This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Loading configuration files

2

Hello,

i currently have the problem that Wireshark won't startup at all. This morning i used wireshark without problems but now it just hangs in the splash screen at 100% saying "Loading configuration files...".

I can terminate the wireshark task but dumpcap keeps running and i cannot shut it down at all.

Is there anything i can do?

Best regards Ben

asked 24 Oct '13, 05:46

gonium's gravatar image

gonium
31114
accept rate: 0%

I am having exactly the same problem as Ben. Wireshark runs once after I reinstall but than it always hangs at the "Loading Configuration Files.." message. Deleting the configuration files doesn't help. Is there a solution yet? It is not very practical to keep reinstalling!

Thanks Paul

(24 Nov '13, 12:28) Dejapa

Unfortunatly, and i tried a lot, reinstalling is the only thing that fixes it. But it's still a one time thing and the next time i need to reinstall it again...

I am using a different machine now if i need to analyse the network traffic.

(24 Nov '13, 15:00) gonium

To both @gonium and @Dejapa

  • what is your OS and OS version?
  • what is your Wireshark version (tshark -v)
  • is there any software you both have installed on your system, like any interfering software (VPN client, AV, Endpoint Securtity, Firewall, WAN Accelerator client, etc.)

Regards
Kurt

(24 Nov '13, 15:58) Kurt Knochner ♦

To Kurt,

I'm running Windows 8.1

Here is the output from tshark -v: TShark 1.10.3 (SVN Rev 53022 from /trunk-1.10)

Copyright 1998-2013 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP.

Running on 64-bit Windows 8, build 9200, without WinPcap. Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz, with 8152MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219

I'm not aware of any interfering software on my PC.

What else can I do to diagnose the problem?

Thanks Paul

(25 Nov '13, 12:40) Dejapa

Let's wait for the answer of @gonium...

(25 Nov '13, 12:43) Kurt Knochner ♦

Running Windows 8.1 as well. Output say i dont have WinPCap, but it is installed (at least i ordered Wireshark to install it during the wireshark isntallation).

tshark -v Output: TShark 1.11.0 (SVN Rev 52628 from /trunk)

Copyright 1998-2013 Gerald Combs [email protected] and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP.

Running on 64-bit Windows 8, build 9200, without WinPcap. Intel(R) Core(TM) i5-4200U CPU @ 1.60GHz, with 4002MB of physical memory.

Built using Microsoft Visual C++ 10.0 build 40219

(26 Nov '13, 10:32) gonium

also i have the following sofware installed which could be interferring:

Oracle Virtualbox

Genymotion Android Emulator (which also uses a VM like Virtualbox)

(26 Nov '13, 10:35) gonium

@gonium: see the answer of @grahamb (missing WinPcap). It solved the problem of @Dejapa.

(26 Nov '13, 10:36) Kurt Knochner ♦
showing 5 of 8 show 3 more comments

8 Answers:

3

I don't know this reason.

but i resolved using this command.( in administrative dos command prompt)

  1. sc config npf start= delayed-auto
  2. reboot

i hope you resolve

This answer is marked "community wiki".

answered 12 Oct '14, 22:24

bgpvpn's gravatar image

bgpvpn
112
accept rate: 0%

This worked for me !

(09 Apr '15, 15:59) Hardik

1

@Dejapa

Your output indicates that WinPCap isn't installed. While not essential for getting Wireshark to startup, it is required to make any captures. Did you choose not to install WinPCap?

answered 26 Nov '13, 01:58

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Grahamb,

I had noticed this too but when I then ran the WinPCap installer it reported that WinPCap WAS already installed. Following your reply I have re-run the installer and answered "yes" to force an installation.

Wireshark now loads correctly - thank you so much for your help. Thank you also to Kurt.

Paul

(26 Nov '13, 10:26) Dejapa

@Dejapa: If a supplied answer resolves your question can you please "accept" it by clicking the checkmark icon next to it. This highlights good answers for the benefit of subsequent users with the same or similar questions.

(26 Nov '13, 10:34) Kurt Knochner ♦

I'm intrigued as to how a missing WinPCap stops Wireshark starting. My Wireshark dev VM's (xp and win7) don't have WinPCap installed as I don't capture on them.

(26 Nov '13, 11:54) grahamb ♦

Maybe related to Windows 8.1, as both have that...

(26 Nov '13, 12:00) Kurt Knochner ♦

I just tested on my 8.1 system. Weird:

  • Initially I had 1.10.2 32 bit installed with WinPCap 4.1.3, all OK.
  • Uninstalled WinPCap, Wireshark reported no NPF driver running in an eror dialog.
  • Installed 1.10.3 64 bit, deselected WinPCap option. Started wireshark, NO complaint about npf driver not running, able to capture traffic. Wireshark About menu said WinPCap was installed, but it wasn't listed in the Control Panel Programs and Features app.
  • Suspected that a reboot was required to really uninstall WinPCap, rebooted and after that Wireshark complained about the npf driver not being started. Installed WinPCap and all was OK.

In conclusion, make sure you reboot after fiddling with WinPCap install, but at no point did Wireshark refuse to start.

(26 Nov '13, 14:00) grahamb ♦

but dumpcap keeps running and i cannot shut it down at all.

Hm.. dumpcap was started and he was unable to kill it?

Isn't dumpcap used by Wireshark to retrieve the interfaces of the system during startup (dumpcap -D -M)?

If so, and if WinPcap is not properly installed, maybe dumpcap somehow blocks/hangs while it is trying to access the 'half installed' WinPcap and thus it also blocks Wireshark.

Apparently there is an issue with installing WinPcap on Windows 8.1 (as you have also reported) and that could also cause dumpcap to hang.

(27 Nov '13, 07:37) Kurt Knochner ♦

Maybe the users have attempted a capture and that has somehow failed and left an instance of dumpcap running, and that blocks the start-up of a new instance of Wireshark?

I had no problems installing Wireshark or WinPCap on 8.1 so I can't really help there.

(27 Nov '13, 10:21) grahamb ♦

To both @gonium and @Dejapa: What happens if you run the following command from the CLI.

dumpcap -D -M

Don't start Wireshark before you run that command and check if there is another dumpcap.exe process already running.

(28 Nov '13, 07:15) Kurt Knochner ♦

Same problems as others running win8.1 Wireshark installs fine, winpcap is installed too.

I can run Wireshark once, twice,...but as soon as i do a capture and close the program, Wireshark wont start and hangs at "Loading the configuration files"

I have instances of dumpcap process in the task manager, i cannot end the process manually (access denied) but i am a local admin on my machine (i also put exceptions in my AV for dumpcap and wireshark).

dumpcap -D -M returns no output and it hangs in the console.

In the end as soon as i do a capture i need to restart my computer to kill the dumpcap process, uninstall wireshark and reinstall it so i can make another capture.

(28 Dec '13, 10:45) Thomcci

Very weird. So it appears that after a capture attempt is made a dumpcap process is left running that then can't be stopped, and this then prevents Wireshark starting again.

As it appears that no devs can re-create this issue currently, are you willing to help solve this issue? If so, please create an issue for the problem at the Wireshark bugzilla and we'll work though it there. Please comment here with the bug ID.

(28 Dec '13, 12:40) grahamb ♦
(31 Dec '13, 07:55) Thomcci

@Thomcci I'll work with you now on that bugzilla task.

(31 Dec '13, 08:14) grahamb ♦

After working with @Thomcci on bug 9609 I believe it to be an issue with Symantec Endpoint Protection.

(01 Jan '14, 15:28) grahamb ♦
showing 5 of 13 show 8 more comments

0

I would recommend to delete all configuration files. If you're running Linux they're in your home folder in a subfolder called ".wireshark" IIRC, and on Windows 7 and up you'll find them at C:\Users\USERNAME\AppData\Roaming\Wireshark. Remove all files in these folders, including subfolders (you might want to back up things like your coloring rules and preferences for rebuilding them, if you customized them)

answered 24 Oct '13, 05:55

Jasper's gravatar image

Jasper ♦♦
23.8k551284
accept rate: 18%

0

I got the same problem in windows 8.1 pro after I uninstall Mcafee but I found a way to run my wireshare.Maybe you can try.

1.I changed my nfp start in 3 (it will hang in loading stage when nfp start is 0x2 in my computer) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start from 0x3 (SERVICE_DEMAND_START) or type "sc config start=demand" in command line then reboot your system

2.After reboot finished -> run wireshare (wireshark will not hang in Loading Configuration 100% ).In this stage your network adapter is empty and you will see "No interface can be used ..........." in left side of wireshark.

3.type "sc start npf" in command line then press "Refresh Interfaces" in your wireshark .

I have no idea what reason is but my wireshark is run well .The inconvenience thing is i need run "sc start npf" before i use wireshark.

answered 26 Mar '14, 18:40

Patrick%20Hsien's gravatar image

Patrick Hsien
1
accept rate: 0%

0

Same issue with Windows 8.1 / Wireshark 1.10.7 (64 bit)/WinPCAP 4.1.3

My workaround:

Everytime I want to use Wireshark

  • Uninstall WinPCAP
  • Reboot
  • Install WinPCAP
  • Run WireShark

If after a reboot I try to run Wireshark I've got the infamous "loading configuration files" message

Hope this helps

PS: I have installed Cisco VPN Client 5.0.7 in case you want to know it.

answered 06 May '14, 12:40

jfroco's gravatar image

jfroco
1
accept rate: 0%

0

Had the same problem on my machine (stuck on 'Loading module preferences').

I had installed a PowerLine configuration utility, devolo Cockpit 4.3.1 for Windows on my machine. It installed a Windows service called NPF_devolo.

I have uninstalled the devolo Cockpit software, rebooted and Wireshark is functioning again.

This answer is marked "community wiki".

answered 04 Apr '16, 12:03

nescafe's gravatar image

nescafe
61
accept rate: 0%

0

HEllo, another solution to install Wireshark +Devolo ??

I would check my CPL. But uninstall this.....

I install in windows Xp , and not have this problem.(vmware) Probleme in Windows8.. Services? / winpcap ?

answered 05 May '16, 10:19

nikostq's gravatar image

nikostq
61
accept rate: 0%

0

After upgrading from Windows 7 Pro to Windows 10 Pro I also had the same problem and had the devolo DLAN Cockpit version 3.0.0.0 installed.

This devolo cockpit installs the NPF_devolo kernel driver and the DevoloNetworkService.

Hinted by nescafe, stopping the DevoloNetworkService and setting it to manual was for me sufficient to solve the Wireshark startup problem.

answered 19 Jun '16, 02:43

wtieleman's gravatar image

wtieleman
61
accept rate: 0%