<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Thanks Gerald. This is exactly the kind of information I needed. I
think something like this should be included in the documentation or
the FAQ on the winpcap.org site.</tt><br>
<pre class="moz-signature" cols="72">John Bruder
SISCO, Inc.
6605 19 1/2 Mile Road
Sterling Heights, MI 48314
Phone: 586-254-0020, Ext. 121
</pre>
Gerald Combs wrote:
<blockquote cite="mid:48E27BC7.9070902@wireshark.org" type="cite">
<pre wrap="">NPF.sys is a service, and is controlled like any other service on the system. As
Carlo says, it must be started in order to capture packets, which requires
administrator privileges. This wasn't a big deal before Vista, but on Vista
itself it's a hassle.
We get around the problem in Wireshark using the installer. If we're running on
Vista, the installer by default writes the value "2" (SERVICE_AUTO_START) to
HKLM\SYSTEM\CurrentControlSet\Services\NPF\Start. It doesn't interact with
NPF.sys or any other part of Winpcap directly.
There are a number of ways to control NPF.sys, and many of them are described at
<a class="moz-txt-link-freetext" href="http://wiki.wireshark.org/CaptureSetup/CapturePrivileges">http://wiki.wireshark.org/CaptureSetup/CapturePrivileges</a>. You can also use the
Service API: <a class="moz-txt-link-freetext" href="http://msdn.microsoft.com/en-us/library/ms686315(VS.85).aspx">http://msdn.microsoft.com/en-us/library/ms686315(VS.85).aspx</a>
Carlo Medas wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Dear John,
Packet capturing feature requires administration privileges. If
Wireshark installs the service, it's a worksaround for that need.
In other case if you want to run your application, you must start it
with administration privileges; e.g. by right clicking on it and then
selecting "Run as administrator".
Br,
\Carlo Medas
On Tue, Sep 30, 2008 at 8:29 PM, John Bruder <<a class="moz-txt-link-abbreviated" href="mailto:johnb@sisconet.com">johnb@sisconet.com</a>
<a class="moz-txt-link-rfc2396E" href="mailto:johnb@sisconet.com"><mailto:johnb@sisconet.com></a>> wrote:
My application runs fine with Winpcap 4.0.2 on Windows 2000 and XP,
but fails on Vista because "pcap_findalldevs" returns an empty list.
However, if I install Wireshark on Vista, and check the box to have
it "start the Winpcap NPF service", the "pcap_findalldevs" function
in my application works. If I reinstall Wireshark and do NOT check
the box to "start the Winpcap NPF service", pcap_findalldevs fails
again.
I do not want to require Wireshark to use my application, but the
Winpcap documentation does not explain how to "start the Winpcap NPF
service".
--
John Bruder
SISCO, Inc.
6605 19 1/2 Mile Road
Sterling Heights, MI 48314
Phone: 586-254-0020, Ext. 121
_______________________________________________
Winpcap-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a> <a class="moz-txt-link-rfc2396E" href="mailto:Winpcap-users@winpcap.org"><mailto:Winpcap-users@winpcap.org></a>
<a class="moz-txt-link-freetext" href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</a>
------------------------------------------------------------------------
_______________________________________________
Winpcap-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a>
<a class="moz-txt-link-freetext" href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</a>
</pre>
</blockquote>
<pre wrap=""><!---->
_______________________________________________
Winpcap-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Winpcap-users@winpcap.org">Winpcap-users@winpcap.org</a>
<a class="moz-txt-link-freetext" href="https://www.winpcap.org/mailman/listinfo/winpcap-users">https://www.winpcap.org/mailman/listinfo/winpcap-users</a>
</pre>
</blockquote>
</body>
</html>