Hi I started using Wireshark just couple of weeks ago. When I apply ANY filter (even as simple as ip.addr = MyIP) all packets disappear from the display. This happens with any valid filter. The status bar keeps on showing "Number of packets XXX, Displayed XXX (100%). But nothing actually is seen in the display window. I have to restart wireshark to see the packets. But as soon as I apply any filter, the packets are gone from display. Even removing the filter does not work. I am using Wireshark 2.0.1 on Windows Server 2008 R2. Strangely, it DID work on the same machine earlier. I even re-installed Wireshark, but the problem persists. Would appreciate any help on this. asked 03 Feb '16, 19:08 pvm |
One Answer:
Could you maybe try to restart your machine using safe mode with networking of Windows and try in safe mode? As the computer is turning on, press F8 repeatedly, and choose Safe Mode with Network. Then try your Wireshark again! We might then find it's a driver or an APP causing the problem in normal mode. Y. answered 03 Feb '16, 19:46 thewol Thanks thewol, that was a good pointer. I am running it on a VM hosed on ESX server in our server room. Couldn't find time to try that due to project work. When I got hold of the login for the ESX server, I tried booting it in safe mode (with networking) but then Wireshark couldn't find the network interface. Tried few things to get around this but did not succeed. Finally I ended up switching over to another VM. But still curious to figure it out. Will do it sometime when I am free from the workload though. (19 Feb '16, 01:44) pvm |
Does this also haven with saved capture files or only live captures? If it happens on a capture file, can you share the capture file publicly so we can check it?