WireShark support via ExaNIC enabled wpcap.dll

Sophisticated support for Packet capture is becoming more and more essential. We have developed a kernel bypass featured plug-in for WireShark including support for the latest version WireShark 3.4.3 [1]. One of the key aspects is that of supporting nanoseconds resolution, relying on the hardware capabilities of the ExaNIC X25. We leverage this via support for libpcap 1.8.1.

Coming with the ExaNIC solution for Windows and Linux [0], providing ultra low latency stacks with a focus on high frequency trading and high performance packet capture, we support a kernel bypass enabled plug-in.

We love pictures. Following are two screenshots showing the solution in live capture.

Support for Nanosecond Timestamps delivered from the hardware

As a setup example we use our linerate capable exanic-replay and play a sample PCAP file to the exanic0 port. When starting up, WireShark will use our plug in and populate all devices. Note, that the resolution is in nanoseconds, derived from the ExaNIC RX hardware timestamps. There is no other kernel bypass solution for 10/25GbE today delivering nanosecond resolution.

Wireshark (here in nanosecond resolution) and exanic-replay working together.

It’s most simple to use. Just install the ExaNIC on Windows package and the latest WireShark package and all functionality is based on auto-sensing the devices.

We come back with some more information on performance and stats.

References:

[0] ExaNIC for Windows, Developed by NEIO Systems, Ltd. , http://www.fastsockets.com

[1] Wireshark.org