Dumpcap captures traffic, but Wireshark and Tshark can't see the interfaces
Hello,
I'm trying to work with Windows 8.1 with Wireshark 2.6.4 and npcap 0.99-r7. I obtain correctly the list of interfaces with dumpcap via prompt command, and I'm able also to capture some traffic on a specific interface with dumpcap, save it on .pcap files, and open them with wireshark.
However, if I try to use Wireshark GUI, there are no interfaces found, and so I cannot start any capture. If I type wireshark -D or tshark -D in the prompt command, I get the message "There are no interfaces on which a capture can be done". But with dumpcap -D my interfaces appear correctly.
Please, if somebody can help me, it would be great. I have reinstalled several times both npcap and Wireshark. By the way, I had a similar problem with older versions of Wireshark and WinPcap in this computer, which I was not able to fix (although I didn't try previously to see if dumpcap was working correctly until now).
Thank you in advance.
Please add a comment to your question with the contents of the Wireshark Help -> About Wireshark -> Wireshark tab (the text beginning with "Version", you can highlight it and copy and paste it).
Yes, this is the content:
(more)Odd that running dumpcap produces a list, both Wireshark and tshark run dumpcap themselves to access interfaces.
Do you have an AV or VPN software installed?
There were some recent changes made where interfaces were not loaded under certain conditions, such as if a capture file was loaded. It's possible a regression was introduced here. Can you temporarily revert to 2.6.3 to see if your interfaces are available? If so, then a Wireshark bug report should probably be filed for this against 2.6.4.
@cmaynard
Those UI changes to not display interfaces were only in current master and should not be present in a 2.6.x build.
Right, good point.
Does
F5
(Refresh Interfaces) do anything? I suppose you could try running Wireshark as an Administrator to see if that helps. What does "Capture -> Options -> Manage Interfaces..." show, if anything?I have tried your suggestions: uninstalled vpn client, deactivated antivirus software, installed previous version 2.6.3, but still the same, this is the output within command prompt:
Also, if I run Wireshark as Administrator, nothing seems to change, and the list of Capture->Options->Manage Interfaces is empty.
Well, I've got some news... I'm able to launch Wireshark (as well as tshark) if I specify on the command prompt the interface with the npf id, as example:
opens the GUI with the WiFI interface ready to capture, and it works!!
However, if I try to write the short name, in this case, Wi-Fi:
works also properly, but both tshark and wireshark show an error opening the interface.
So, maybe the names translation of the interfaces are the origin of my problem?? I don't know which can be the reason for this. By the way, at the moment I have changed to WinPcap instead of npcap, although I suspect that with npcap this solution also works. At least, I've got finally a method for using Wireshark GUI.
I wonder if this has something to do with the locale (
with locale Spanish_Spain.1252
). Take a look at the name of interface 2:Haven't there been some recent changes for command line handling w.r.t. UTF8 and UTF16? @JoM, have you tried the previous version 2.6.3?
@grahamb, yes, I tried with 2.6.3, but the list of interfaces was also empty. By the way, I'm now with another computer at work (the problem is with my laptop), with Windows 7, WinPcap 4.1.3 and old version of Wireshark 2.0.3, with a similar locale configuration (Spanish), there is no problem with interfaces, and this is the output at command prompt:
C:\Program Files\Wireshark>dumpcap -D
\Device\NPF_{BA3714B2-8D0C-4DC9-91D9-21A5F8CAD0BE} (Conexión de área local)
\Device\NPF_{5883229F-35BD-4F9B-BA0F-8B5198AF89E0} (Conexi├│n de Loopback)
C:\Program Files\Wireshark>wireshark -D
C:\Program Files\Wireshark>
\Device\NPF_{BA3714B2-8D0C-4DC9-91D9-21A5F8CAD0BE} (Conexión de área local)
\Device\NPF_{5883229F-35BD-4F9B-BA0F-8B5198AF89E0} (Conexi├│n de Loopback)
C:\Program Files\Wireshark>tshark -D
\Device\NPF_{BA3714B2-8D0C-4DC9-91D9-21A5F8CAD0BE} (Conexión de área local)
\Device\NPF_{5883229F-35BD-4F9B-BA0F-8B5198AF89E0} (Conexión de Loopback)
It seems that the locale is not a problem, at least for this version with this computer. I will ...(more)