This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

11 Clean Machines, Wireshark won’t load on any

0

Hello, we have a classroom with 11 Windows 8.1 Machines. These are various machines (HP Proliant, Supermico, Dell, Tyan, etc.) All of which are fresh installations with full upgrades.

We installed Wireshark-win64-1.12.6.exe The software installed successfully along with WinPcap

On no machine would Wireshark load. On each machine Wireshark Splashscreen is stuck at 100%. A few of the have been stuck at 100% since yesterday, the other we had to reboot.

These machines do not have anti-virus softwares on anything of the like. Nearly all are fresh, clean installations with hardly anything installed except alternative web browsers and text editors.

Any help will be greatly appreciated.

Some students have said that they have never been able to get Wireshark to properly load on Windows 8.1

asked 07 Aug '15, 09:31

charlesrenaullt's gravatar image

charlesrenaullt
6112
accept rate: 0%

One Answer:

0

Almost certainly this is something particular to your environment, as it isn't generally an issue elsewhere.

There have been reports of a lock-up caused by WinPCap, as when Wireshark starts it makes a call into WinPCap to get the list of network adaptors and for reasons currently unknown this call hangs.

Can you use a tool such as Process Explorer and check for instances of dumpcap running, and if there are, the command line parameters to the instance(s).

Do you have any "odd" adaptors in the machines, e.g. other than a standard on-board Ethernet NIC?

answered 10 Aug '15, 03:20

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Hi grahamb,

Thank you very much for your reply. [As far as the network cards ... all on-board.] These are all standard, affordable machines. All of various brands. We have two (2) laptops: Toshiba Satellite, Lenovo ThinkPad. We have servers converted to desktops (Intel motherboard, SuperMicro, Tyan, Dell, HP Proliant).

I do recall that dumpcap was running in the background (as installed by Wireshark package installer. I'll reply with further details - "command line parameters to the instance(s)".

In any case, thanks again.

(10 Aug '15, 09:04) charlesrenaullt
I do recall that dumpcap was running in the background (as installed by Wireshark package installer.

I vaguely remember seeing discussions about that as well. When you stop Wireshark there should be no instances of dumpcap.exe running. If you can achieve that, then you can also try dumpcap -D from the command line to list the interfaces found by WinPCap.

(10 Aug '15, 09:56) grahamb ♦