In my recently built Tshark/Wireshark etc., I've discovered
this longer works:
tshark.exe -i \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}
It says:
Capturing on '\Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}'
tshark: The capture session could not be initiated on interface '\Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}'
(Error opening adapter: Operasjonen er utført. (0)). << == NO_ERROR !!??
But this works:
tshark.exe -i {3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}
(no "\Device" prefix) How come?
I also tried with:
tshark.exe -o console.log.level:252 -i \Device\NPF_{3A46ACA0-CBED-44BC-A239-6AEA3D0C451D}
which splits out at the end some mysterious stuff:
...
(tshark.exe:10360): Capture-DEBUG: argv[5]: 10360
(tshark.exe:10360): Capture-DEBUG: read 14 ok indicator: E len: 402 msg: E
The 'msg: E' does show up with w/o the prefix?
A dumpcap/pipe reading problem?
Win-10, WinPcap 4.1.0.2980.
--
--gv