scapywinpcapnpcap

How do libraries like Scapy, Npcap, WinPcap, etc., get around Window's limitations on sending raw TCP packets?


I learned the hard way that modern Windows machines do not permit sending TCP data over raw sockets after trying to perform the TCP handshake myself in Python. And yet Scapy, a Python library, is able to do it seemingly just fine. Other libraries, like Npcap and WinPcap, also seem to be able to send raw TCP data just fine on Windows. How is this possible? What are these libraries doing under the hood that enables them to bypass this limitation?


Solution

  • WinPcap (the windows implementation of libpcap) authors say in their website:

    WinPcap consists of a driver that extends the operating system to provide low-level network access and a library that is used to easily access low-level network layers.

    So the answer to your question would be: in windows, the implementation of libpcap (which is what Scapy uses according to their site) uses a driver to get access to the low-level networking stuff