Wireshark · Wireshark-dev: [Wireshark-dev] Problems with \Device\NPF

Wireshark-dev: [Wireshark-dev] Problems with \Device\NPF_ prefix

From: Gisle Vanem <gisle.vanem@xxxxxxxxx>

Date: Thu, 11 Jan 2018 23:34:17 +0100

In my recently built Tshark/Wireshark etc., I've discovered
this longer works:
  tshark.exe -i \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}

It says:
  Capturing on '\Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}'
  tshark: The capture session could not be initiated on interface '\Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}'
  (Error opening adapter: Operasjonen er utført. (0)).  << == NO_ERROR !!??

But this works:
  tshark.exe -i {3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}

(no "\Device" prefix) How come?

I also tried with:
  tshark.exe -o console.log.level:252 -i \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}

which splits out at the end some mysterious stuff:
  ...
  (tshark.exe:10360): Capture-DEBUG: argv[5]: 10360
  (tshark.exe:10360): Capture-DEBUG: read 14 ok indicator: E len: 402 msg: E

The 'msg: E' does show up with w/o the prefix?
A dumpcap/pipe reading problem?

Win-10, WinPcap 4.1.0.2980.

--
--gv

Follow-Ups:
- Re: [Wireshark-dev] Problems with \Device\NPF_ prefix
  - From: Gisle Vanem

Prev by Date: [Wireshark-dev] Wireshark 2.4.4 is now available
Next by Date: Re: [Wireshark-dev] Problems with \Device\NPF_ prefix
Previous by thread: [Wireshark-dev] Wireshark 2.4.4 is now available
Next by thread: Re: [Wireshark-dev] Problems with \Device\NPF_ prefix
Index(es):
- Date
- Thread