This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

capture issues

0

I had been running wireshark successfully for some time. In late august, a microsoft update to my XP operating system locked my computer up and I had no alternative but to start from scratch and reload my operating system and all the programs that I was using. Since then, I cannot get Wireshark to work. My wireless works properly but when I try a wireshark packet capture I get the following message:

" Capture session could not be initiated( failed to set hardware filter to promiscuous mode)
  Please check that "\ Device\NPF_{ 5F7A801C-C89A-41FB-91CD-E9AE11B86C59}" is the
 proper interface. "

The hardware has been set to promiscuous mode so the first line is wrong. I know something is set wrong but I can't figure out what.

                                          Baffled

asked 24 Oct '10, 20:45

Baffled's gravatar image

Baffled
1111
accept rate: 0%

Did you also try to (re)install WinPcap?
You can download the latest stable WinPcap version 4.1.2 here.

Try to run:
$ wireshark -i 3 -o "capture.prom_mode: TRUE" -k

(25 Oct '10, 06:00) joke

I have reinstalled WinPcap 4.1.2 and an older version of WinPcap. Both had no effect. Also no luck with the running the suggested command. Thanks for the attempt Joke. Baffled

(25 Oct '10, 20:46) Baffled

Can you go into Capture Options and turn off promiscuous mode and then try the capture? If that's the problem then you should get an error message.

When you select Capture > Interfaces do you see your adapter and does it seem to indicate it sees traffic?

(25 Oct '10, 21:05) lchappell ♦

Laura I tried turning off promiscuous mode as you suggested and Wireshark begins capturing packets normally without any error message. As for my adapter, it is listed as an interface and it does appear to be seeing traffic.

                           Baffled
(26 Oct '10, 19:53) Baffled

Guy As it turns out, this is a computer specific issue. When my system crashed and I reloaded everything, I must have updated my wireless driver. While the new driver would work for everything else, it would not run Wireshark in promiscuous mode. By rolling back my driver to a previous version, the problems went away. I hadn't thought to try this earlier. Thanks to everyone for the suggestions anyway. Baffled

(31 Oct '10, 16:46) Baffled

One Answer:

2

This is almost certainly a WinPcap problem; it probably got an error from the WinPcap driver. Try capturing with WinDump - without the "-p" flag, so that it tries to turn promiscuous mode on - and see whether it reports the same error. If so, this is definitely a WinPcap error, and you'll need to report it to the WinPcap developers.

answered 26 Oct '10, 20:53

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%