Does Wireshark need admin rights/privileges to execute USB capture
Would like to know if Wireshark need admin rights/privileges to execute USB capture using USBPcap package.
Platform: Windows Wireshark version: Wireshark-2.0.3
Is there a reason for using such an old version? The current stable version is 2.6.2, can you try that?
I have added my custom protocol dissectors in this particular version and is working efficiently without issues. Wanted to capture USB packets, tried using the feature but observed that when executed it lists out the USB ports on that particular system, when tried to initiate capture, it fails with warning "no capture data" "empty pipe". So, wanted to know if there is permission issue involved, does this execution require admin privileges. Thank you.
Wireshark uses USBPCapCMD to run the captures, that should be installed for you, what happens if you try that from a command line? What version of USBPcap are you using?
I tried capturing from the command line and it din't capture any packets, same behavior. I am using USB Pcap version 1.2.03. I recently upgraded to this version as the previous version was having issue with Windows-7 OS (Hotfix), USB ports were used to get unusable.
What does "that should be installed for you" means, can you please elaborate ?
Thanks.
I think that USBPcapCMD.exe should have been available as part of USBPcap install?
When you tried "capturing from the command line" what program did you use, tshark, dumpcap or USBPcapCMD?