Re: [Wireshark-dev] Devices in tshark versus dumpcap

Sat, 29 Apr 2017 01:24:08 -0700 

On 29 April 2017 at 08:10, Gisle Vanem <[email protected]> wrote:

>
> I'm on Win-10 and have now troubles sniffing on anything except
> BlueTooth! This is the list of interfaces I expect to get:
>
> dumpcap.exe -D
>   1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF}
> (Bluetooth-nettverkstilkobling)
>   2. \Device\NPF_{F92984E3-5D40-4AD9-B054-41288EAE699F} (Wi-Fi 2)
>   3. \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D} (Ethernet)
>   4. \\.\airpcap00 (AirPcap USB wireless capture adapter nr. 00)
>
> But with "tshark.exe -D", I only get:
>   1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF}
> (Bluetooth-nettverkstilkobling)
>
> I also tried with:
>   set G_MESSAGES_DEBUG=all   << no effect
>   tshark.exe -o console.log.level:252 -D
>
> giving:
>   Capture-Message: Capture Interface List ...
>   (tshark.exe:8440): Capture-DEBUG: sync_interface_list_open
>   Capture-INFO: sync_pipe_run_command() starts
>   (tshark.exe:8440): Capture-DEBUG:   argv[0]:
> F:\mingw32\src\inet\Wireshark\dumpcap.exe
>   (tshark.exe:8440): Capture-DEBUG:   argv[1]: -D
>   (tshark.exe:8440): Capture-DEBUG:   argv[2]: -Z
>   (tshark.exe:8440): Capture-DEBUG:   argv[3]: none
>   (tshark.exe:8440): Capture-DEBUG: sync_pipe_open_command
>   (tshark.exe:8440): Capture-DEBUG: read 21 indicator: S empty value
>   (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: wait till
> child closed
>   (tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: capture
> child closed after 0.016s
>   Capture-INFO: sync_pipe_run_command() ends, taking 0.328s, result=0
>   Capture-Message: Loading External Capture Interface List ...
>   1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF}
> (Bluetooth-nettverkstilkobling)
>
> Note, this is with Wireshark compiled from Git by myself using MSVC-2015,
> 32-bit;
> A version + build-method that has worked well for years. But recently it's
> been
> misbehaving as shown above. Any hints?
>
>
Unsure whether this is related, but MSVC2015 support is regarded as
"experimental".  The official builds are still using VS2013.


> The above "read 21 indicator: S empty value" for me indicates a problem in
> the pipe I/O between tshark and dumpcap. No?
>
>
Are you building the stable version or dev (2.2.x or 2.3x)?

-- 
Graham Bloice

___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <[email protected]>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:[email protected]?subject=unsubscribe

Reply via email to