Wireshark-dev: Re: [Wireshark-dev] BUG: infinite loop in "dumpcap -L" with rpcap:// interface s
From: Jeff Morriss <[email protected]>
Date: Wed, 21 Sep 2016 16:31:46 -0400

On Fri, Sep 16, 2016 at 10:40 AM, Lukas Tribus <[email protected]> wrote:

dumpcap (and wireshark, if using that dumpcap feature) hangs using a full CPU core since 2.2.0 in the following conditions:

- OS is Windows (other OS'es unknown)
- interface is remote ("rpcap://...")
- dumpcap is trying to read the link type (-L)

For example, old stable 2.0.6 works fine:
Wireshark206Portable\App\Wireshark>dumpcap -i rpcap://[]/eth0 -L
Data link types of interface rpcap://[]/eth0 (use option -y to set):
  EN10MB (Ethernet)

\Wireshark220Portable\App\Wireshark>dumpcap -i rpcap:// []/eth0 -L
<<--- hangs using a full CPU core

Wireshark, if using this dumpcap feature hangs as well (when adding remote interfaces).

Wireshark 2.0.6 and previous releases work fine.

For the record it looks like you did the right thing :-) and submitted a bug report for this: