Wireshark GUI freezes for a minute on capture start

2022-01-23

rossboulet

Running Windows 10, 21H2, Wireshark 3.6.1, Npcap 1.60, NO USBpcap.

When I start a capture, everything looks good for a few seconds. I see packets being displayed. After a few seconds, the display freezes. Then, approximately 60 seconds after I started the capture, the display frees up and seems to catch up. Anyone else seeing this behavior?

Some type of name resolution timeout perhaps?

Bob Jones ( 2022-01-24 )

I noticed a similar behaviour running under windows 7 and NCAP 1.6. I tried reinstalling a few times and winding back to previous restore points to no avail. Reverting to Wireshare 3.4.11 was the only option for me.

alex314 ( 2022-01-26 )

2022-01-27

rossboulet

Thanks for the suggestions. It was not a DNS issue, but it got me started digging into the settings. I turned off all the MAC and name resolution options and was still having the issue. Finally, I created a new profile and the issue went away. By exporting my old and new profiles and comparing them, I found the problem. A while back I was experimenting with decrypting some HTTPS traffic and has set the Windows environment variable for SSLKEYLOGFILE and added a Wireshark option to the TLS protocol for (Pre)-Master-Secret log file. My SSL log file had grown to over 800MB. So when I would start a capture, as soon as it caught a TLS packet, the GUI would freeze while the log file was accessed. I was wondering why there was a variable length of time before it froze, but after this discovery, I found it was always freezing on the first TLS packet.

Chuckc ( 2022-01-28 )

2022-01-25

mrEEde

This could possibly be a DNS resolution attempt slowing down the the machine.
Please retry by unchecking the 'Use an external network name resolver' under the Name resolution preferences . Regards Matthias

