Wireshark mailing list archives

Re: Npcap 0.01 call for test (2nd)

From: Graham Bloice <graham.bloice () trihedral com>
Date: Sun, 26 Jul 2015 11:24:34 +0100

On 26 July 2015 at 02:47, Guy Harris <guy () alum mit edu> wrote:

As long as the user software can provide to libpcap, if necessary, some
way of launching the helper with sufficient privileges (this had better not
require a GUI, as you might not have a GUI available if you're trying to
capture with, for example, tcpdump or TShark; it might involve running it
through sudo), it should be supported by any software (and might default to
something like sudo, so that only GUI-based applications would need to
specify a mechanism - and they might just be able to specify "use the
default GUI mechanism").

Unfortunately I think Windows UAC either requires the process to be started
by the user with sufficient privileges such that UAC elevation is
unnecessary, or if a process requires elevation a GUI UAC prompt is shown.
I don't know of a mechanism whereby a non-GUI process can request elevation
in a non-GUI manner apart from requesting the user enter credentials which
entails a load of other issues.  Generally, command line tools, such as
PowerShell cmdlets just fail if they don't have the privileges required to
undertake the task, e.g.

From a non-elevated PowerShell prompt:


C:\temp\winpcap> Get-Service npf | Stop-Service
Stop-Service : Service 'NetGroup Packet Filter Driver (npf)' cannot be
stopped due to the following error: Cannot
open npf service on computer '.'.
At line:1 char:19
+ Get-Service npf | Stop-Service
+                   ~~~~~~~~~~~~
    + CategoryInfo          : CloseError:
(System.ServiceProcess.ServiceController:ServiceController) [Stop-Service
   ], ServiceCommandException
    + FullyQualifiedErrorId :
CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand

And from an elevated one it succeeds as one would expect.

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe

Current thread:

Re: Npcap 0.01 call for test (2nd), (continued)
- - - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 25)
    - Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 26)
    - Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 22)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
    - Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 24)
    - Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 25)

(Thread continues...)