This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Winpcap seems to crash on Win8.1

0

Hi all,

I recently upgraded my HP Envy laptop (1 month old version) to Win8.1. Following that upgrade launching Wireshark would hang and not be able to close properly. A background file call dump was running and I actually had to reboot the system in order to close it.

It seems the winpcap was causing problems so I deinstalled it and then reinstalled Wireshark. After that it seems to operate fine.

Just wanted to let you know.

asked 29 Oct '13, 09:14

Glen%20Gerhard's gravatar image

Glen Gerhard
11112
accept rate: 0%

Hi,

I have encountered exactly the same behavior after my upgrade to windows 8.1. Dumpcap hangs when it tries to list interfaces via winpcap. I came to the same solution, uninstall winpcap, but in fact I can't tell if the problem comes from winpcap itself or dumpcap.

Now I can't capture traffic anymore which is quite annoying.

(09 Nov '13, 03:58) Marc Sabatier

I have the same problem with an Acer Aspire running Windoze 8.1. WS will run standalone without winpcap but it hangs when pcap is installed. Searches have come up empty so far. After force closing WS, dumpcap stays active as a process and can only be stopped by a reboot.

(15 Nov '13, 11:27) johnnyp10704

3 Answers:

1

I am also having the same problem (Hang!) on wireshark and also GNS3 cloud service! I found out that the problem is because WinPCap did not auto start after upgraded to Windows 8.1. It will work after reinstallation of winPCap. However, after restarting windows, it will not work again!

These are the steps that I have taken and it is working fine now!

  1. In the registry, change HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NPF\Start to 0x3 (SERVICE_DEMAND_START)
  2. Run your program (i.e., wireshark, gns3, ...) as Administrator! (Run as Administrator)(You can also change it to always run as administrator!)

and it works again and again even after restart windows 8.1.

answered 22 Nov '13, 07:26

Ling's gravatar image

Ling
262
accept rate: 0%

Although this may fix your issues, running Wireshark with elevated privileges is not recommended. There are millions of lines of unaudited code in Wireshark and a great deal of work has been undertaken to allow Wireshark to run without elevating privs.

(11 Jan '15, 03:54) grahamb ♦

"It Lives, again!": I recently deleted searched files from the registry for uninstalled programs one of them included a program called netScan! I think it removed an important dll from the registry! Will changing this entry form 2 to 3 make anything less secure? if so what would be the proper way to ... Win8.1 Centrino wireless adapter + rtl drivers

(29 Jun '15, 22:06) fred57

0

Which version of WinPcap are you folks running? If you're not running the latest version, currently 4.1.3, then you you might try upgrading to that version. If you are running the latest version, and if similar problems also occur when running WinDump, then it's very likely a WinPcap problem and not a Wireshark problem, per se, in which case the best bet would probably be to contact the WinPcap developers for support/advice.

answered 15 Nov '13, 12:06

cmaynard's gravatar image

cmaynard ♦♦
9.4k1038142
accept rate: 20%

Hi,

I am using winpcap 4.1.3. I just tested with windump and it is hanging when trying to capture on my AR8131 Gigabit Ethernet interface. So I think you are right it is more a WinPcap problem.

Thanks, Marc

(16 Nov '13, 03:44) Marc Sabatier

0

Hi, I was googling around as I faced a similar problem while trying to capture traffic off a gns3 topology. Wireshard would simply crash with the "Dumpcap has stopped working" error. I am also using Windows 8

I made sure I am running both GNS3 and Wireshark as "administrator". Still the problem persisted.

What fixed this for me was setting the compatibility mode to Windows 7

  • Write click Wireshark and select Properties -> Compatibility tab
  • Set the compatibility mode for windows 7

Hope this helps someone having the same problem under Windows 8

answered 26 Nov '13, 05:57

Nimal's gravatar image

Nimal
111
accept rate: 0%