Results 1 to 9 of 9

Thread: Wireshark Packet Capturing

  1. #1

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Wireshark Packet Capturing

    I select the interface yet it doesn't seem to show the packets in real time for some strange reason. I am using XP i went to security center made sure Wireshark wasn't blocked by the Firewall etc but it still doesn't list them. The thing is when i go to the 'Interface Selection' dialog it shows that the interface is receiving/sending packets but its just appears to not want to display them... no filters are applied either.

    Any ideas?

  2. #2
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Cool Re: Wireshark Packet Capturing

    I just tried wireshark (v1.0.0) on XP here, without touching any external settings (firewall, etc.).
    Menu->Capture->Interfaces->Ethernet->Start
    I saw the packet data appearing in wireshark in real-time. No idea what's happening on your end.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  3. #3
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: Wireshark Packet Capturing

    Just installed 1.0.7, and you might need to set the capture preferences correctly.
    Edit->Preferences->Capture. Check the boxes for "Update list of packets in real time" and "Automatic scrolling in live capture".
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  4. #4

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Wireshark Packet Capturing

    Already made sure were checked and both were as default it seems. Still wont capture... this is doing my head in

  5. #5
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: Wireshark Packet Capturing

    I just did a complete uninstall of wireshark/winPcap and reinstalled from scratch, removing all user preferences in uninstall. Working fine here. Are you running as a limited-rights user? Wireshark requires admin privs to access the network card. You can choose to start a service when installing wireshark/winpcap to allow non-admin users to scan the network interfaces.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  6. #6

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Wireshark Packet Capturing

    I'm computer administrator... ill try reinstalling again...

    Does the winpcap service have a process name and what is it? It might not be started but i don't see why Wireshark wouldn't start it once it is executed.

  7. #7
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: Wireshark Packet Capturing

    The winPcap service is called NPF. I couldn't find it listed in services.msc, but I could start/stop it from cmd.exe with "net start npf" and "net stop npf".

    More info at http://wiki.wireshark.org/CaptureSet...turePrivileges
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

  8. #8

    Thread Starter
    Interweb adm/o/distrator Paul M's Avatar
    Join Date
    Nov 2006
    Location
    Australia, Melbourne
    Posts
    2,306

    Re: Wireshark Packet Capturing

    Well just to recap:
    • Windows Firewall isn't the problem
    • Settings are correct
    • I am an administrator
    • NPF service is activated at startup
    • I am selecting the right interface
    • Reinstalled a couple of times


    This is becoming so annoying!!!! I have no idea why it wouldst be working.

  9. #9
    Frenzied Member tr333's Avatar
    Join Date
    Nov 2004
    Location
    /dev/st0
    Posts
    1,605

    Re: Wireshark Packet Capturing

    I would suggest checking out the Wireshark FAQ; specifically sections 7 and 8 (Capturing packets, Capturing packets on Windows). If that fails, try the Wireshark User's Guide.
    CSS layout comes in to the 21st century with flexbox!
    Just another Perl hacker,

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width