 | 1 | initial version |
At first the Npcap admin helper kept looping in for admin permission.
It repeatedly asks for admin permissions, but if you keep saying "yes", it will eventually stop. (This is because it's trying to open all the known interfaces so it can show the graphs of how many packets are arriving. A short-term improvement would be to change the way that's done, so that it only has to ask for permissions once; unfortunately, that means it would still ask again when you try to capture - a more significant restructuring would be needed to reduce the number of permission requests to one per Wireshark session.)
So I logged in as "run as administrator".
That's not wise; you don't want random programs running with more privileges than they need. When not run as administrator, a rather small program (part of Npcap, not Wireshark) is run as administrator, so that's pretty safe; when run as administrator, that's running entirely too much code with entirely too many privileges - to quote the Wireshark Developer's Guide:
WIRESHARK CONTAINS OVER THREE MILLION LINES OF SOURCE CODE. DO NOT RUN THEM AS ROOT.
and "AS ROOT" can be replaced by "AS ADMINISTRATOR" for Windows.
Now I can get it to launch, but not to capture.
I'm not sure why that happens, but, as noted, it shouldn't be necessary - don't infer that repeated "run with privileges?" questions mean that's an infinite loop (it's looping over interfaces, not just looping for the lulz).
Alternatively, you could re-install Npcap and not install it with the "require administrator privileges to capture" option, although that would allow arbitrary programs to capture network traffic to and from (and within) your machine without asking your permission or even letting you know that it's doing that.
