Closed RonnyTNL closed 2 years ago
Just reproduced on a different machine, also Win10 21H2/Wireshark 3.6.6 x64
I'm having the same issue with this combination:
Reverting to 1.60 also resolves the issue
Thanks for the reports. We've been able to reproduce this issue as well and are planning to resolve it in an Npcap 1.71 release that we hope to make soon.
The issue only affects high-integrity processes (e.g. right-click and "Run as Administrator"). Ordinary processes (like running Nmap from an ordinary cmd.exe shell) will launch the NpcapHelper.exe process with UAC elevation, which then shares the Npcap device handle with the lower-integrity parent process. A workaround until the next release, therefore, is to avoid starting Npcap-using processes via the "Run as Administrator" dialog, but rather to let Npcap manage the elevation. This is also preferable generally, since it uses the least privilege necessary.
The issue only affects high-integrity processes (e.g. right-click and "Run as Administrator"). Ordinary processes (like running Nmap from an ordinary cmd.exe shell) will launch the NpcapHelper.exe process with UAC elevation, which then shares the Npcap device handle with the lower-integrity parent process. A workaround until the next release, therefore, is to avoid starting Npcap-using processes via the "Run as Administrator" dialog, but rather to let Npcap manage the elevation. This is also preferable generally, since it uses the least privilege necessary.
That doesn't seem to work when using Wireshark, at least not on my setup, when I start Wireshark as normal user, then I get 3 prompts for the UAC admin credentials when trying to start/use the helper, and then Wireshark still doesn't show interfaces.
After upgrading from 1.60 to 1.70 I can no longer see network interfaces on Wireshark.
Reverting back to 1.60 and having all 3 boxes ticked on the installer (restrict/support raw/API compatible) works as expected. Installing 1.70 with Restrict Npcap driver's access disabled also works and shows interfaces in Wireshark
Seem there is a permission issue introduced between 1.60 and 1.70