Wireshark-users: Re: [Wireshark-users] Windows 2003 Server

Date: Mon, 3 Dec 2012 21:58:05 +0000

Not sure what’s up but if you’re just capturing traffic to look at later maybe you would be better trying tshark or dumpcap

 

Run dumpcap –D to get your interface list

EG

C:\Program Files\Wireshark>dumpcap -D

1. \Device\NPF_{8CF5911A-754C-4F6D-98B9-E1234E231E00} (Intel(R) 82578DM Gigabit Network Connection)

2. \Device\NPF_{F458FCE1-7DB4-419F-A28B-93679D91D30F} (Microsoft Corporation)

3. \Device\NPF_{978FA0EA-B2E3-4E59-AF48-3674AA75DF55} (Microsoft)

4. \Device\NPF_{02060821-E84A-4AC8-A15C-5B942C5C3975} (Microsoft Corporation)

5. \Device\NPF_{42084919-7FD3-4D55-8989-D5BAB9BB5615} (Microsoft)


One you select your interface the number will go after –i in the following command. This example uses interface #1 on my system (note outlook mail client sometimes messes up the dashs so you may not be able to copy and paste, you have to retype)

EG

dumpcap -i 1 -b filesize:30000 -b files:20 -w c:\temp\packetcapture.pcap

 

Please ensure the output directory exists first! When your ready to stop hit control+c (or kill the command prompt but sometimes this will ‘trash’ the last packet in the capture and wireshark will complain when you open the file)

 

Hope that helps

tim

 

From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Jim Hurley
Sent: Monday, December 3, 2012 3:23 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] Windows 2003 Server

 

Hello,

I installed the latest version of Wireshark onto a server running Windows 2003 Server. The installation went fine, and Win PCap 4.2 installed fine as well.

I launched Wireshark and started capturing traffic, no filters, just a ring buffer with 20 files each of 30 megabytes. After a period of time (1 hour maybe 2) I get an error from the OS saying that Visual C++ has asked to terminate in an unusual way.

Does anyone know what could be causing this???

Jim