Ask Your Question
1

Can I skip "Finding Local Interfaces"?

asked 2019-01-23 22:29:33 +0000

feenyman99 gravatar image

Hi...

When I launch Wireshark, it takes ~30 seconds to initialize. Of this initialization time, the display indicates that about 25 seconds is spent "Finding Local Interfaces".

I use Wireshark virtually every day (I'm lucky that way!), and 99% of the time I am reading in an existing .pcap file. I almost never use Wireshark to capture the packets.

Is there a way for me to launch Wireshark in "No Capture" mode, so it does not bother looking for local interfaces?

(Always trying to be more efficient :-))

Thx...

feenyman99

edit retag flag offensive close merge delete
add a comment

2 Answers

Sort by » oldest newest most voted
0

answered 2019-01-24 15:41:17 +0000

Jasper gravatar image

What I do currently (on WIndows) is to stop / disable the autostart capture service. For that you need to run a elevated (administrative) command prompt and enter

sc config npf start=demand             (if using WinPCAP)

sc config npcap start=demand           (if using npcap)

That prevents the capture driver to load on start. If I need to capture I open the elevated command prompt again and run 

sc start npcap

which runs the npcap capture service until the next reboot, or until I stop it again using

sc stop npcap

If you use WinPCAP you need to replace "npcap" with "npf" in both commands.

edit flag offensive delete link more

Comments

And for those with a more modern view, the PowerShell equivalents (also requiring an elevated prompt) are:

Set-Service npcap -StartupType Manual

and to start\stop the service

Start-Service npcap
Stop-Service npcap

again swapping "npcap" with "npf" for WinPcap.

grahamb gravatar imagegrahamb ( 2019-01-24 15:50:47 +0000 )edit

Thanks @grahamb - I guess I'm on the "Old School" track :-)

Jasper gravatar imageJasper ( 2019-01-24 15:55:53 +0000 )edit
1

There's hope for you yet @Jasper!

grahamb gravatar imagegrahamb ( 2019-01-24 15:59:59 +0000 )edit

Note that, as per bug 15126, there are two parts to "Finding local interfaces" - there's finding the interfaces that libpcap/WinPcap/Npcap knows about and there's finding the extcap interfaces. The "It's really slow" part tends to be the extcap part; disabling the driver for WinPcap/Npcap on Windows only eliminates the "finding the interfaces that libpcap/WinPcap/Npcap knows about" part, so if disabling the driver doesn't speed things up significantly, the problem is with extcap.

Guy Harris gravatar imageGuy Harris ( 2019-01-24 18:14:59 +0000 )edit

In my case I wonder why, but extcap doesn't seem to be the problem - especially my tower PC starts Wireshark in fractions of a second compared to multiple seconds after I disable npcap

Jasper gravatar imageJasper ( 2019-01-24 19:29:56 +0000 )edit
see more comments
0

answered 2019-01-23 22:46:07 +0000

grahamb gravatar image

See bug 15126 that details this issue. An associated change was committed and is available in the nightly builds and will be in the forthcoming 3.0 release.

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2019-01-23 22:29:33 +0000

Seen: 3,516 times

Last updated: Jan 24 '19

Related questions

Operation not permitted on Mac when Wireshark downloaded with SigmaOS browser

Wireshark not launching in a headless VNC Server on Alma 9.2