Installing Wireshark/Winpcap on Server Core R2 2008

Today I needed to install winpcap and Wireshark on Windows Server Core 2008 R2. So, here is how I finally accomplished this.

  1. Install WireShark on your local box (x64 only).
  2. Get the winpcap.dll and packet.dll from your Windows\System32 directory and copy it to the new core server in the same location.
  3. Download and install Network Monitor 3.4 (Microsoft’s Wireshark) on the Server Core server.  (This installs the necessary Network Card Driver)
  4. Now install Wireshark on the core server.  WinPcap installation will fail.. That is ok.
  5. cd to Program Files\Wireshark
  6. run Wireshark.exe

That is about it.  I have it up and running on my Server Core box.  Hope this helps someone else!

  1. It is actually wpcap.dll, but the instructions did not work anyway

    Copy Packet.ddl & wpcap.dll from BOTH \Windows\system32 & \Windows\SysWOW64 from a WORKING Server 2008 R2
    (on which WinPcap_4_1_2.exe was installed) to corresponding folders on Server Core 2008 R2

    Copy nfp.sys to Windows\System32\drivers on Server Core

    Download http://sourceforge.net/projects/winpe/files/WinPcap%20Library/WinPcap%20Library%20v1.4%20-%20wpcap%20v4.0.0.755%20%284.0%29/winpcap-1.4.cab/download
    as per http://reboot.pro/10285/ and install npf.sys driver service with npf_mgm.exe -i (it is in the .cab file) on Server Core

    Now you have working Wireshark on Server Core

Leave a Comment


NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>