Hi, New to this forum, any help is much appreciated. Has anyone seen Wireshark crash on Server 2012 R2 I have tried both the 64 and 32 version and they both crash at load when they reach 100%. Then when you go into the Task Manager the dumpcap is suck at 0% CPU cannot be quit. You have to reboot the server to uninstall.
asked 19 Sep '14, 05:52  djorpheus edited 19 Sep '14, 06:16 showing 5 of 11 show 6 more comments |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
What do you mean by "reach 100%" - is that while already capturing, or still loading/starting Wireshark itself?
1.12.1 x64 works perfectly fine for me on 2K12 R2.
Hi Jasper,
Thanks for responding, When Wireshark is still loading it reaches 100% and then crashes.
I have attempted to remotely debug a similar issue on Win 8, where the call into dumpcap at startup to determine what interfaces exist hangs. Unfortunately the problem appeared to be in WinPCap and as such isn't a Wireshark problem.
None of my Win 8.x, Server 2012 systems exhibit the problem.
Does Wireshark actually crash, or just hang?
Hi Grahamb,
Thanks for responding, I guess you would call it a hang. It just never loads, and then I cannot end the Dumpcap process.
I was thinking of trying an older version. Have you seen any issues with those?
You can try, but the issue seems to be with WinPCap, not Wireshark. I have never been able to reproduce the issue on any machine.
Can you confirm you're installing 1.12.1? You might want to remove Wireshark and \ or WinPCap and reboot and ensure there is no trace of either before re-installing again.
Do you have anything out of the ordinary on the server, e.g. teamed or multiport NIC's?
We are running Websense on these Servers. We are trying to capture a packet that tells the machine to go to the blocked Website of Websense. There are 2 NICs in use on these machines. One is configured for regular IPV4 traffic and the other NIC is a monitoring NIC that is configured just to look at the traffic, the port on the switch this NIC is plugged into also is configured just to monitor all traffic.
We are definitely installing version 1.12.1 and Yes I have uninstalled rebooted, even done a Regedit to make sure all Traces of Wireshark and WinPCap are completely removed and rebooted again.
I have the same issue on a Windows Server 2012 R2 system. Wireshark hangs (both 1.12.2 and 1.99.1) and the dumpcap process freezes.
After killing the Wireshark process it is not possible to kill the dumpcap process and a reboot is required.
On the system there is not Winpcap installed (the Wireshark is only used to display captured data and not to capture new data). => It's not a Winpcap issue.
The issue is reproducible when calling Wireshark by the "Riverbed SteelCentral Packet Analyzer" (formerly Cascade Pilot) software (function "Send to Wireshark").
The only way to proceed with this is to debug using the afflicted machine, either with a debugger on that machine or create a crash dump and making that available.
Note that unless you know you're way around WinDbg and are prepared to install the Wireshark source files, the first option isn't really practical, and the second option requires you to make the crashdump available which may be quite large and contains all the Wireshark process memory that may contain things you don't want to make public.