cannot see Ethernet access point when Wireshark runs on a virtual machine

asked 2020-07-24 17:10:37 +0000

Fatih gravatar image


I am a university lecturer and using Wireshark in my Cyber Security related classes. In the next term, we will use remote Labs due to Covid-19 situation. I and the students will access to Lab machines using WMWare Horizon. However when we run Wireshark remotely on this virtual machine we see only 'Cisco remote capture', 'SSH remote capture', and 'UDP Listener remote capture'. We need to access to 'Ethernet' and 'Local Area Connections'.

I would be grateful if you could kindly help us in this matter.

All the best, Fatih

edit retag flag offensive close merge delete


Are you able to access the network interfaces from a command window on the virtual machine?

Chuckc gravatar imageChuckc ( 2020-07-24 21:36:27 +0000 )edit

The list of interfaces are those from extcaps which are installed with Wireshark, but to capture from "regular" interfaces requires a capture library. Can you post the contents of the Wireshark Help -> About Wireshark box in a comment?

grahamb gravatar imagegrahamb ( 2020-07-25 09:08:30 +0000 )edit


thanks for your reply. Here is the content of About :

3.2.4 (v3.2.4-0-g893b5a5e1e3e)

Compiled (64-bit) with Qt 5.12.8, with WinPcap SDK (WpdPack) 4.1.2, with GLib
2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4,
with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos,
with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with
Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic
updates using WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled
resampler), with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1909), build 18363, with Intel(R) Core(TM) i5-6500
CPU @ 3.20GHz (with SSE4.2), with 8075 MB of physical memory, with locale
English_United Kingdom.1252, with ...
Fatih gravatar imageFatih ( 2020-07-27 08:49:46 +0000 )edit

I can use ipconfig in command window. However I do not have admin rights to make any changes.

Fatih gravatar imageFatih ( 2020-07-27 08:55:37 +0000 )edit

The output shows you have npcap installed with Npcap version 0.9991, based on libpcap version 1.9.1, albeit a slightly older version because you're using an older version of Wireshark (3.2.5 is current release).

Can you show the output of:

path\to\dumpcap.exe -D

where the path is usually C:\Program Files\Wireshark\.

grahamb gravatar imagegrahamb ( 2020-07-27 09:21:37 +0000 )edit