Ask Your Question
0

disable interface discovery

asked 2018-08-03 08:47:32 +0000

OloEopia gravatar image

My setup consists of win7, wireshark 2.6.2, npcap 0.99 and 13 network interfaces thanks to various vpn solutions.

Now when I start up Wireshark even if I just want to open a pcap capture file I get the uac elevation dialog for all network interfaces with a short wait inbetween.

Ist there a way to disable the inerface discovery step wireshark does, or at least limit it to a known set of interface identifiers?

edit retag flag offensive close merge delete

Comments

I'm not aware of such an option. Enumerating the interfaces is run through the capture library, in your case npcap, can you rule out an npcap issue by uninstalling it and installing WinPcap?

grahamb gravatar imagegrahamb ( 2018-08-03 09:44:26 +0000 )edit

npcap itself is working fine, and the enumeration also works as expected my question is about not doing it at all, ie. when opening an existing package capture file

OloEopia gravatar imageOloEopia ( 2018-08-03 11:41:59 +0000 )edit

I don't think a UAC elevation is normal, I've never seen that before, that's what I thought your issue wa

Currently, the only way to stop Wireshark asking the capture library to enumerate all the interfaces (so Wireshark can display them along with the traffic sparklines) is to not have a capture library.

To change this behaviour would require the addition of a command line switch or preference, so an enhancement request should be raised on the Wireshark Bugzilla.

grahamb gravatar imagegrahamb ( 2018-08-03 14:28:48 +0000 )edit

3 Answers

Sort by ยป oldest newest most voted
0

answered 2024-05-16 12:44:02 +0000

Chuckc gravatar image

updated 2024-05-16 12:44:47 +0000

For more current versions of Wireshark there is a preference to disable loading interfaces:
prefs: add the option not to load interfaces on startup.

C:\>wireshark -o capture.no_interface_load:TRUE

To just disable external capture (extcap) interfaces:
extcap: add preference to prevent interfaces loading.

C:\>wireshark -o capture.no_extcap:TRUE

edit flag offensive delete link more

Comments

If we know we're being used to open a capture file (e.g., if a capture file name was provided on the command line), we should probably disable both of those.

Guy Harris gravatar imageGuy Harris ( 2024-05-19 22:12:33 +0000 )edit
0

answered 2024-05-18 13:08:05 +0000

To disable interface discovery in Wireshark and avoid the UAC elevation dialog on startup, you can launch Wireshark with the -S option, which skips the initial interface list:

Create a Shortcut: Right-click on the Wireshark shortcut, select Properties, and add -S to the Target field (e.g., "C:\Program Files\Wireshark\Wireshark.exe" -S).

Limit Interfaces: Alternatively, you can configure Wireshark to limit the interfaces it scans by editing the init.lua file. Add the following line to skip specific interfaces:

lua Copy code disable_lua = false dofile(DATA_DIR.."console.lua") These steps help bypass or limit the interface discovery process, reducing the UAC prompts.

edit flag offensive delete link more
0

answered 2024-05-16 09:24:54 +0000

AliOle80 gravatar image

updated 2024-05-16 09:25:58 +0000

A workaround:

  1. Create an empty PCAP file (a valid PCAP file, but with no packets).
  2. Create a LNK shorcut or a BAT file to open that file. Like:
    • c:\wireshark\wireshark.exe   c:\wireshark\empty.cap

Now use that shortcut to launch Wireshark instead of default launcher.

It works for me. No UAC nag. I'm actually using the portable version.

Of course you won't be able to capture from physical interfaces, i'm not administrator, but you can open PCAP files easy.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-03 08:47:32 +0000

Seen: 3,095 times

Last updated: May 18