This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark won’t capture packets unless another pcap app is running

0

Hi, Wierd problem. I'm trying to debug a monitoring app I have written which is capturing a lot of udp traffic. My app is losing 1-2% of the packets I expect to see, so I ran wireshark to identify if the expected number of packets is arriving at the machine. But wireshark doesn't see any of the packets I am expecting until I run my monitoring app at the same time. Debugging my app, wireshark appears to burst into life when my app calls the pcap librarys open function, which is called with pretty standard variables I'm not using any display or capture filters, the lights on the hardware are flashing all the time, I can't understand why wireshark isn't seeing the traffic until another app opens the port.

TIA

Paul

asked 02 Jun '14, 05:25

roccap's gravatar image

roccap
16113
accept rate: 0%

what is your

  • OS and OS version
  • Wireshark version

How did you

  • install Wireshark
  • install WinPcap, if your OS is Windows
  • start Wireshark
(02 Jun '14, 08:23) Kurt Knochner ♦

One Answer:

0

Is your other app putting the port into promiscuous mode? Have you checked that option in the Wireshark UI?

answered 02 Jun '14, 06:49

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

The promiscuous option is set in the GUI. Interestingly, running tcpdump will also cause wireshark to start acquiring packets.

(02 Jun '14, 07:37) roccap

Unsetting the option, doing a capture then unsetting and resetting the option appears to do the trick. Thanks Paul

(02 Jun '14, 08:20) roccap