Exclusive Interview with Packet Capture Innovators – Part III

This is the final part of our ‘Exclusive Interview’ series with Packet Capture Innovators. In the previous sections we have covered interview with “Steven McCanne – Creator of TcpDump/Lipcap” and “Gerald Combs – Creator of Wireshark”


Here we present another exciting interview with Loris Degioanni – creator of Winpcap – bringing the libpcap and in turn all those beautiful network applications to the Windows world.

Loris Degioanni – Creator of Winpcap
Senior Director of Engineering, Office of the CTO
Riverbed Technology

SecurityXploded (SX): What prompted you to create Winpcap?
Loris Degioanni (LD): I was a student at my university in Northern Italy, Politecnico di Torino, and I was looking for a graduation project. I went to the computer networks professor and he proposed to build a network analyzer for the students. He thought that the best way to teach computer networks was to let the students observe the traffic flowing through the network. Unfortunately network analyzers were very expensive at that time, so he asked me to build one. It had to work on Windows because that is what the university had in the labs. This was a completely new field for me, so I used the previous work that Steve McCanne and his group made (both the scientific papers and the open source code) as my reference. I used them to build a Windows version of libpcap, which I called WinPcap, and a Windows version of tcpdump, which I called Windump.


SX: Did you have any challenging situations during devlopment of Winpcap, and if so, can you share your experience? I can imagine that the hidden world of Windows must have put forth numerous challenges.
LD: Definitely. The most challenging time was the first couple weeks of the project development. WinPcap’s core is a packet capture driver that gets installed into the kernel of the operating system. Kernel level development tends to be challenging both in terms of coding and debugging. In particular, every time you have a bug, the operating system crashes with the well-known blue screen of death. I spend the first couple of weeks looking at many blue screens and performed consequent machine reboots.

SX: Did you receive any support or opposition from Microsoft?
LD: I received strong support from the beginning. Microsoft saw a value in having many popular tools like Tcpdump, Ethereal and nmap working on the Windows platform. While I was at Politecnico, Microsoft donated hardware and books to my research group.
SX: What was the initial response/support from the community during the development phase?
LD: A few days after I released WinPcap and WinDump on the university website, somebody noticed them and mentioned them on a post in a public forum. Before the end of the week, more than 1,000 people downloaded them. When I graduated six months later, the download counter was at approximately 80,000.
SX: What was your reaction on the first release of Winpcap?
LD: I was amazed by the totally unexpected interest in the tool. I always loved writing software, but realizing that I built something that was useful to thousands of people was a really great feeling.

SX: How is being the creator of Winpcap helped your career, especially Riverbed Technology?
LD: WinPcap and open source shaped my career in a very deep way. If it weren’t for the expertise, contacts and visibility that I accumulated through the WinPcap project, I would not be in the United States; I would not have started my company, CACE Technologies; and as a consequence, I would not be part of Riverbed today. I can surely say that WinPcap changed my life!

SX: How do you feel now working together with other folks (Steve and Gerald) from the #Packetcap revolution?
LD: It is great! Steve, Gerald and the other members of the team are incredibly bright, visionary and a pleasure to work with.
SX: We have a lot of readers and participants who use your tools. What is your message to all those huge fans of Winpcap?
LD: I am humbled and thankful for your support!


We personally would like to thank ‘Steven McCanne’, ‘Gerald Combs’ & ‘Loris Degioanni’ for their valuable time and sharing their great experience with the community. It has been immense pleasure to interact with them and know how it all happened – ‘The Packetcap Revolution’


See Also
Exclusive Interview with Packet Capture Innovators – Part I

Exclusive Interview with Packet Capture Innovators – Part II

Similar posts
  • SecurityXploded Mentorship Programme ... I am writing this blog to share my SecurityXploded Student Mentorship Programme experience with the future students of this programme. My mentorship programme started last year in August when I was in 2nd year of MS at IIIT-Allahabad. I knew about SecurityXploded community since I used to follow their blogs, training programmes and security tools [...]
  • Code Injection and API Hooking Techni... Hooking covers a range of techniques used for many purposes like debugging, monitoring, intercepting messages, extending functionality etc. Hooking is also used by a lot of rootkits to camouflage themselves on the system. Rootkits use various hooking techniques when they have to hide a process, hide a network port, redirect file writes to some different [...]
  • Announcement – SecurityXploded ... From the past two years we are working actively on couple of projects to support the security community. As you all may already know that we have successfully completed our reversing and malware analysis training programme and we are very glad that it was very helpful for everyone. In my opinion the success of any [...]
  • Advanced Malware Analysis Training Se... Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 2) Dissecting the HeartBeat  RAT Functionalities   This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting various Communications Of HeartBeat [...]
  • Advanced Malware Analysis Training Se...   Here is the quick update on this month’s Local Security meet (SX/Null/G4H/owasp) and our advanced malware training session on (Part 1) Reversing & Decrypting Communications of HeartBeat RAT This is part of our FREE ‘Advanced Malware Analysis Training’ series started from Dec 2012.       In this extended session, I explained “Decrypting The [...]

Leave a Reply

Our Company

Follow us on Facebook

Join Mailing List

Get direct access to our expert trainers or mingle with like minded security folks in our mailing list