Wireshark mailing list archives
Re: Devices in tshark versus dumpcap
From: Graham Bloice <graham.bloice () trihedral com>
Date: Sat, 29 Apr 2017 09:23:43 +0100
On 29 April 2017 at 08:10, Gisle Vanem <gisle.vanem () gmail com> wrote:
I'm on Win-10 and have now troubles sniffing on anything except BlueTooth! This is the list of interfaces I expect to get: dumpcap.exe -D 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) 2. \Device\NPF_{F92984E3-5D40-4AD9-B054-41288EAE699F} (Wi-Fi 2) 3. \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D} (Ethernet) 4. \\.\airpcap00 (AirPcap USB wireless capture adapter nr. 00) But with "tshark.exe -D", I only get: 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) I also tried with: set G_MESSAGES_DEBUG=all << no effect tshark.exe -o console.log.level:252 -D giving: Capture-Message: Capture Interface List ... (tshark.exe:8440): Capture-DEBUG: sync_interface_list_open Capture-INFO: sync_pipe_run_command() starts (tshark.exe:8440): Capture-DEBUG: argv[0]: F:\mingw32\src\inet\Wireshark\dumpcap.exe (tshark.exe:8440): Capture-DEBUG: argv[1]: -D (tshark.exe:8440): Capture-DEBUG: argv[2]: -Z (tshark.exe:8440): Capture-DEBUG: argv[3]: none (tshark.exe:8440): Capture-DEBUG: sync_pipe_open_command (tshark.exe:8440): Capture-DEBUG: read 21 indicator: S empty value (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.016s Capture-INFO: sync_pipe_run_command() ends, taking 0.328s, result=0 Capture-Message: Loading External Capture Interface List ... 1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling) Note, this is with Wireshark compiled from Git by myself using MSVC-2015, 32-bit; A version + build-method that has worked well for years. But recently it's been misbehaving as shown above. Any hints?
Unsure whether this is related, but MSVC2015 support is regarded as "experimental". The official builds are still using VS2013.
The above "read 21 indicator: S empty value" for me indicates a problem in the pipe I/O between tshark and dumpcap. No?
Are you building the stable version or dev (2.2.x or 2.3x)? -- Graham Bloice
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 30)
- Re: Devices in tshark versus dumpcap Gisle Vanem (Apr 29)
- Re: Devices in tshark versus dumpcap Graham Bloice (Apr 29)
- <Possible follow-ups>
- Devices in tshark versus dumpcap Gisle Vanem (Apr 29)