OSQA is unmaintained. Help us figure out where to go from here.

Hi,

I installed wireshark on windows 8 64bit. Everytime I try to run it, it crashes. So I tried to uninstall it, but doesn't allow it as some resources are in use.

From processes I see there is 2 instances running even though I just powered computer on; wireshark.exe and dumpcap.exe.

I can't taskkill them even with administrator rights. There is something weird going with the taskkill command in windows 8 64bit (I can't kill anything that isn't running all right - if that makes any sense).

Really frustrating.

Regards, Tom the Wombat

asked 06 Dec '13, 02:48

Tom%20the%20Wombat's gravatar image

Tom the Wombat
26113
accept rate: 0%

edited 29 Jun, 06:56

cmaynard's gravatar image

cmaynard ♦♦
9.3k838141


I think it's a windows issue.

Maybe check your permission, seems like you losed your admin permission.

Another solution is to not start wireshark and dumpcap at windows start. I know you can do that in win7 but not sure for win8.

permanent link

answered 06 Dec '13, 03:20

Afrim's gravatar image

Afrim
160101116
accept rate: 22%

edited 06 Dec '13, 03:30

How can I lose admin permission when I'm running it as administrator, and if I did lose it, where I can check it back on?

(07 Dec '13, 03:35) Tom the Wombat

I removed dumpcap from starting on boot up, but still refuses to uninstall. Still claiming it is in use, even thou it is in stopped state in services. Wireshark seems to work like malware...double v t f, mate? Do I need to start to fiddle with regitery keys to get rid of wireshark?

(08 Dec '13, 00:12) Tom the Wombat

Why is dumpcap installed as an autostarting service? The standard Wireshark install definitely doesn't do that. Where did you get your Wireshark install from?

Can you install Process Explorer, run that as an Administrator, and then examine the Wireshark.exe and dumpcap.exe processes. With the processes displayed in the default "tree" order, dumpcap should be a child of Wireshark. Right click on each of the processes and select "Properties", and on the resulting dialog "Image" tab, the program name should be displayed along with "(Verified) Wireshark Foundation". Report back your findings as comment, not an "answer".

permanent link

answered 08 Dec '13, 05:00

grahamb's gravatar image

grahamb ♦
19.6k330205
accept rate: 22%

Hello. It seems that the problem was my firewall (Zonealarm), dont ask why, but after I uninstalled zonealarm, I could remove wireshark. I had problem with the firewall so I was removing it anyways, and tried to remove wireshar after that and it worked nicely.

No more Zonealarms for me.

Thanks from your help.

permanent link

answered 14 Dec '13, 00:26

Tom%20the%20Wombat's gravatar image

Tom the Wombat
26113
accept rate: 0%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×250
×24
×2
×1

question asked: 06 Dec '13, 02:48

question was seen: 7,137 times

last updated: 29 Jun, 06:56

p​o​w​e​r​e​d by O​S​Q​A