Wireshark-users: Re: [Wireshark-users] Installing wireshark on a PC without administrative privil

From: Marc Luethi <netztier@xxxxxxxxxx>
Date: Sat, 13 Feb 2010 23:41:52 +0100
On Sat, 2010-02-13 at 22:11 +0200, Mark Ryden wrote:
> I though of installing wireshark on disk on key, 

That won't help. WinPcap needs to hook into the Operating System's
network stack, and to do that, you need admin priviledges.

You'll need a priviledged user to install WinPcap and if you want, it's
service that will allow unprivileged users to capture traffic.

> but again when installing winpcap it gives me a privilege error.

q.e.d.

You _can_ run Wireshark as unpriviledged user and without the WinPcap
service, but you're limited to analysis of capture files that are
obtained by other means (e.g. from running tcpdump on another system).
WinPcap is only needed if you want to capture packets on the system you
are using.


regards

Marc