Ask Your Question
0

Running windows 7, my interface card and loopback device disappeared in WS 3 but 3 USBPcaps stil there

asked 2019-03-23 02:02:59 +0000

seaeagle gravatar image

updated 2019-03-23 07:37:10 +0000

Guy Harris gravatar image

Having very odd problem with connecting to my ISP mail server, so I decided to try and use wireshark. Some month ago I had version 2.6.6 installed, when starting an offer to upgrade to 3.0 which I accepted.

Slight hitch with Winpcap and Npcap, do not remember too well if the install offered to uninstall winpcap or/and I had to use the control panel to uninstall winpcap. Whicever I did get WS 3 installed and had two interfaces, the normal intel card interface and loopback interface and 3 USBpcap hidden options.

I was collecting some snapshots and trying to familarise myself with the new GUI after many years not really having to use WS. Not sure why at some stage I looked in control panel and noticed that winpcap still installed.

Thinking that getting rid of that would perhaps be a good idea, unfortunately uninstalling lost the intel interface. Then I also uninstalled Npcap. No interface left to select.

Installing Npcap again from Nmap site I think it was, still no interface.

Next step, uninstalled WS and re-installed again this time letting WS install Npcap .

WS seems to work ok apart from no interface except USBPcaps.

I am not very familiar with Windows 7 only use it because I need it for running an ECAD program.

From my Help About if any help:

Version 3.0.0 (v3.0.0-0-g937e33de) 

Copyright 1998-2019 Gerald Combs <[email protected]> and contributors. License GPLv2+: GNU GPL version 2 or later <http://www.gnu.org/licenses/old-licenses/gpl-2.0.html> This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.12.1, with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz (with SSE4.2), with 8066 MB of physical memory, with locale English_United States.1252, without Npcap or WinPcap, with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).

Wireshark is Open Source Software released under the GNU General Public License. 
Check the man page and http://www.wireshark.org for more information.

Hmm, not sure what to do next? I can analyse my previous recorded files but would like to get 'on line' again

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-03-23 09:25:09 +0000

grahamb gravatar image

From your about info Running ..., without Npcap or WinPcap.

You managed to remove both capturing options, or at least Wireshark can find neither of them.

Exit from Wireshark, check under Programs and Features for any existing installs of WinPcap or npcap, and remove any you find. Reboot. Install npcap. Try Wireshark again.

edit flag offensive delete link more

Comments

Thank you, after frantic reading and searching I slowly came to the conclusion that I needed Winpcap despite Npcap. I think I did understand that I needed only Npcap.

But when I re-installed carefully wireshark I had made sure both WinPcab and Npcap had been removed as well as turning power off and on on the pc.

I only installed Npcap simultaneous with Wireshark but I still did not have any interfaces. I posted my dilemma then after a few hours I decided to run the risk and installed WinPcap and both interfaces, ie Intel card and Loopback showed up again.

I am carefully leaving it at this for the time being. Seems to be working and I have been analysing my mail connections trying to make sense of why I can not connect to my ISP. At least I am getting some facts and better understanding.

I also need ...(more)

seaeagle gravatar imageseaeagle ( 2019-03-23 12:10:30 +0000 )edit

While you can have both WinPcap and npcap installed, you only need one of them for Wireshark and Wireshark 3.0 will prefer npcap if both are installed.

Have you been modifying the install defaults of either WinPcap or npcap? Doing so may cause inadvertent issues, so unless you have specific requirements you should just leave the default selections as they are.

You can always see which capture library Wireshark is using by looking at the Help -> About Wireshark dialog in the Running on ... section.

grahamb gravatar imagegrahamb ( 2019-03-23 15:04:51 +0000 )edit

I also need to figure out how this forum works

It's not a forum, it's a Q&A site - think of it as a "crowdsourced FAQ".

The idea is that, if a user needs help on a given topic, and wants to ask a question, they should first search this site to see if their question has already been answered and, if not, they should ask the question.

If the question is sufficiently clear as to make it possible to answer it immediately, somebody should post an answer to the question, so that the user has an answer and subsequent users with the same question will be able to find the question and read the existing answer, getting an immediate answer without having to ask the question themselves.

If the question isn't sufficiently clear, people may ask questions about the question in comments on the question; those aren ...(more)

Guy Harris gravatar imageGuy Harris ( 2019-03-23 18:50:07 +0000 )edit

Thank you, gained new understanding.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz (with SSE4.2), with 8066 MB of physical memory, with locale English_United States.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).

Well this shows me WinPcap, I assume despite my careful re-install of Wireshark 3 and Npcap that something went astray and Npcap did not get a chance. At the time I did not realise the use of the About dialog so I do not know what *pcap was installed before I then installed WinPcap

So far it is running fine, I think ...(more)

seaeagle gravatar imageseaeagle ( 2019-03-24 05:41:04 +0000 )edit

Generally, TLS decryption only works if you have access to the "master" key that is either obtained from the server, which will be impossible if you don't own the server, or output as a debug value by the client, i.e. some browsers can be made to do this.

npcap issues are usually handled by the npcap folks, but there is a grey cross-over area as Wireshark includes and runs the npcap installer, so while we can offer advice about issues, any fixes are likely to have to come from npcap.

grahamb gravatar imagegrahamb ( 2019-03-24 09:37:30 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-03-23 02:02:59 +0000

Seen: 610 times

Last updated: Mar 23 '19