I am unable to install Wireshark-win64-2.4.1.exe in our machine with Windows 8 embedded standard. We need to analyze USB traffic on one of our USB ports. As I try to install it with WinPcap and USBPcap, it installs fine. But when we open the Wireshark, it says "Initializing extcap.." for a long time and after that it goes to "not responding" and we have to terminate it with task manager. We are running with USBPcap and WinPCap start with program start up. Also, when we reopen the wireshark again, it says can't open the program. Tried reinstalling a lot of times, but didn't work. Any help is greatly appreciated. asked 11 Oct '17, 08:06 saisudheer8 showing 5 of 6 show 1 more comments |
One Answer:
That would seem to be an issue with running on Windows 8 Embedded then. Can you install USBPCap and use USBPcapCmd.exe to capture, then copy the capture file to a regular Windows system? answered 11 Oct '17, 09:59 grahamb ♦ |
I know you want to capture on USB, but can you try uninstalling USBPcap and then starting Wireshark? My suspicion is that the USBPcap driver is hanging Wireshark when it attempts to enumerate all the interfaces.
As an aside I'm not aware of anyone using Wireshark on the Embedded versions of Windows, you might be on the bleeding edge there.
I have tried installing it without USBPcap. I get the following error: Wireshark.exe - System error The program can't start because api-ms-win-crt-locale-l1-1-0.dll is missing from your computer. Try reinstalling the program to fix this problem.
@grahamb, I'm afraid the issue might be the 32-bit installer of 2.4.1. Yesterday I was installing it remotely on a Win7 32-bit notebook and got the same error for repeated uninstall-and-reinstall attempts, but as I could resolve the real issue there without Wireshark, I did not dig further into this .dll trouble. But to make it even more interesting, also tshark and dumpcap were complaining about absence of that .dll. The 2.4.1 on my main notebook (Win10 64 bit) runs fine. Also, the missing .dll issue should not be related to USBPcap, as I didn't install USBPcap there during any of the attempts.
@saisudheer8, what @grahamb suggests you is to invoke USBPcapCmd.exe alone directly from the command line rather than invoke it from Wireshark. USBPcapCmd.exe might not need that missing library, so you could be able to capture the USB traffic you are interested in into a .pcap file written directly by USBPcapCmd.exe, and then copy that .pcap file somewhere where Wireshark runs normally (64-bit Windows, linux, Mac OS) and analyse it there. To run USBPcapCmd.exe, WinPcap need not be installed. As for the "initializing extcap" forever, there used to be an issue with large lists of USB (and Bluetooth) devices related to extcap which is Wireshark's (well, dumpcap's) interface to USBPcap, and I'm not sure whether it has already been resolved.
So the symptoms have changed from hanging to reporting a missing DLL. I don't have any Win 7 32 bit (or any Win 32 bit for that matter) systems handy to test. I'll have to fire up a VM for that.
Please file the sentence above as a separate Question as it is only loosely related to your original one. This is a Q&A site, not a discussion forum.
I could convert your previous comment to a new question myself but doing so would move your confirmation away from here.
Done. Thanks