Wireshark sees a few interfaces that I cannot find in the Windows registry, where does Wireshark get its list of interfaces?

asked 2020-07-24 18:49:09 +0000

selmafrog gravatar image

updated 2020-07-24 22:30:08 +0000

Guy Harris gravatar image

I have gone into the registry, Windows 10, and removed all of the unused, old network adapters so there should only be 8 adapters showing in the system. That is the number which now shows in the Network GUI on this Win10 box. However, when I run Wireshark, and it discovers interfaces it finds 12 Adapters. When I do "show hidden devices" in Device Manager I see 10 Adapters - I know those extra 2 are for the VPN I use. I would like to know what file, or registry entry, or whatever Wireshark queries to get the list of interfaces it displays after it runs "finding local interfaces". I need to know what I am missing removing to resolve this discrepancy.

edit retag flag offensive close merge delete

Comments

Still digging. Similar issue here on the nmap/npcap email list.
On Windows, Wireshark is calling npcap to get the interface list. The wireshark code that does this is similar to this example code in the Npcap Development Tutorial.

If you don't mind poking around in the Registry, there is some info in this article.
It shows the Wireshark: Interface Details window but alas that got dropped.

Chuckc gravatar imageChuckc ( 2020-07-24 22:37:38 +0000 )edit

What is the output of ipconfig/all and dumpcap -D in a Command Prompt window?

Guy Harris gravatar imageGuy Harris ( 2020-07-24 23:23:50 +0000 )edit

how do I get the results of ipconfig /all and dumpcap to you. I tried adding as a comment and get that this content is forbidden. Anyway, dumpcap -D returns "'dumpcap' is not recognized as an internal or external command, operable program or batch file. ipconfig /all :

Ethernet adapter Ethernet: 
Unknown adapter NordLynx:
Ethernet adapter Ethernet 3:
Wireless LAN adapter Local Area Connection* 2:
Wireless LAN adapter Local Area Connection* 4:
Ethernet adapter VMware Network Adapter VMnet1:
Ethernet adapter VMware Network Adapter VMnet8:
Wireless LAN adapter Wi-Fi:
Ethernet adapter Bluetooth Network Connection 2:
selmafrog gravatar imageselmafrog ( 2020-07-25 01:55:26 +0000 )edit

The Wireshark install directory may not be in your path. Typical (not always) is C:\Program Files\Wireshark.

Chuckc gravatar imageChuckc ( 2020-07-25 02:42:14 +0000 )edit

how do I get the results of ipconfig /all and dumpcap to you.

You just did. (I assume you removed all the IP address etc. details from the output of ipconfig/all; those details aren't necessary, so you don't need to supply them.)

dumpcap -D returns "'dumpcap' is not recognized as an internal or external command, operable program or batch file

Try "C:\Program Files\Wireshark\dumpcap" -D, as per @Chuckc's suggestion.

Guy Harris gravatar imageGuy Harris ( 2020-07-25 02:47:46 +0000 )edit
see more comments