Ask Your Question
0

admin only mode

asked 2019-10-16 14:58:18 +0000

Giannes gravatar image

a message : the helper program for admin only mode is requesting your permission, I press yes and this message pops up again

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2019-10-16 15:21:46 +0000

grahamb gravatar image

Presumably you have installed npcap in "Admin only" mode. This causes Wireshark to request elevation privileges each time it opens an interface.

Currently it's recommended that you do NOT use "Admin Only" mode with Wireshark.

See also bug 15082.

edit flag offensive delete link more

Comments

I also faced this issue in my Windows 10 when I started Wireshark in normal mode, and my Npcap is installed in "Admin Only" mode. My solution was to start Wireshark also in admin mode using "Run as Administrator" mode. Why don't you suggest that as a solution? Is there anything wrong about using "Run as Administrator" with Wireshark?

Rineez Ahmed gravatar imageRineez Ahmed ( 2021-04-17 09:39:01 +0000 )edit

You should NEVER run Wireshark with elevated privileges, there are millions of lines (3 million??) of code in Wireshark that will attempt to handle whatever traffic is injected into the process and the theoretical potential of something bad happening is considerable.

grahamb gravatar imagegrahamb ( 2021-04-17 10:47:59 +0000 )edit
add a comment
0

answered 2020-05-12 00:52:03 +0000

pcapmgr gravatar image

For Windows 10 1909 64 bit version I was able to disable AdminOnly mode by modifying the following keys;

HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NPCAP HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npcap\Parameters HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\npcap\Parameters

Change "AdminOnly REG_DWORD" from 1 to 0 on all three keys above.

Of course the easier and safer option is to reinstall npcap without the option, "Restrict Npcap driver's access to Administrators only".

But the whole idea is to restrict access to npcap driver to non admin. Hope this helps!

edit flag offensive delete link more

Comments

Probably much easier and less risky to simply uninstall npcap and re-install and NOT check the option for Admin mode.

grahamb gravatar imagegrahamb ( 2020-05-12 08:11:37 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2019-10-16 14:58:18 +0000

Seen: 22,753 times

Last updated: May 12 '20

Related questions

how do I configure in read only mode?

SIP Custom field data.text blank or just "Yes"

How to switch Mac OS NIC to monitor mode during use internet

Where are IP headers in Monitor mode capture?

Cannot find wlan device (monitor mode) in device list / Linux mint

Custom Plugin not showing for wireshark group user but showing non-wireshark group user

How to import ISUP signaling messages and have it dissected by Wireshark?

What should be done when detecting faulty frames?

can't capture on any interface in OSX 10.14

I have install on my Mac Mojave 10.14 but it shows multiple error like permission denied , could not create profiles directory , lots of permission are denied

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2