Wireshark · Wireshark-users: Re: [Wireshark-users] Dumpcap instead of Winpcap?

Wireshark-users: Re: [Wireshark-users] Dumpcap instead of Winpcap?

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 10 Feb 2010 09:19:24 -0800

On Feb 10, 2010, at 5:54 AM, km wrote:

> I have installed the latest versions of Wireshark (1.2.6) and WinPcap 
> (4.1.1).  When I start a capture the screen goes black but for a white 
> cursor. This is Dumpcap, which seems to be used in stead of WinPcap.

It's used "instead of WinPcap" in the sense that neither Wireshark nor TShark directly call libpcap or WinPcap to capture packets; instead, they run dumpcap to capture packets, and dumpcap calls libpcap or WinPcap to capture packets and save them to a file for Wireshark or TShark to read.

Dumpcap isn't a GUI application, so it shouldn't be doing anything to the screen at all; do you mean that the *entire* screen goes blank?  Does CTRL-ALT-DEL pop up the Task Manager?

Does that happen if you run dumpcap from a console window?  What about WinDump:

	http://www.winpcap.org/windump/install/default.htm

What version of Windows is this?

References:
- [Wireshark-users] Dumpcap instead of Winpcap?
  - From: km

Prev by Date: Re: [Wireshark-users] Dumpcap instead of Winpcap?
Next by Date: Re: [Wireshark-users] extracting IP SDU
Previous by thread: Re: [Wireshark-users] Dumpcap instead of Winpcap?
Next by thread: Re: [Wireshark-users] WindowsXP Broadcast question * Resolved *
Index(es):
- Date
- Thread