|
-
May 7th, 2009, 09:40 AM
#1
Thread Starter
Interweb adm/o/distrator
Wireshark Packet Capturing
I select the interface yet it doesn't seem to show the packets in real time for some strange reason. I am using XP i went to security center made sure Wireshark wasn't blocked by the Firewall etc but it still doesn't list them. The thing is when i go to the 'Interface Selection' dialog it shows that the interface is receiving/sending packets but its just appears to not want to display them... no filters are applied either.
Any ideas?
-
May 7th, 2009, 08:02 PM
#2
Re: Wireshark Packet Capturing
I just tried wireshark (v1.0.0) on XP here, without touching any external settings (firewall, etc.).
Menu->Capture->Interfaces->Ethernet->Start
I saw the packet data appearing in wireshark in real-time. No idea what's happening on your end.
-
May 7th, 2009, 08:13 PM
#3
Re: Wireshark Packet Capturing
Just installed 1.0.7, and you might need to set the capture preferences correctly.
Edit->Preferences->Capture. Check the boxes for "Update list of packets in real time" and "Automatic scrolling in live capture".
-
May 7th, 2009, 08:43 PM
#4
Thread Starter
Interweb adm/o/distrator
Re: Wireshark Packet Capturing
Already made sure were checked and both were as default it seems. Still wont capture... this is doing my head in
-
May 7th, 2009, 08:55 PM
#5
Re: Wireshark Packet Capturing
I just did a complete uninstall of wireshark/winPcap and reinstalled from scratch, removing all user preferences in uninstall. Working fine here. Are you running as a limited-rights user? Wireshark requires admin privs to access the network card. You can choose to start a service when installing wireshark/winpcap to allow non-admin users to scan the network interfaces.
-
May 7th, 2009, 08:57 PM
#6
Thread Starter
Interweb adm/o/distrator
Re: Wireshark Packet Capturing
I'm computer administrator... ill try reinstalling again... 
Does the winpcap service have a process name and what is it? It might not be started but i don't see why Wireshark wouldn't start it once it is executed.
-
May 7th, 2009, 11:41 PM
#7
Re: Wireshark Packet Capturing
The winPcap service is called NPF. I couldn't find it listed in services.msc, but I could start/stop it from cmd.exe with "net start npf" and "net stop npf".
More info at http://wiki.wireshark.org/CaptureSet...turePrivileges
-
May 8th, 2009, 12:06 AM
#8
Thread Starter
Interweb adm/o/distrator
Re: Wireshark Packet Capturing
Well just to recap:
- Windows Firewall isn't the problem
- Settings are correct
- I am an administrator
- NPF service is activated at startup
- I am selecting the right interface
- Reinstalled a couple of times
This is becoming so annoying!!!! I have no idea why it wouldst be working.
-
May 8th, 2009, 01:10 AM
#9
Re: Wireshark Packet Capturing
I would suggest checking out the Wireshark FAQ; specifically sections 7 and 8 (Capturing packets, Capturing packets on Windows). If that fails, try the Wireshark User's Guide.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|