ;-)

  • If you do see captured network packets: it's most likely that WinPcap works on this network card for coLinux as well :-), double check your coLinux XML configuration and the network settings of your guest linux.
  • If you don't see captured network packets: it's most likely that WinPcap won't work with this network card for co Linux :-(, you may try a different coLinux networking mode or a different network card.

MassTranslated on Sun Apr 23 17:37:03 UTC 2006