I need to configure Wireshark without capture capabilities or privileges. Only decode pcap files from tcpdump. I am looking for a virtual windows installation that requires administrator privileges to install. Can It be installed without Winpcap, npcap, and Usbcap to achieve this?
For Windows, just run the installer but skip the installation of Npcap by unchecking the option. The option for USBcap is unchecked by default.
Alternatives: uninstall Npcap afterwards, remove dumpcap.exe or use the portable version.
See also Installing Wireshark under Windows, i.e. installer command line options.
The reason why this doesn't work on UN*Xes is that 1) libpcap is installed by default on most if not all UN*Xes on which Wireshark runs (Linux, *BSD, macOS, Solaris, possibly AIX) and 2) the capture mechanism libpcap uses on those systems is built into the operating system (unlike Windows, where Npcap has to install its own driver).
So there's no equivalent on other platforms. You'd have to manually remove the dumpcap program or rebuild Wireshark from source with packet capturing disabled.
Comments
Disable Capturing Capacity or Just to read the pcap files but no capture option
On what operating system?
Are you interested in compiling yourself and disabling/removing capture from the gui and cli options?
Or remove the
dumpcapprogram.There is no run-time configure option for this.
On Windows you can use the portable version of Wireshark also -- no admin rights needed to install.