Wireshark mailing list archives
Re: Npcap 0.01 call for test (2nd)
From: Graham Bloice <graham.bloice () trihedral com>
Date: Sun, 26 Jul 2015 11:24:34 +0100
On 26 July 2015 at 02:47, Guy Harris <guy () alum mit edu> wrote:
As long as the user software can provide to libpcap, if necessary, some way of launching the helper with sufficient privileges (this had better not require a GUI, as you might not have a GUI available if you're trying to capture with, for example, tcpdump or TShark; it might involve running it through sudo), it should be supported by any software (and might default to something like sudo, so that only GUI-based applications would need to specify a mechanism - and they might just be able to specify "use the default GUI mechanism").
Unfortunately I think Windows UAC either requires the process to be started by the user with sufficient privileges such that UAC elevation is unnecessary, or if a process requires elevation a GUI UAC prompt is shown. I don't know of a mechanism whereby a non-GUI process can request elevation in a non-GUI manner apart from requesting the user enter credentials which entails a load of other issues. Generally, command line tools, such as PowerShell cmdlets just fail if they don't have the privileges required to undertake the task, e.g.
From a non-elevated PowerShell prompt:
C:\temp\winpcap> Get-Service npf | Stop-Service Stop-Service : Service 'NetGroup Packet Filter Driver (npf)' cannot be stopped due to the following error: Cannot open npf service on computer '.'. At line:1 char:19 + Get-Service npf | Stop-Service + ~~~~~~~~~~~~ + CategoryInfo : CloseError: (System.ServiceProcess.ServiceController:ServiceController) [Stop-Service ], ServiceCommandException + FullyQualifiedErrorId : CouldNotStopService,Microsoft.PowerShell.Commands.StopServiceCommand And from an elevated one it succeeds as one would expect. -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Re: Npcap 0.01 call for test (2nd), (continued)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Guy Harris (Jul 25)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 26)
- Re: Npcap 0.01 call for test (2nd) Graham Bloice (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Jim Young (Jul 22)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 23)
- Re: Npcap 0.01 call for test (2nd) Yang Luo (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 24)
- Re: Npcap 0.01 call for test (2nd) Pascal Quantin (Jul 25)