won't start a capture 3.0

asked 2019-04-05 05:16:14 +0000

buffler gravatar image

updated 2019-04-05 22:39:39 +0000

Guy Harris gravatar image

Compiled (64-bit) with Qt 5.12.1, with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.2, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.9, with QtMultimedia, with AirPcap, with SBC, with SpanDSP, with bcg729.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with Intel(R) Core(TM) i7-6800K CPU @ 3.40GHz (with SSE4.2), with 32678 MB of physical memory, with locale English_United States.1252, with Npcap version 0.99-r9, based on libpcap version 1.8.1, with GnuTLS 3.6.3, with Gcrypt 1.8.3, without AirPcap, binary plugins supported (14 loaded). Built using Microsoft Visual Studio 2017 (VC++ 14.12, build 25835).

Edited error message:

The capture session could not be initiated on interface '\Device\NPF_{78032B7E-4968-42D3-9F37-287EA86C0AAA}' (failed to set hardware filter to promiscuous mode).

please check sufficient permissions HOW?????? and have the proper interface or pipe specified WHERE?????

Wireshark has gradually become almost unuseable for the casual user. . .usedta just whack capture and get the datastream. BUT I'm aware that the program's utility has increased. God forbid one might have to rtfm. Thanks for the attention. Don

edit retag flag offensive close merge delete


Can you post the contents of the Help | About Wireshark | Wireshark dialog. You can highlight the text and copy it to the clipboard and then edit your question and paste the text there.

grahamb gravatar imagegrahamb ( 2019-04-05 09:42:50 +0000 )edit

done, and thanks.

buffler gravatar imagebuffler ( 2019-04-05 20:25:09 +0000 )edit

OK, you're using npcap as the capture library, now we need to know what type of interface that is. Can you post the output of

"path\to\tshark.exe -D

replacing "path\to" with the installed location of Wireshark.

grahamb gravatar imagegrahamb ( 2019-04-06 13:00:49 +0000 )edit

finally figured out how to do this. d'oh:

c:\Program Files\Wireshark>tshark.exe -D
1. \Device\NPF_{78032B7E-4968-42D3-9F37-287EA86C0AAA} (Local Area Connection* 10)
2. \Device\NPF_NdisWanIp (NdisWan Adapter)
3. \Device\NPF_NdisWanBh (NdisWan Adapter)
4. \Device\NPF_{68FADA1F-7C7B-46FC-89E6-7CFE16A7E5A4} (Npcap Loopback Adapter)
5. \Device\NPF_NdisWanIpv6 (NdisWan Adapter)
6. \Device\NPF_{1B8B7954-EC44-44C2-908A-04F7FAB9B378} (Local Area Connection)


buffler gravatar imagebuffler ( 2019-04-11 22:00:42 +0000 )edit