Tshark crashes if I run it after changing the default interface (in Wireshark)

tshark.exe

asked 2020-05-28 22:18:25 +0000

NickTsl
1 ●1 ●1

updated 2020-05-29 11:01:45 +0000

Jaap

13730 ●684 ●115

I don't want tshark.exe to default capturing on "Local Area Connection 7", I want it to capture on "Ethernet". The problem is that every time i change the default interface (in Wireshark) to "Ethernet", tshark.exe just closes immediately after I open it. I have tried hiding the connections but it still starts capturing on Local Area Connection 7... Is there a way of deleting that connection or make tshark.exe to capture on "Ethernet" without crashing?

edit retag flag offensive close merge delete

Comments

How did you change Ethernet to be default and what happens when shark exits?

$ tshark -D
1. \Device\NPF_{xxxx-xxxx-xxx-xxx} (Local Area Connection* 10)
2. \Device\NPF_{xxxx-xxxx-xxx-xxx} (Local Area Connection* 9)
3. \Device\NPF_{xxxx-xxxx-xxx-xxx} (Local Area Connection* 8)
4. \Device\NPF_{xxxx-xxxx-xxx-xxx} (Ethernet)
5. \Device\NPF_Loopback (Adapter for loopback traffic capture)
6. \Device\NPF_{xxxx-xxxx-xxx-xxx} (Local Area Connection)
7. ciscodump (Cisco remote capture)
8. randpkt (Random packet generator)
9. sshdump (SSH remote capture)
10. udpdump (UDP Listener remote capture)

$ tshark
Capturing on 'Local Area Connection* 10'
0 packets captured

$ tshark -i 4
Capturing on 'Ethernet'

Chuckc ( 2020-05-29 01:41:19 +0000 )edit

From Wireshark>Edit>Preferences>Capture>Default Interface and i put it to Ethernet. When i run tshark.exe then for a split second everything is normal and it manages to capture 1-2 packets before it immediately closes. That's all

NickTsl ( 2020-05-29 10:34:04 +0000 )edit

So it doesn't close immediately, as it manages to capture a few packets.

You say you "open" tshark.exe; do you mean you run it from the command line, as per @bubbasnmp's eample, or do you mean you double-click it in Windows Explorer?

Guy Harris ( 2020-05-29 22:34:52 +0000 )edit

add a comment

answered 2020-05-29 12:04:03 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

updated 2020-05-29 13:16:28 +0000

Seems to be a bug in that dialog, for Windows at least.

On my (Win 10) system I can enter any of the 3 options below in the Default Interface field using the list provided in the comment by @bubbasnmp as an example. Your system may be different.

The interface index e.g. for Ethernet it's "4"
The interface friendly name, e.g. "Ethernet"
The device name, e.g. "\Device\NPF_{xxxx-xxxx-xxx-xxx}"

Entering the combination of the friendly name and device in parethensis as is done by the droplist fails.

A bug for this should be raised on the Wireshark Bugzilla.

Comments

Never mind, i just disabled Local Area Connection7 from device manager. Wasn't something crucial I guess. Now it starts capturing on Ethernet by default. Thanks anyway

NickTsl ( 2020-05-29 13:15:27 +0000 )edit

Wasn't something crucial

If it just stops with no message, that sounds like a crashing bug, which is always critical, even if you can work around it - somebody else might see it and have to work around it.

I'm seeing a different problem if I select "Ethernet0" as the default device on Windows 10; I've filed that as bug 16593.

Guy Harris ( 2020-05-29 22:31:04 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Tshark crashes if I run it after changing the default interface (in Wireshark)

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Tshark crashes if I run it after changing the default interface (in Wireshark) edit

Comments

1 Answer

Comments

Your Answer

Question Tools

Stats

Related questions

Tshark crashes if I run it after changing the default interface (in Wireshark)