Oct 31, 2018 - If access to the system level is not achieved immediately missing patches weak configuration or encoding problems you should steal privileges. I'm a has-been Doman/Enterprise Admin who has been an OU. Yeah but you don't want to be stuck with cleaning up AD after one disappears without a proper dcpromo. We also closely track who has access to the captured data. I've been in environments where pre-installing Winpcap was routine.
I know there has been lots of discussion already on installing WinPcap on Windows 8. I'm running the RTM version. I was able to install WinPcap without a hitch by using the Windows 7 compatibility mode. Since then, I've noticed that WinPcap has stopped running and is actually no longer even installed. I tried installing it again, but now it continues to tell me that WinPcap does not work with my version of Windows. Compatibility modes and admin privileges make no difference.
The only thing I remember doing to my system was installed 900MBs of Windows Updates. Does anyone have any ideas about what I might do to get WinPcap installed? I've already ensured that the compatibility mode settings I changed were in effect for all users. I've already ensured that 'run this program as an administrator' is checked on the compatibility tab for all users. I've also tried installing WinPcap 4.1.2 and 4.1.1.
No success with either.
I'm not positive if this will help with your issue, but you might try specifying an interactive command line for the 'rpcapd' service executable directly. Locate this file on your installation (for 64-bit it will be under Program Files (x86) WinPCAP) within a CMD prompt window (WIN+R, 'cmd', Enter): cd Program Files (x86) WinPCAP rpcapd -l 1.2.3.4 -n You can then try authenticating without credentials (as specified by -n) only from a remote system with the IPv4 address (1.2.3.4) following the -l parameter. In the Wireshark 'Capture Interfaces' (Ctrl+K), 'Mange Interfaces.' Button, 'Remote Interfaces' tab, '+'-button, 'Remote Interface' dialog box, select 'Null authentication'. This ought to provide a list of interfaces available on the WinPCAP host and ought to resemble the output of 'dumpcap -D -M' on that remote host.
![Install Winpcap Without Admin Rights Meme Install Winpcap Without Admin Rights Meme](http://yeknan.free.fr/blog/images/ubuntu7.10/install/15.png)
If this procedure doesn't work there is some connectivity problem between the two systems, perhaps due to a firewall or cabling issue. I was able to build an RPCAP connection without issue on Windows 10 Pro 64-bit, with Wireshark 2.4.4 64-bit and WinPCAP 4.1.3 as the remote system, and Windows 7 Pro 64-bit as the system running Wireshark or Dumpcap (I used the -b and -p options for 'rpcapd' as well). I did not need to run 'rpcapd' with an Administrator-level account, a 'Limited User Account' worked fine in my case. Note that with this configuration I have found that it is necessary to specify a '-m count:1' option for 'dumpcap' to actually capture packets, or the same sampling option in the GUI for Wireshark (found in the dialog box via the button on the lower right of the same 'Remote Interfaces' tab noted above). If the RPCAP sampling option is not set it seems that no packets are passed over the network to Wireshark or the command line tools.