You are here

Portable Wireshark / WinPcap

8 posts / 0 new
Last post
interiot
Offline
Last seen: 15 years 10 months ago
Joined: 2008-05-15 13:40
Portable Wireshark / WinPcap

I've written up some information about silent installers for WinPcap. Wireshark currently offers a portable version, but it's bothersome to go through the process of installing WinPcap all the time.

http://paperlined.org/apps/wireshark/winpcap_silent_install.html

Basically, you extract these files from the winpcap installer:

  • npf.sys (there are three versions, for different architectures): copy it to %windir%\system32\drivers\ (unfortunately, this is the one change you have to make to the local machine)
  • packet.dll (again, three different versions): select the right one, and put it in the same directory as Wireshark on the thumb drive
  • pthreadVC.dll, wpcap.dll, and WanPacket.dll: put these in the same directory as Wireshark on the thumb drive
KJK
Offline
Last seen: 7 years 10 months ago
Joined: 2016-05-06 15:55
Question

Is it possible to make a

    Windows\System32\drivers\

directory in your Flash Drive and copy npf.sys there?

???

Jeff Savage
Offline
Last seen: 5 years 4 months ago
Joined: 2014-10-05 03:44
Wireshark is already a

Wireshark is already a Portable App. See the official download page: https://www.wireshark.org/download.html

Have an awesome day! Biggrin
Jeff Savage ~ BetaLeaf

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 5 years 5 months ago
Joined: 2012-06-15 14:48
False Bravado

That falsely assumes that cap is installed on the machine you are loading the portable wireshark, and that effectively makes it useless. You can make the client portable, but that says nothing about what it relies on to actually work.

So, your suggestion is that every machine you are running portable wireshark get the cap installed on it to work, then why have a portable wireshark when you can install it when you do cap?

The package DOES state it will install it and remove it as it is run, but it doesn't actually work on systems with any decent level of security. For example, on most of the machines manged by us, it won't work, unless you actually manually install it on that machine. An app must work consistently all the time in portable mode or it becomes ineffective.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

ottosykora
Offline
Last seen: 1 day 5 hours ago
Joined: 2007-10-11 17:48
clearly this works onmly sometimes

If the user has a way to install drivers on a machine, also portable wireshark will work. It will install the cap and remove it on exit. But for that the user needs quite a privileges to do so.
You simply can not expect tools like wireshark, to be running on any protected system unless the administrator of such system did install it.
In fact, I am surprised that someone need to run such tools on a protected system. What for?
System tools which need admin rights simply do not work portably. This is not a problem of such programs. This is simply function of windows (and any reasonable current operating system).
System App can not work all the time in portable mode and nobody does actually expect it to do so.

Otto Sykora
Basel, Switzerland

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 5 years 5 months ago
Joined: 2012-06-15 14:48
It's not a toy

Yes, clearly it only works sometimes and that inconsistency is not good for a professional tool. Unless they can make it work consistently ALL the time without special consideration, they should not be releasing a "portable" version.

So, that being said, I can indeed expect that when they make the claim that it works in portable state, otherwise they should not be offering it. Period.

You may be surprised as to why anyone would but short of the kiddies playing around because they think it is cool, there are tons of valid professional reason for it's use. As a network and security professional, if you don't know how to use it or don't, you are not worth your title. There are absolutely legitimate use cases this fails to accommodate, and if they are not clear to you, then probably not for you. Protected system or not, how do you think diagnosis is conducted? in a vacuum?

And you are wrong to say that not all portable apps are expected to work. Absolutely you have that expectation, if they are certified to work they should or they should not be released, there is no ifs ands and buts about it. Putting out a half baked solution expecting it to work when it feels like it is absolutely wrong and shouldn't be done.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

John T. Haller
John T. Haller's picture
Online
Last seen: 10 min 39 sec ago
AdminDeveloperModeratorTranslator
Joined: 2005-11-28 22:21
Admin Rights

It requires admin rights. With it, it can install and uninstall. Without it, it can't. As it's a network analysis tool, that's fair, even though it doesn't fall within the normal exceptions for apps to require admin rights.

We have multiple system tool-style apps that require admin rights. Things like disk defrag and file recovery. You can't do those things without admin rights. They won't run without it.

Sometimes, the impossible can become possible, if you're awesome!

GµårÐïåñ
GµårÐïåñ's picture
Offline
Last seen: 5 years 5 months ago
Joined: 2012-06-15 14:48
Already Aware

My friend, been a long time. Hope you are well.
Yes, I am aware, clearly without that it wouldn't stand a change modifying anything on the system.

The point I was making is that, if you have to install something on the machine manually because it cannot do it, then it defeats the purpose of having it portable. If you have to install cap, then why do you need to use portable? you can just install the app too.

~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~

Log in or register to post comments