Npcap：Nmap项目里一个为Windows而生的嗅探库 Npcap: Nmap Project's packet sniffing library for Windows

如果有人知道Npcap与libpcap对应的头文件列表，请告诉我，非常感谢

Introduction介绍

This Manual describes the programming interface and the source code of Npcap. It provides detailed descriptions of the functions and structures exported to programmers, along with complete documentation of the Npcap internals. Several tutorials and examples are provided as well. 本手册描述了Npcap的程序接口和源码。本手册详细说明了 “Npcap提供给程序员的功能和结构”，随着内部文档的完成，指导和例子也日渐完善。

What is Npcap? 了解Npcap

Npcap is an architecture for packet capture and network analysis for Windows operating systems, consisting of a software library and a network driver.

Npcap是一个包捕获（抓包）和网络分析的架构，由软件LIB库和网络驱动组成。

Most networking applications access the network through widely-used operating system primitives such as sockets. It is easy to access data on the network with this approach since the operating system copes with the low level details (protocol handling, packet reassembly, etc.) and provides a familiar interface that is similar to the one used to read and write files.

虽然很多网络应用程序可以通过广泛使用的API或操作系统原生接口如sockets 来完成网络通讯。让操作系统去处理低级协议（协议头、包重组 等等）并提供一个与读写文件相似的接口（译注 IO流封装），然后通过这种途径来获取网络数据，非常方便，

Sometimes, however, the “easy way” is not up to the task, since some applications require direct access to packets on the network. That is, they need access to the “raw” data on the network without the interposition of protocol processing by the operating system.

但有时候，这种方便却不能令人满意，例如你的程序要求直接操作网络包时，而操作系统提供的接口却不能满足需求。因此，我们需要一种方法，一种不经操作系统加入处理而直接获得“原始”网络数据的方法。

The purpose of Npcap is to give this kind of access to Windows applications. It provides facilities to:

在Windows平台上，Npcap提供了这些能力：

原文

• capture raw packets, both the ones destined to the machine where it's running and the ones exchanged by other hosts (on shared media)
• filter the packets according to user-specified rules before dispatching them to the application
• transmit raw packets to the network
• gather statistical information on the network traffic

译文

• 捕获原始数据包，包括发往其运行的计算机的数据包和由其他主机交换的数据包（在共享媒体上）
• 在将数据包分派给应用程序之前，根据用户指定的规则过滤数据包
• 将原始数据包传输到网络
• 收集有关网络流量的统计信息

This set of capabilities is obtained by means of a device driver, which is installed inside the networking portion of the Windows kernel, plus a couple of DLLs.

这组功能是通过设备驱动程序获得的，该驱动程序安装在Windows内核的网络部分内，并几个DLL。

All of these features are exported through a powerful programming interface, easily usable by applications. The main goal of this manual is to document this interface, with the help of several examples.

所有这些功能都通过功能强大的编程接口导出，可供应用程序轻松使用。本手册的主要目标是在几个示例的帮助下记录此界面。