Wireshark mailing list archives

Re: Dumpcap instead of Winpcap?

From: Guy Harris <guy () alum mit edu>
Date: Wed, 10 Feb 2010 09:19:24 -0800


On Feb 10, 2010, at 5:54 AM, km wrote:

I have installed the latest versions of Wireshark (1.2.6) and WinPcap 
(4.1.1).  When I start a capture the screen goes black but for a white 
cursor. This is Dumpcap, which seems to be used in stead of WinPcap.


It's used "instead of WinPcap" in the sense that neither Wireshark nor TShark directly call libpcap or WinPcap to 
capture packets; instead, they run dumpcap to capture packets, and dumpcap calls libpcap or WinPcap to capture packets 
and save them to a file for Wireshark or TShark to read.

Dumpcap isn't a GUI application, so it shouldn't be doing anything to the screen at all; do you mean that the *entire* 
screen goes blank?  Does CTRL-ALT-DEL pop up the Task Manager?

Does that happen if you run dumpcap from a console window?  What about WinDump:

        http://www.winpcap.org/windump/install/default.htm

What version of Windows is this?
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Dumpcap instead of Winpcap? km (Feb 10)
- Re: Dumpcap instead of Winpcap? Jaap Keuter (Feb 10)
- Re: Dumpcap instead of Winpcap? Guy Harris (Feb 10)