I have installed wireshark 2.0.2. But I am not able to watch any interface in interface list GUI. Though i am connected with internet through LAN cable. What can be the issue?
asked 06 Apr '16, 05:50  ankit edited 06 Apr '16, 05:51 |
One Answer:
Hi @grahamb, First of all thanks for your replies... When I opened wireshark with "Run as administrator" option it is showing me the possible list of interfaces. So now I am able to capture the packets as mentioned in below image
I got the hint of this solution from this link answered 07 Apr '16, 01:35 ankit 1 That's very abnormal behaviour on Windows. There have been occasional reports of this, but no definite cause. I think there have been instances where somehow the installation wasn't run with elevated permissions. It's not recommended running Wireshark with elevated permissions as malicious network traffic could cause the 3 million + lines of code in Wireshark to do something bad. I would uninstall Wireshark and WinPcap, reboot and then reinstall, ensuring that the installer does run with elevated permissions, i.e. you should get a UAC prompt. (07 Apr '16, 02:38) grahamb ♦ I've seen this behavior where Wireshark is installed by administrators and used by users without admin privileges. You may be allowed to "Run as Administrator", but not as yourself. So, you might be stuck doing just that to get Wireshark to access Windows' locked down components. I agree with @grahamb; you might discuss this with your administrator as to how you can run it without elevated permissions. (07 Apr '16, 13:01) coloncm @coloncm That's an interesting thought. All the users I support have their account in the local Administrators group as this allows them to install software. I'll check out what happens with a plain user account. (07 Apr '16, 14:28) grahamb ♦ |
Access to interfaces is provided by WinPCap, usually installed by the Wireshark installer. What does your Help -> About Wireshark info show. Hint, you can copy the text from the dialog by highlighting it with your mouse and right clicking and selecting copy (or Ctrl + C).
Below is the my Help -> About wireshark menu info
Version 2.0.2 (v2.0.2-0-ga16e22e from master-2.0)
Copyright 1998-2016 Gerald Combs [email protected] and contributors. License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.3.2, with WinPcap (4_1_3), with libz 1.2.8, with GLib 2.42.0, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.2, with GnuTLS 3.2.15, with Gcrypt 1.6.2, with MIT Kerberos, with GeoIP, with QtMultimedia, with AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with locale C, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.2.15, with Gcrypt 1.6.2, without AirPcap. Intel(R) Core(TM) i5-3340M CPU @ 2.70GHz (with SSE4.2), with 4001MB of physical memory.
Built using Microsoft Visual C++ 12.0 build 40629
Wireshark is Open Source Software released under the GNU General Public License.
Check the man page and http://www.wireshark.org for more information.
OK, you have WinPcap installed, so for some reason it isn't returning a list of interfaces.
From a command prompt what does
"C:\Program Files\Wireshark\dumpcap" -Dgive as output?Below is the output of dumpcap -D from cmd ...
Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Program Files\Wireshark>dumpcap.exe -D dumpcap: There are no interfaces on which a capture can be done
C:\Program Files\Wireshark>