Ask Your Question
0

After upgrade to 3.0.0 & install Npcap, no traffic seen

asked 2019-03-20 22:57:42 +0000

feenyman99 gravatar image

updated 2019-03-21 02:25:37 +0000

Guy Harris gravatar image

So... Last night I downloaded and installed Wireshark 3.0.0, as well as Npcap. Afterwards, I found I could not capture any packets. Here is what I see...

When I launch Wireshark, under the "Capture" heading in the middle of the page, it displays 13 interfaces...

  • Npcap Loopback Adapter
  • 5 Local Area Connections
  • 6 USBPcap interfaces
  • 1 Microsoft: Wi-Fi interface

* The only one that shows traffic is the Npcap Loopback Adapter. *

I am logging in as the Administrator. Below is the output of Help -> About Wireshark -> Wireshark tab.

Version 3.0.0 (v3.0.0-0-g937e33de)

Copyright 1998-2019 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.12.1, with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 10 (1803), build 17134, with AMD A6-5350M APU with Radeon(tm) HD Graphics (with SSE4.2), with 15512 MB of physical memory, with locale English_United States.1252, with Npcap version 0.99-r9, based on libpcap version 1.8.1, with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (14 loaded).

Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).

Where did I go wrong?

feenyman99

edit retag flag offensive close merge delete

Comments

Likely to be an issue with npcap. Did you have WinPcap installed previously? My advice is to manually uninstall any WinPcap install and npcap, then re-install npcap (available from the nmap website).

grahamb gravatar imagegrahamb ( 2019-03-21 09:08:23 +0000 )edit

OK, after grahamb's comment, here is what I have done (to no avail)…

  • Uninstalled Npcap, WinPcap and Wireshark
  • Reinstalled Wireshark 3.0.0, selecting Npcap during the install

Wireshark still only shows traffic on Npcap Loopback Adapter.

I also noticed the following "disagreement"...

Wireshark shows the following network interfaces:

- Npcap Loopback Adapter
- Local Area Connection* 10
- Microsoft: Wi-Fi- Local Area Connection* 10
- Local Area Connection* 4
- Local Area Connection* 14
- Local Area Connection* 3
- Local Area Connection* 15

But "ipconfig" shows these interfaces:

- Ethernet Adapter Ethernet
- Ethernet adapter Npcap Loopback Adapter
- Wireless LAN adapter Local Area Connection* 3
- Wireless LAN adapter Local Area Connection* 4
- Wireless LAN adapter Wi-Fi

Again, only the Npcap adapter shows any traffic, and that shows very little. In the meantime, I browsed to youtube and played some videos, thus generating lots of network packets, but none were seen by Npcap, nor any other interface ...(more)

feenyman99 gravatar imagefeenyman99 ( 2019-03-25 14:50:15 +0000 )edit

I find the PowerShell Get-NetAdapter command to be more useful than the legacy ipconfig. You can compare the output with that of tshark (which is what Wireshark shows) using a PowerShell prompt as follows:

> Get-NetAdapter -IncludeHidden  | Select-Object -Property InterfaceGUID, Name, InterfaceDescription

InterfaceGUID                          Name                                  InterfaceDescription
-------------                          ----                                  --------------------
{F8F74B1E-0890-4D76-AADA-982306C78C53} Local Area Connection* 7              WAN Miniport (PPPOE)
{E60ABD87-2A88-4335-BF18-FFDD21902102} Local Area Connection* 1              WAN Miniport (SSTP)
{D6CADB47-A7B6-4480-965F-EE9D92BF5A6F} Local Area Connection* 8              WAN Miniport (IP)
{CA63AA4C-13BE-4D16-B990-0841E3E9FA2D} Local Area Connection* 3              Microsoft Wi-Fi Direct Virtual Adapter #2
{B1DD9FC5-6EF9-4A52-8833-341EE74B7976} Local Area Connection* 4              WAN Miniport (IKEv2)
{9FDD9185-5F73-4432-B453-65BED8286AD2} Local Area Connection* 6              WAN Miniport (PPTP)
{93123211-9629-4E04-82F0-EA2E4F221468} Teredo Tunneling Pseudo-Interface
{8A47E7AA-FDE0-422A-BFF1-6E6F5FD42AFE} Ethernet (Kernel Debugger)            Microsoft Kernel Debug Network Adapter
{894856F1-C535-4D73-95CD-5A9B93DB0DF5} Npcap Loopback Adapter                Npcap Loopback Adapter
{83340A48-C0F5-4A06-9C0F-A4D8620B718D} Local Area Connection* 10             WAN Miniport (Network Monitor)
{7FDBE438-E7D0-4065-895E-C68E161EAA3D} Local Area Connection* 9              WAN Miniport (IPv6)
{7E2C477F-AB52-4741-AEC1-37770031215C} Ethernet 2                            Npcap Loopback Adapter
{540FFAB3-AB6C-4491-983E-621D6711D5E3} Local Area Connection* 5              WAN Miniport (L2TP)
{2EE2C70C-A092-4D88-A654-98C8D7645CD5} Microsoft IP-HTTPS ...
(more)
grahamb gravatar imagegrahamb ( 2019-03-25 15:42:05 +0000 )edit

And tshark:

> tshark -D
1. \Device\NPF_{7E2C477F-AB52-4741-AEC1-37770031215C} (Ethernet 2)
3. \Device\NPF_{83340A48-C0F5-4A06-9C0F-A4D8620B718D} (Local Area Connection* 10)
4. \Device\NPF_{7FDBE438-E7D0-4065-895E-C68E161EAA3D} (Local Area Connection* 9)
5. \Device\NPF_{D6CADB47-A7B6-4480-965F-EE9D92BF5A6F} (Local Area Connection* 8)
6. \Device\NPF_{CA63AA4C-13BE-4D16-B990-0841E3E9FA2D} (Local Area Connection* 3)
7. \Device\NPF_{03CF0490-78EA-460A-B360-64B84794CBEB} (Bluetooth Network Connection)
8. \Device\NPF_{894856F1-C535-4D73-95CD-5A9B93DB0DF5} (Npcap Loopback Adapter)
9. \Device\NPF_{1D39112E-A6B5-4E55-9ECD-1A4F8F7D7FC9} (Local Area Connection* 2)
10. \Device\NPF_{06E76EDA-507E-41DF-9258-2F74B7137C90} (Ethernet)
12. \Device\NPF_{1F624625-335B-4ED5-8DA5-0A8C7E951254} (Wi-Fi)
grahamb gravatar imagegrahamb ( 2019-03-25 15:43:33 +0000 )edit

Regardless, as your issue seems to be with npcap you should take this up with the npcap support folks, as per their website.

grahamb gravatar imagegrahamb ( 2019-03-25 15:45:06 +0000 )edit

1 Answer

Sort by » oldest newest most voted
0

answered 2019-04-04 16:33:26 +0000

feenyman99 gravatar image

Well, I finally got this working, though I'm not sure which step made the difference. Here is what I did...

  1. Uninstalled Wireshark 3.0.0
  2. Uninstalled WinPcap
  3. Uninstalled Npcap
  4. Installed Wireshark 2.2.7. After this install completed, the Ethernet interface started showing traffic again and I could capture from it. (The Ethernet interface had NOT been showing any traffic with my previously installed 3.0.0 version.)
  5. Went to Help -> Check for Updates
  6. Followed prompts to install Wireshark 3.0.0, including selecting Npcap.
  7. Install was successful, and I'm capturing from the Ethernet interface again!!!

Thanx for everyone's help!

feenyman99

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-20 22:57:42 +0000

Seen: 504 times

Last updated: Apr 04