This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Disable dumpcap / WireShark as Protocol Analyzer only

0

Hi,

Is there any way to use WireShark as a Protocol Analyzer only and disable the hability to "sniffing" the network?

My idea is to relase the software for some engeneer people here but I don't want then to grab new data, only to analyze "already captured data" for Wireshark.

Is that possible?

asked 28 Jan '13, 08:39

Bonacordi's gravatar image

Bonacordi
6225
accept rate: 0%

edited 28 Jan '13, 10:07

2 Answers:

2

Don't install the actual traffic capture software, e.g. WinPCap for Windows. For other platforms you could either remove the capture software, e.g. lipcap on linux, or restrict their access to it.

answered 28 Jan '13, 09:10

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hey Grahamb, thanks for your answer... just wondering how I will be able to do that since I found in the Install Guide - Cap 2.8 - Session 2.8.1.3. "Install WinPcap?" page that Wireshark installer contains the latest released WinPcap installer.

I couldn't test the install since I'm waiting a lab machine in order to test it in my company but I would like to ask, is this WinPcap like a checkbox during the install process?

(28 Jan '13, 10:05) Bonacordi

0

Based on your comments to grahamb regarding WinPcap, it looks like you're looking for a solution on the Windows platform. In that case, in theory you could compile and release your own installer without capture support, paying special attention to the following paragraph from config.nmake:

#
# Optional: WinPcap developer's pack to capture network traffic.
#
# If you have the WinPcap developer's pack (at least version 3.0),
# set this to the directory in which the WinPcap developer's pack resides.
#
# If you don't have the WPdpack, comment this line out, so that
# PCAP_DIR isn't defined.
#
#PCAP_DIR=$(WIRESHARK_LIB_DIR)\WPdpack

Unfortunately, just commenting out PCAP_DIR doesn't actually work. And when I renamed the WpdPack directory, compilation failed as follows:

capture_if_details_dlg_win32.c
capture_if_details_dlg_win32.c(108) : fatal error C1083: Cannot open include file: 'Packet32.h': No such file or directory

So this looks like a bug that needs to be fixed first before this could be an option for you.

answered 28 Jan '13, 10:45

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%