This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark only works one time

0

Hello,

Let me explain what's going on with my wireshark installation. I am using wireshark to sniff EtherCAT packets, and everything works perfectly the first time I run wireshark. After I press the stop button and try to restart the sniffing process, wireshark simpy freezes and I am forced to close it and restart it to get it to work again.

It works, as you can see, but it's really anoying to restart it after every sniff.

Has anyone else ever had to deal with this problem?

EDIT: OS: Windows 7 Wireshark v1.12.1

EDIT2: @grahamb Yes it stops. For some reason I can't write comments now, it sends me this message: "Sorry, but akismet thinks your comment is spam"

asked 19 Sep '14, 08:03

morcillo's gravatar image

morcillo
11113
accept rate: 0%

edited 20 Sep '14, 09:41

Wireshark and OS versions?

(19 Sep '14, 08:11) grahamb ♦

Can you check, using task manager, that when you stop the capture, the capture process dumpcap.exe stops?

(19 Sep '14, 08:30) grahamb ♦

@grahamb Yes, it stops

(20 Sep '14, 09:35) morcillo

@grahamb Sorry it took such a long time to answer in the comments, but yesterday it said that I was not allowed to post comments. Something about my comment being spam

(20 Sep '14, 09:38) morcillo

@grahamb Hello? Sorry to call you this way, but it's getting really hard to use wireshark as it is now

(29 Sep '14, 17:29) morcillo

Do you have any AV or endpoint protection, or VPN software installed on the machine? These have been known to interfere with Wireshark operation, but usually by just hiding some traffic.

(30 Sep '14, 02:12) grahamb ♦

@grahamb No. Nothing like that. But I am using a ethernet to usb converter in order to sniff the packets. That's the only possible interface tha I have at the time. Could that be the problem?

(30 Sep '14, 07:26) morcillo

@morcillo,

Just to confirm, the first run works, and allows you to stop the capture, but starting another capture (with which button or command?) causes Wireshark to hang?

(30 Sep '14, 08:03) grahamb ♦

@grahamb Exactly. I run it the first time, the I press the stop button (big red square button). After that I can analyze all the packets. Everything is perfect until I try to restart wireshark. When I do that it hangs.

(30 Sep '14, 08:12) morcillo
showing 5 of 9 show 4 more comments

One Answer:

1

I have looked into a very similar issue (on Win 8 tho) before as the OP was able to provide me with process dumps, but all I could determine was that Wireshark was stuck in a call into WinPCap which is another project entirely.

answered 30 Sep '14, 09:41

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

@grahamb Thank you for that tip. I had already tried installing and uninstalling wireshark, but without uninstalling WinPCap. Thanks to this comment I removed it completely and installed everything again. Now it works. Would you like to post it as an answer? That wai I'll be able to thank you properly.

(30 Sep '14, 14:26) morcillo