[Winpcap-users] WinPCap on Vista
Bryan Kadzban
bryan at kadzban.is-a-geek.net
Wed Sep 12 21:40:19 GMT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Ioan Popescu wrote:
> I know that to use Wireshark (or any WinPCap-based app) on Vista, it
> must be "run as administrator" when starting it.
>
> My question is this: Why?
Having never actually run Vista, all I can do is guess. However, my
guess would be that the problematic action is either "starting the npf
driver", or "talking to the NPF driver through the virtual device file
that it provides".
If the problem is starting the driver, then only the first program to
talk to wpcap.dll would need to be elevated, and starting the driver at
boot time (which the current Wireshark setups should give the option to
do) would be a workaround. If the problem is talking to the driver via
its device, then any program that uses wpcap.dll at any point would need
to be run in elevated mode.
(It's also possible that the problem is something completely different,
in which case none of this applies.)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG6FzCS5vET1Wea5wRAyJhAKClYcpinyQFx6YxlXqISch1OwOvbwCfa3GZ
LmVR5WLpYGkX4RLVF7LejTo=
=1hU2
-----END PGP SIGNATURE-----
More information about the Winpcap-users
mailing list