This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Windows 7 and old versions

0

Hi,

The many coworkers at my company run various versions of Wireshark. We're upgrading to Windows 7 next year, so we need to know which is the first version which works under Windows 7. I see in old msgs that 1.2.3 (which came out when Win7 was released 2 years ago) works under Windows 7. But did earlier versions work? Did anyone try?

The oldest version we found on our LAN is 0.95. I downloaded Wireshark (Ethereal) 0.95, which does not include WinPcap. Was WinPcap 2.3 the corresponding version? I figure if 0.95 works, the newer versions probably also work.

By now I'm sure you're wondering why the heck don't we simply upgrade to the latest version. I think the rationale is that for some applications, newer versions are not 100% backwards compatible, and for some tools we have complex scripts; etc that we don't have money to rewrite. One coworker told me an old .dll he wrote for wireshark did not work simply by copying it to the latest wireshark.

asked 21 Nov '11, 11:49

Block's gravatar image

Block
1111
accept rate: 0%

edited 28 Feb '12, 20:34

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142


One Answer:

1

According to the WinPcap news page:

19 October, 2009 As of today, WinPcap 4.1 is available in the download section of the WinPcap website.

This release contains a large series of improvements that were gradually added to WinPcap during the various beta's.

First of all, this version includes full support for x64 platforms, both in the driver and in the user level libraries. Also, the long awaited support for Windows 7 (and Windows Server 2008 R2) has been added to the long list of supported flavors of Windows.

so if you want Windows 7 support, you need WinPcap 4.1 or later (later is better; as that news page notes, 4.1.1 fixes some bugs and 4.1.2 fixes more bugs).

Yes, this means that if you want to capture traffic on Windows 7 with older versions of Wireshark, you will have to manually install a later version of WinPcap after installing Wireshark.

answered 21 Nov '11, 17:40

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

I have since installed Wireshark 0.95 with WinPcap 2.3 but no interfaces were listed. I then installed the latest WinPcap and then Wireshark 0.95 worked. I might check other versions of WinPcap tomorrow to see if users will need to upgrade for Win7

(21 Nov '11, 13:16) Block

Thanks. One program/contract at another site wrote a dll which alows them to capture mesages specific to that system/program(cool!). He's concerned his dll won't work under the new wireshark, but now that we realize all that's needed is a new WinPcap, his dll might work afterall. I plan to obtain his dll and test it later today.

(22 Nov '11, 08:50) Block

(I converted your "answers" to "comments" see the FAQ for details)

Unfortunately the DLL issue will not be solved by a different version of WinPcap. The interface for plugins (assuming with a DLL you mean a plugin) differs from Wireshark version to version. The code needs to be re-compiled for every new major version of Wireshark. The best thing to do is ask the provider of the plugin (DLL) to provide one compiled for the latest version of Wireshark.

(22 Nov '11, 09:39) SYN-bit ♦♦

A different version of WinPcap "solves" the DLL issue by letting them run older versions of Wireshark and still be able to capture traffic on Windows 7. The ideal would be to have the DLL built for the latest version of Wireshark, so you can get later versions if they include useful features or bug fixes.

(22 Nov '11, 09:48) Guy Harris ♦♦