 | 1 | initial version |
Perhaps Wireshark isn't quite what I remember it to be from years ago. Like, capturing network traffic from a given physical/logical interface. I guess it can't do that anymore for some reason. RawCap can though, so my immediate problem is gone. Not sure if this is still a bug or missing feature in Wireshark. Seems like core functionality really, but I'm no expert.
You may remember using something other than a "portable" version of Wireshark from years ago (or you may remember it from running it on a UN*X, rather than on Windows).
"Portable" apps are fine for programs that don't require adding kernel-level drivers; unfortunately, on Windows, packet capture in Wireshark requires adding Npcap, which requires a kernel-level driver. This mean that if you want to capture traffic, you shouldn't use the "portable" version, you should install the regular version, and, when the installer asks you whether you want to install Npcap, tell it to install Npcap.
So this is a feature missing from "portable" Wireshark, which is, unfortunately, the result of 1) Windows not providing an adequate supported-by-libpcap capture mechanism by default (unlike UN*Xes) and 2) "portable" applications not being able to install kernel drivers. Yes, packet capture is core functionality, which is why "portable" Wireshark is problematic.
| | 2 | No.2 Revision |
Perhaps Wireshark isn't quite what I remember it to be from years ago. Like, capturing network traffic from a given physical/logical interface. I guess it can't do that anymore for some reason. RawCap can though, so my immediate problem is gone. Not sure if this is still a bug or missing feature in Wireshark. Seems like core functionality really, but I'm no expert.
You may remember using something other than a "portable" version of Wireshark from years ago (or you may remember it from running it on a UN*X, rather than on Windows).
"Portable" apps are fine for programs that don't require adding kernel-level drivers; unfortunately, on Windows, packet capture in Wireshark requires adding Npcap, which requires a kernel-level driver. This mean that if you want to capture traffic, you shouldn't use the "portable" version, you should install the regular version, and, when the installer asks you whether you want to install Npcap, tell it to install Npcap.
So this is a feature missing from "portable" Wireshark, which is, unfortunately, the result of 1) Windows not providing an adequate supported-by-libpcap capture mechanism by default (unlike UN*Xes) and 2) "portable" applications not being able to install kernel drivers. Yes, packet capture is core functionality, which is why "portable" Wireshark is problematic.
If you want to use the "portable" version, try downloading and installing Npcap on your machine before using the "portable" Wireshark.
