8 Replies Latest reply on Jun 24, 2020 10:11 AM by EddieJvCORE

    Wireshark 3.0

    jlenag Novice

      Has anyone tried to package Wireshark 3.0 with NPCAP?  Our network guys wanted us to upgrade from 2.x tree to this, but I can't get it to see any interfaces no matter what I try.  I've tried from our capture machine, but attempting to reboot during provisioning (which the install asks for) just results in a BSOD.  Same if I try to capture from our master image.  If I package without reboot, the software runs, but no interfaces can be seen.

       

      Only time I've seen this work is a base install on the mstr image not during provisioning, and only then after a successful reboot.   Anyone have any ideas?

       

      Horizon 7.6

      AV 2.15

        • 1. Re: Wireshark 3.0
          MDawgVM Lurker

          The way I handled it here was to use WinPcap.  Install it first and then Wireshark. Npcap won't work when doing a provision to an appstack. I tested this out with Wireshark 2.6.3 and Wireshark 3.0.2 and both had the same problem.  Both worked fine with WinPcap though. I know it's old and outdated software, but it handles everything properly.  It will also work with NMap if you're using that. Just deselect the Npcap install option and make sure WinPcap is installed first.

          • 2. Re: Wireshark 3.0
            jlenag Novice

            Thanks for the info on NPCAP.  I was slowly coming to that conclusion myself.  Unfortunately though, I cannot get Wireshark 3.0 to see any interfaces no matter what I try.  I got it to work on the capture machine during provisioning, but then when i attach the appstack to a desktop it goes blank.  At this point our network guys say it's not a big deal, so we're going to wait a couple version and try again later.

             

            Thanks for the help!

            • 3. Re: Wireshark 3.0
              jmatz135 Hot Shot

              Launch wireshark as administrator from the VDI desktop and see if that works. I haven't tried 3.0 yet, but in 2.x I've had to do that.

              • 4. Re: Wireshark 3.0
                jlenag Novice

                We had privilege elevation set up for 2.0 as well.  I brought all those settings over when we tried 3.0 but it still didn't make a difference.

                • 5. Re: Wireshark 3.0
                  Skocza Novice

                  Even this method of install does nto work for me ... I cant still see proper network device when deliver appstack with WinpCap installed first then with wireshark (unchecked in WS NpCap)

                  • 6. Re: Wireshark 3.0
                    EddieJvCORE Novice

                    Has anyone come up with a solution?

                     

                    Making all of the users local admins is not an option.

                    • 7. Re: Wireshark 3.0
                      jlenag Novice

                      I actually did eventually figure this out.  Completely forgot to update this post.

                       

                      For us, it was all about NPCAP and the fact that it doesn't work with AppVolumes.  I installed WinPCAP first, then NMAP and Wireshark 3.x after that, making sure to unselect the option to install NPCAP.  I also selected to start the driver at boot time, that seemed to help as well.

                       

                      Once I did that, network team let me know that it indeed started working and has been good ever since.  Hope that helps!

                      1 person found this helpful
                      • 8. Re: Wireshark 3.0
                        EddieJvCORE Novice

                        I disabled NPCAP during the Wireshark install and everything works. My install order differs a little. I think the main item here is DO NOT install NPCAP.

                         

                        Remember when installing  “Run as Administrator”.

                         

                        Eddie

                        1 person found this helpful