Dumpcap captures traffic, but Wireshark and Tshark can't see the interfaces

asked 2018-10-15 23:12:39 +0000

JoM gravatar image

updated 2018-10-16 05:26:20 +0000

Jaap gravatar image

Hello,

I'm trying to work with Windows 8.1 with Wireshark 2.6.4 and npcap 0.99-r7. I obtain correctly the list of interfaces with dumpcap via prompt command, and I'm able also to capture some traffic on a specific interface with dumpcap, save it on .pcap files, and open them with wireshark.

However, if I try to use Wireshark GUI, there are no interfaces found, and so I cannot start any capture. If I type wireshark -D or tshark -D in the prompt command, I get the message "There are no interfaces on which a capture can be done". But with dumpcap -D my interfaces appear correctly.

Please, if somebody can help me, it would be great. I have reinstalled several times both npcap and Wireshark. By the way, I had a similar problem with older versions of Wireshark and WinPcap in this computer, which I was not able to fix (although I didn't try previously to see if dumpcap was working correctly until now).

Thank you in advance.

edit retag flag offensive close merge delete

Comments

Please add a comment to your question with the contents of the Wireshark Help -> About Wireshark -> Wireshark tab (the text beginning with "Version", you can highlight it and copy and paste it).

grahamb gravatar imagegrahamb ( 2018-10-16 10:55:47 +0000 )edit

Yes, this is the content:

Version 2.6.4 (v2.6.4-0-g29d48ec8) 

Copyright 1998-2018 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 

Compiled (64-bit) with Qt 5.9.5, with WinPcap (4_1_3), with GLib 2.42.0, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.4.11, with Gcrypt 1.7.6, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.4, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729. 

Running on 64-bit Windows 8.1, build 9600, with Intel(R) Core ...
(more)
JoM gravatar imageJoM ( 2018-10-16 11:15:02 +0000 )edit

Odd that running dumpcap produces a list, both Wireshark and tshark run dumpcap themselves to access interfaces.

Do you have an AV or VPN software installed?

grahamb gravatar imagegrahamb ( 2018-10-16 11:33:41 +0000 )edit

There were some recent changes made where interfaces were not loaded under certain conditions, such as if a capture file was loaded. It's possible a regression was introduced here. Can you temporarily revert to 2.6.3 to see if your interfaces are available? If so, then a Wireshark bug report should probably be filed for this against 2.6.4.

cmaynard gravatar imagecmaynard ( 2018-10-16 15:07:02 +0000 )edit

@cmaynard

Those UI changes to not display interfaces were only in current master and should not be present in a 2.6.x build.

grahamb gravatar imagegrahamb ( 2018-10-16 15:48:40 +0000 )edit
see more comments