The lack of captured packets is either an Npcap issue or a Windows issue, and should be reported on the Npcap issues list.
The message in question is a warning. Please mention it in the issue you file and, if possible, copy and paste it rather than retyping it.
(The message in the libpcap and thus Npcap code begins with "Unknown NdisMedium value", capitalized in that fashion, so it was retyped here. 12 is an odd NdisMedium value for a teamed Ethernet device; it appears that it's NdisMediumCoWan, which makes no sense, as it "Specifies a wide area network in a connection-oriented environment.", and Ethernet isn't considered a WAN and isn't connection-oriented, so the value may have been different as well. Knowing the correct value might help determine what DLT_ value it should be mapped to.)
12? Sounds as if either Intel or Microsoft is doing something massively wrong, as it makes zero sense for NdisMediumCoWan to be the NdisMedium type.
What's the output of wireshark -D?
OUTPUT OF wireshark -D
1. \Device\NPF_{DF4A9D2C-8742-4EB1-8703-D395C4183F33} (Local Area Connection* 4)
2. \Device\NPF_{E43D242B-9EAB-4626-A952-46649FBB939A} (Local Area Connection* 3)
3. \Device\NPF_{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} (Local Area Connection*)
4. \Device\NPF_{78032B7E-4968-42D3-9F37-287EA86C0AAA} (Local Area Connection* 10)
5. \Device\NPF_{8E301A52-AFFA-4F49-B9CA-C79096A1A056} (Local Area Connection* 5)
6. \Device\NPF_{9374D46C-2355-4C45-AF76-3CB56C734852} (VirtualBox Host-Only Network)
7. \Device\NPF_{E4387D79-C7EF-4B91-8AF0-8701F536DFA6} (Local Area Connection 4)
8. \Device\NPF_Loopback (Adapter for loopback traffic capture)
9. \Device\NPF_{29898C9D-B0A4-4FEF-BDB6-57A562022CEE} (Local Area Connection* 2)
The 1,2,3,4 at the end was 6,7,8,9 in my source OUTPUT OF wireshark -D
1. \Device\NPF_{DF4A9D2C-8742-4EB1-8703-D395C4183F33} (Local Area Connection* 4)
2. \Device\NPF_{E43D242B-9EAB-4626-A952-46649FBB939A} (Local Area Connection* 3)
3. \Device\NPF_{71F897D7-EB7C-4D8D-89DB-AC80D9DD2270} (Local Area Connection*)
4. \Device\NPF_{78032B7E-4968-42D3-9F37-287EA86C0AAA} (Local Area Connection* 10)
5. \Device\NPF_{8E301A52-AFFA-4F49-B9CA-C79096A1A056} (Local Area Connection* 5)
6. \Device\NPF_{9374D46C-2355-4C45-AF76-3CB56C734852} (VirtualBox Host-Only Network)
7. \Device\NPF_{E4387D79-C7EF-4B91-8AF0-8701F536DFA6} (Local Area Connection 4)
8. \Device\NPF_Loopback (Adapter for loopback traffic capture)
9. \Device\NPF_{29898C9D-B0A4-4FEF-BDB6-57A562022CEE} (Local Area Connection* 2)
On which of those interfaces were you trying to capture?
Asked: 2023-03-05 21:01:44 +0000
Seen: 1,851 times
Last updated: Mar 06 '23
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
Similar to npcap #173.
Can you update the question with the output of
wireshark -vorHelp->About Wireshark:Wireshark.Version 4.0.4 (v4.0.4-0-gea14d468d9ca).
message on start capture
Properties of adapter
Opening screen Wireshark
start, no activity stop, message "No packets captured. As no data was ...(more)
The output of
wireshark -valso includes information onnpcap(if loaded) and the operating system.Can you add the full output?
OUTPUT OF WIRESHARK -V
(more)"Npcap Packet Driver (NPCAP)" is visible in the local network properties and checkmarked to be active