On 29 April 2017 at 08:10, Gisle Vanem
<gisle.vanem@xxxxxxxxx> wrote:
I'm on Win-10 and have now troubles sniffing on anything except
BlueTooth! This is the list of interfaces I expect to get:
dumpcap.exe -D
1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling)
2. \Device\NPF_{F92984E3-5D40-4AD9-B054-41288EAE699F} (Wi-Fi 2)
3. \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D} (Ethernet)
4. \\.\airpcap00 (AirPcap USB wireless capture adapter nr. 00)
But with "tshark.exe -D", I only get:
1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling)
I also tried with:
set G_MESSAGES_DEBUG=all << no effect
tshark.exe -o console.log.level:252 -D
giving:
Capture-Message: Capture Interface List ...
(tshark.exe:8440): Capture-DEBUG: sync_interface_list_open
Capture-INFO: sync_pipe_run_command() starts
(tshark.exe:8440): Capture-DEBUG: argv[0]: F:\mingw32\src\inet\Wireshark\dumpcap.exe
(tshark.exe:8440): Capture-DEBUG: argv[1]: -D
(tshark.exe:8440): Capture-DEBUG: argv[2]: -Z
(tshark.exe:8440): Capture-DEBUG: argv[3]: none
(tshark.exe:8440): Capture-DEBUG: sync_pipe_open_command
(tshark.exe:8440): Capture-DEBUG: read 21 indicator: S empty value
(tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: wait till child closed
(tshark.exe:8440): Capture-DEBUG: sync_pipe_wait_for_child: capture child closed after 0.016s
Capture-INFO: sync_pipe_run_command() ends, taking 0.328s, result=0
Capture-Message: Loading External Capture Interface List ...
1. \Device\NPF_{C25DD2C2-2E05-4337-A847-84EF6CAB86BF} (Bluetooth-nettverkstilkobling)
Note, this is with Wireshark compiled from Git by myself using MSVC-2015, 32-bit;
A version + build-method that has worked well for years. But recently it's been
misbehaving as shown above. Any hints?
Unsure whether this is related, but MSVC2015 support is regarded as "experimental". The official builds are still using VS2013.
The above "read 21 indicator: S empty value" for me indicates a problem in
the pipe I/O between tshark and dumpcap. No?
