THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
1

Can I skip "Finding Local Interfaces"?

Hi...

When I launch Wireshark, it takes ~30 seconds to initialize. Of this initialization time, the display indicates that about 25 seconds is spent "Finding Local Interfaces".

I use Wireshark virtually every day (I'm lucky that way!), and 99% of the time I am reading in an existing .pcap file. I almost never use Wireshark to capture the packets.

Is there a way for me to launch Wireshark in "No Capture" mode, so it does not bother looking for local interfaces?

(Always trying to be more efficient :-))

Thx...

feenyman99

feenyman99's avatar
108
feenyman99
asked 2019-01-23 22:29:33 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

2 Answers

0

See bug 15126 that details this issue. An associated change was committed and is available in the nightly builds and will be in the forthcoming 3.0 release.

grahamb's avatar
23.8k
grahamb
answered 2019-01-23 22:46:07 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

What I do currently (on WIndows) is to stop / disable the autostart capture service. For that you need to run a elevated (administrative) command prompt and enter

sc config npf start=demand             (if using WinPCAP)

sc config npcap start=demand           (if using npcap)

That prevents the capture driver to load on start. If I need to capture I open the elevated command prompt again and run 

sc start npcap

which runs the npcap capture service until the next reboot, or until I stop it again using

sc stop npcap

If you use WinPCAP you need to replace "npcap" with "npf" in both commands.

Jasper's avatar
24.1k
Jasper
answered 2019-01-24 15:41:17 +0000
edit flag offensive 0 remove flag delete link
more

Comments

And for those with a more modern view, the PowerShell equivalents (also requiring an elevated prompt) are:

Set-Service npcap -StartupType Manual

and to start\stop the service

Start-Service npcap
Stop-Service npcap

again swapping "npcap" with "npf" for WinPcap.

grahamb's avatar grahamb (2019-01-24 15:50:47 +0000) edit
more
  • delete

Thanks @grahamb - I guess I'm on the "Old School" track :-)

Jasper's avatar Jasper (2019-01-24 15:55:53 +0000) edit
more
  • delete
1

There's hope for you yet @Jasper!

grahamb's avatar grahamb (2019-01-24 15:59:59 +0000) edit
more
  • delete

Note that, as per bug 15126, there are two parts to "Finding local interfaces" - there's finding the interfaces that libpcap/WinPcap/Npcap knows about and there's finding the extcap interfaces. The "It's really slow" part tends to be the extcap part; disabling the driver for WinPcap/Npcap on Windows only eliminates the "finding the interfaces that libpcap/WinPcap/Npcap knows about" part, so if disabling the driver doesn't speed things up significantly, the problem is with extcap.

Guy Harris's avatar Guy Harris (2019-01-24 18:14:59 +0000) edit
more
  • delete

In my case I wonder why, but extcap doesn't seem to be the problem - especially my tower PC starts Wireshark in fractions of a second compared to multiple seconds after I disable npcap

Jasper's avatar Jasper (2019-01-24 19:29:56 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer