Update: Wireshark, WinPcap, and Windows 8…

2017-07-27T00:01:04+00:00 November 28th, 2012|Uncategorized|

This is an update to the previous post on this topic, found here:

As you have read in the original post (linked above), installing Wireshark and WinPcap on Windows 8 required a couple extra steps in order to trick the system and utilize the Windows 7 compatibility for the WinPcap installer.

I’m pleased to announce that Microsoft has released the Windows 8 Compatibility Update KB2764462 to address the incompatibility (thanks to fellow Coreteker Voltaire for catching this!) and others.  Best of all, it looks like this update was pushed down to Windows 8 as part of the 11/27/2012 patch set, so you probably already have it.

So whereas previously, if you clicked “Run the program without getting help” in this dialog:

…you’d get the warning box:

…and Wireshark installation would continue, but the WinPcap install would have backed-out; leaving you with the ability to view packet traces with Wireshark, but not capture new ones.

NOW, however, when you click “Run the program without getting help” in the Program Compatibility Assistant dialog, it continues just fine, and installs, and functions correctly.  Hooray!

I’d like to think that this blog had some effect in bringing this issue to light and getting it rectified quickly. 

…I’d *like* to think that, but I know better… 




A Thanksgiving of Plenty…

2012-11-21T00:33:50+00:00 November 21st, 2012|Uncategorized|

For this Thanksgiving…


…May you know what plenty is.

…May you have the plenty you seek.

…May you appreciate the plenty that you have.


Happy Thanksgiving to you and yours, from Coretek Services.




Wireshark, WinPcap, and Windows 8…

2017-07-27T00:01:04+00:00 November 14th, 2012|Uncategorized|

I just can’t live without Wireshark.  Analyzing network activity and communications is a common part of my day-to-day activity. 

Recently, I upgraded my laptop to Windows 8.  Unfortunately, Wireshark and WinPcap do not nicely install together on Windows 8.  And, in case you aren’t aware, Wireshark installs — and relies upon — WinPcap, in order to actually capture the packets on the interface (however, you can analyze packet traces that you’ve previously captured without WinPcap).

So if you run the Wireshark installer on Windows 8, and it comes to sub-launch the WinPcap installer, it will complain about “compatibility issues”, and will not install.  You are able to continue and install Wireshark, but you need help to get WinPcap installed.  Here’s just one way (there are lots of ways) to get it done…


  • Download Wireshark (v1.8.3 at this writing) from Wireshark.org (and 7Zip or similar if you don’t have it)
  • Install Wireshark, and either choose not to install WinPcap when prompted, or continue past the warnings that WinPcap cannot be installed because “This program has compatibility issues”
  • Once complete, right-click on the Wireshark installer, and uzing an unzip tool (like 7Zip), extract the contents to a subfolder (in my case, “Wireshark-win64-1.8.3”)
  • Go into that extraction subfolder, and right-click on the WinPcap executable (in my case, “WinPcap_4_1_2.exe”), and choose “Properties”
  • On the Compatibility tab, click the Compatibility check-box for “Run this program in compatibility mode for:”, and choose “Windows 7”, and the Privilege level “Run as an Administrator”, and click OK
  • Finally, run the WinPcap executable and set your options as prompted (I like to run it as a service)


And that should do it.  Of course, there are a few ways to re-arrange these steps and accomplish the same thing; I’m presenting it here in the order of steps that most folks will naturally follow before running into the error.

So, I hope that helps… and happy capturing!





Interactive Services Detection Dialog Suppression…

2017-07-27T00:01:04+00:00 November 7th, 2012|Uncategorized|

I finally got to the bottom of the “Interactive Services Detection” dialog that appeared when running my SCCM advertisement.  The reason, in hindsight, makes total sense…

I was running my .MSI with a /qb-! switch, which means “display basic modal dialogs to the logged on user when running, but hide the ‘Cancel’ button”.  My SCCM program did not have the “Allow users to interact with this program” check-box marked.  Thus, when the advertisement ran, I would see the Interactive Services Detection dialog appear — because Windows Installer was trying to display the install dialogs to the logged on user.

To suppress the “Interactive Services Detection” dialog (below) that appears when Windows detects a service running as “Session 0” (that’s a zero) user…


…Simply mark the “Allow users to interact with this program” check-box under Run Mode on the “Environment” tab of your program.



And that should do it!  Thanks to fellow Coreteker Voltaire for suggesting that I look at this program setting…

Troubleshooting the Interactive Services Detection can be challenging.  Unfortunately, if you are working in an enterprise environment that is still deploying legacy applications, you are likely to encounter it.  So if you are deploying an .MSI through SCCM and you are not running it silently (with a “/qn” switch), be sure to mark the “Allow users to interact with this program” check-box.