Wireshark mailing list archives
Devices in tshark versus dumpcap
From: Gisle Vanem <gisle.vanem () gmail com>
Date: Sat, 29 Apr 2017 09:10:52 +0200
I'm on Win-10 and have now troubles sniffing on anything except BlueTooth! This is the list of interfaces I expect to get: dumpcap.exe -D 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) 2. \Device\NPF_{F92984E3-5D40-4AD9-B054-41288EAE699F} (Wi-Fi 2) 3. \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D} (Ethernet) 4. \\.\airpcap00 (AirPcap USB wireless capture adapter nr. 00) But with "tshark.exe -D", I only get: 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) I also tried with: set G_MESSAGES_DEBUG=all << no effect tshark.exe -o console.log.level:252 -D giving: Capture-Message: Capture Interface List ... (tshark.exe:8440): Capture-DEBUG: sync_interface_list_open Capture-INFO: sync_pipe_run_command() starts (tshark.exe:8440): Capture-DEBUG: argv[0]: F:\mingw32\src\inet\Wireshark\dumpcap.exe (tshark.exe:8440): Capture-DEBUG: argv[1]: -D (tshark.exe:8440): Capture-DEBUG: argv[2]: -Z (tshark.exe:8440): Capture-DEBUG: argv[3]: none (tshark.exe:8440): Capture-DEBUG: sync_pipe_open_command (tshark.exe:8440): Capture-DEBUG: read 21 indicator: S empty value (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.016s Capture-INFO: sync_pipe_run_command() ends, taking 0.328s, result=0 Capture-Message: Loading External Capture Interface List ... 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) Note, this is with Wireshark compiled from Git by myself using MSVC-2015, 32-bit; A version + build-method that has worked well for years. But recently it's been misbehaving as shown above. Any hints? The above "read 21 indicator: S empty value" for me indicates a problem in the pipe I/O between tshark and dumpcap. No? -- --gv ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- <Possible follow-ups>
- Devices in tshark versus dumpcap Gisle Vanem (Apr 29)