I just can’t live without Wireshark. Analyzing network activity and communications is a common part of my day-to-day activity.
Recently, I upgraded my laptop to Windows 8. Unfortunately, Wireshark and WinPcap do not nicely install together on Windows 8. And, in case you aren’t aware, Wireshark installs — and relies upon — WinPcap, in order to actually capture the packets on the interface (however, you can analyze packet traces that you’ve previously captured without WinPcap).
So if you run the Wireshark installer on Windows 8, and it comes to sub-launch the WinPcap installer, it will complain about “compatibility issues”, and will not install. You are able to continue and install Wireshark, but you need help to get WinPcap installed. Here’s just one way (there are lots of ways) to get it done…
- Download Wireshark (v1.8.3 at this writing) from Wireshark.org (and 7Zip or similar if you don’t have it)
- Install Wireshark, and either choose not to install WinPcap when prompted, or continue past the warnings that WinPcap cannot be installed because “This program has compatibility issues”
- Once complete, right-click on the Wireshark installer, and uzing an unzip tool (like 7Zip), extract the contents to a subfolder (in my case, “Wireshark-win64-1.8.3”)
- Go into that extraction subfolder, and right-click on the WinPcap executable (in my case, “WinPcap_4_1_2.exe”), and choose “Properties”
- On the Compatibility tab, click the Compatibility check-box for “Run this program in compatibility mode for:”, and choose “Windows 7”, and the Privilege level “Run as an Administrator”, and click OK
- Finally, run the WinPcap executable and set your options as prompted (I like to run it as a service)
And that should do it. Of course, there are a few ways to re-arrange these steps and accomplish the same thing; I’m presenting it here in the order of steps that most folks will naturally follow before running into the error.
So, I hope that helps… and happy capturing!