Author Profile - My name is Joke (pronounced \yō-kə\ or Joan for those who do not speak Dutch). During the day, I work as a secretary for a non-profit organization providing assisted living for mentally handicapped people in the south of The Netherlands. In my spare time I like to use Wireshark. I find it interesting and necessary to monitor my home network to see what is going on. As a user I like to answer questions at the Wireshark Mailing List.
What is in it for me? Well, I learn a great deal whenever I try to solve real-world problems. I am also a member of the NGN (the Dutch Network User's Group). I write articles about how to use Wireshark and the command line tools. And if there is still some spare time left, I like to go biking in the woods near my hometown with my husband and fellow geek.
Wireshark & Windows 7
In fact the title should sound like HowTo run Wireshark and HowTo install WinPcap 4.1 beta 5 on Windows 7.
Well, there are some issues:
one concerns Wireshark and the other WinPcap.
Let's start with running the previous versions on Windows 7.
Here you can download all the versions of Wireshark.
Installing Wireshark 1.0.8 or 1.1.3 with WinPcap 4.0.2 on Windows 7.
The Wireshark Installer includes WinPcap.
Previous versions of Wireshark, e.g. stable release 1.0.8 or development release 1.1.3 come together with WinPcap 4.0.2. It's no problem to install those on Windows 7.
You might get surprised, when you try to run wireshark:
The WinPcap driver (=NPF driver) is loaded by Wireshark when it starts to capture live data. This requires administrator privileges.
To start wireshark with the privilege to capture you have to right-click the (shortcut to) wireshark.exe and choose Run as administrator.
There are some other ways to start the service.
During the installation process of Wireshark and WinPcap check the box at:
Services: Start WinPcap service "NPF" at startup.
In case you have forgotten to select this option during the installation process you can use the Device Manager to change the settings.
Go to Start -> Computer -> right-click -> Manage
Select Device Manager
Next you select View -> Show Hidden Devices
Double-click Non-Plug and Play Drivers in the list of devices
Right-click on NetGroup Packet Filter Driver and select Properties.
On the Driver tab you can change the start settings to "Automatic" or "System".
Last but not least: start the NPF driver by hand:
Start -> All Programs -> Accessoires -> Command Prompt -> right-click -> Run as administrator
net start npf
net stop npf
Installing Wireshark 1.2.0/1.2.1 on Windows 7.
The Wireshark Installer for those versions includes the WinPcap 4.1 beta 5.
After running the setup for Wireshark you probably encounter this problem:
"This version of Windows is not supported by WinPcap 4.1 beta 5.
Installation will be aborted"
What is WinPcap?
WinPcap is the Windows version of the libpcap library; it includes a driver to support capturing packets.
Wireshark uses this library to capture live network data on Windows.
If WinPcap is not installed, you won't be able to capture network traffic, but you will be able to open and analyze saved capture files.
What's the solution?
After downloading right-click on wireshark.exe and choose Properties.
Check the box Run this program in compatibility mode for:… , select Windows Vista and Apply.
Now you can run the setup for both Wireshark and WinPcap.
Be prepared for Windows 7.