Wireshark-dev: Re: [Wireshark-dev] Wireshark Portable

From: "Graeme Lunt" <graeme@xxxxxxxxxxx>
Date: Thu, 17 Apr 2008 08:58:16 +0200
Ryan,

Just to keep you uptodate ...

> > The Wireshark portable app does not seem to be working correctly on Vista.
> > I've tried it on several different machines. I keep getting the message "The
> > NPF driver isn't running. You may have trouble capturing or listing
> > interfaces." WinPCap is installed, and if the local version of Wireshark is
> > installed, it works fine. I am able to successfully launch the local
> > version, but the portable version will not run due to no interfaces being
> > found. The portable version is working fine on Windows XP though. Is there a
> > resolution to this?
>
> If WinPcap is already installed, then the Wireshark portable shouldn't
> even need to install it itself and it should work like a normally
> installed Wireshark. Even if WinPcap isn't installed, Wireshark
> portable just runs the standard WinPcap installer which should set
> things up correctly.
> However, I haven't run Wireshark portable on Vista - I'll have a look
> and see if I can fix the problem.

The current U3 package does not support Vista, as you have noted, for
two reasons:

1)  It doesn't change the NPF\Start key in the registry to auto-start
the driver when you run Wireshark for the first time (the standard
Wireshark Windows installer does this, not the WinPcap installer).
This is why you see the "NPF driver isn't running error" when you run
the U3 Wireshark.

(However, if I install WinPcap from the Wireshark Windows Installer
first - and then run the U3 version, it *can* find the interfaces.)

2) The U3 utility program needs elevated privileges on Vista (for
things other than to write the NPF registry key above), which it
doesn't request.

I am working on a resolution for both of these problems and will let
you know when I have something.

Note that the PortableApps version of Wireshark currently has the same
problems on Vista.

Graeme