0

I'm experiencing some strange network errors on my local machine (MS-Windows 10 Enterprise 22H2). These also manifest in a WSL container running on the machine (but not on any other device on the same network). The only known active components between the affected host and any targets is Defender Firewall and Cisco Umbrella (problems persist after turning off Cisco unbrella). The host is not joined to a domain. Only connections to some hosts on the LAN are impacted.

I downloaded Wireshark to investigate further, but I see no local interfaces in to capture from - just the remote capture targets.

From cmd, ipconfig lists the local interfaces (ethernet, vpn tunnel, wifi, bluetooth).

I allowed all traffic for wireshark in Defender Firewall, but still no interfaces.

Running Wireshark as administrator did not change the behaviour.

Where should I look next to get Wireshark working?

symcbean
  • 21,009
  • 1
  • 31
  • 52

1 Answers1

1

Wireshark portable still requires a driver for Wireshark to retrieve the packets from the network card. There are a few options like WinPcap oder Npcap, Npcap being the "recommended" one by Wireshark itself.

See this link: https://wiki.wireshark.org/Npcap

So first install the driver, then run Wireshark Portable. When you are done, simply uninstall the driver. No reboot needed on either install or uninstall.

David Trevor
  • 205
  • 1
  • 12