This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How do I get the interface name for use with the -i flag in Windows

0

How do I know the name of the interface for the -i flag in windows? I tried the reported name (Intel(r) 82579LM Gigabit Network Connection) both with and without quotes around it.. as well as the interface listed when you go to Capture Interfaces -> Details.. which shows

\Devices\NPF_{362508C4-F6CC-4A4A-AB17-9DA1017E4C41} (I tried using just the NPF and the rest to the right with the -i flag)

Any help would be great as I'm writing this into a script...

asked 20 Jun '12, 08:49

rjr162's gravatar image

rjr162
1111
accept rate: 0%

converted to question 20 Jun '12, 13:20

grahamb's gravatar image

grahamb ♦
19.8k330206

Never mind.. I guess adding the \Devices\ part was the answer!

(20 Jun '12, 08:50) rjr162

Note that the "reported name" is, I think, the vendor-supplied description, and that might, on a (probably server) machine with multiple adapters of the same type, not be unique.

Supporting using the description as a "-i" argument might not be a bad idea - it'd presumably fail if there's more than one interface with the same description. You might want to file an enhancement request on the Wireshark bugzilla for that. (Supporting the "friendly name" might also be nice; that'd require extending pcap to support that or having *shark do it directly.)

(20 Jun '12, 15:11) Guy Harris ♦♦

One Answer:

2

Wireshark (and tshark and dumpcap and windump) all take a -D flag which will display the interface names which can be captured on, and the index of the interfaces. The -i flag will use the index or the name which can be easier for scripting.

answered 20 Jun '12, 13:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%