Ask Your Question

Revision history [back]

Restrict Wireshark delivery with default-filter

Is it possible to restrict Wireshark to a dedicated port on the local host per deployment?

Use Case:

We consider to deliver Wireshark as a troubleshooting tool with our Windows based product. But we have to avoid to install a hacker-tool on the customer's machine. It shall only be possible to monitor the traffic on a dedicated port of the local host. Even our service technicians shall not be able to use Wireshark to sniff any other network traffic.

We could maybe do a source-code change and compile the program by ourselves. (Was this maybe already done by someone in the past?)


Our Software runs on dedicated machines in the customer's LAN. Device-Guard is running on these systems to prevent the users to run any not allowed programs. So it would not be possible for a service technician to download and run Wireshark by himself.