Revision history [back]
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
The above error ocurred on my home PC.
================================================================
On my company computer (Microsoft Windows [Version 6.1.7601]), I have Wireshark Version 2.2.3 (v2.2.3-0-g57531cd) installed(PS: no permision to install any software that needs privilege in my company), it lists plugins in the plugins tab of Help -> About Wireshark.
ciscodump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\ciscodump.exe
androiddump.exe 1.0.3 extcap C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
randpktdump.exe 0.1.0 extcap C:\Program Files (x86)\Wireshark\extcap\randpktdump.exe
sshdump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\sshdump.exe
However, when I capture by android-wifi-tcpdump-71UBBLF22BJQ, it pops up an error dialog (Copy text) as following.
---------------------------
---------------------------
Error by extcap pipe: ERROR: Broken socket connection.
---------------------------
OK
---------------------------
And console log is as following:
C:\Program Files (x86)\Wireshark>19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.002s
19:12:24 Capture Msg Capture Start ...
19:12:24 Capture Dbg sync_pipe_start
19:12:24 Capture Dbg CAPTURE OPTIONS :
19:12:24 Capture Dbg Interface name[00] : android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Interface description[00] : Android WiFi m1_note 71UBBLF22BJQ
19:12:24 Capture Dbg Console display name[00]: android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Capture filter[00] : (unspecified)
19:12:24 Capture Dbg Snap length[00] (0) : 262144
19:12:24 Capture Dbg Link Type[00] : -1
19:12:24 Capture Dbg Promiscuous Mode[00]: TRUE
19:12:24 Capture Dbg Extcap[00] : C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
19:12:24 Capture Dbg Extcap FIFO[00] : (unspecified)
19:12:24 Capture Dbg Extcap PID[00] : -1
19:12:24 Capture Dbg Buffer size[00] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[00] : FALSE
19:12:24 Capture Dbg Capture source[00] : Remote interface
19:12:24 Capture Dbg Remote host[00] : (unspecified)
19:12:24 Capture Dbg Remote port[00] : (unspecified)
19:12:24 Capture Dbg Authentication[00] : Null
19:12:24 Capture Dbg UDP data tfer[00] : 0
19:12:24 Capture Dbg No cap. RPCAP[00] : 1
19:12:24 Capture Dbg No cap. local[00] : 0
19:12:24 Capture Dbg Sampling meth.[00] : 0
19:12:24 Capture Dbg Sampling param.[00] : 0
19:12:24 Capture Dbg Interface name[df] : (unspecified)
19:12:24 Capture Dbg Interface Descr[df] : (unspecified)
19:12:24 Capture Dbg Capture filter[df] :
19:12:24 Capture Dbg Snap length[df] (0) : 262144
19:12:24 Capture Dbg Link Type[df] : -1
19:12:24 Capture Dbg Promiscuous Mode[df]: TRUE
19:12:24 Capture Dbg Extcap[df] : (unspecified)
19:12:24 Capture Dbg Extcap FIFO[df] : (unspecified)
19:12:24 Capture Dbg Buffer size[df] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[df] : FALSE
19:12:24 Capture Dbg Capture source[df] : Local interface
19:12:24 Capture Dbg Authentication[df] : Null
19:12:24 Capture Dbg UDP data tfer[df] : 0
19:12:24 Capture Dbg No cap. RPCAP[df] : 1
19:12:24 Capture Dbg No cap. local[df] : 0
19:12:24 Capture Dbg Sampling meth. [df] : 0
19:12:24 Capture Dbg Sampling param.[df] : 0
19:12:24 Capture Dbg SavingToFile : 0
19:12:24 Capture Dbg SaveFile :
19:12:24 Capture Dbg GroupReadAccess : 0
19:12:24 Capture Dbg Fileformat : PCAPNG
19:12:24 Capture Dbg RealTimeMode : 1
19:12:24 Capture Dbg ShowInfo : 1
19:12:24 Capture Dbg MultiFilesOn : 0
19:12:24 Capture Dbg FileDuration (0) : 60
19:12:24 Capture Dbg RingNumFiles (0) : 0
19:12:24 Capture Dbg AutostopFiles (0) : 1
19:12:24 Capture Dbg AutostopPackets (0) : 0
19:12:24 Capture Dbg AutostopFilesize(0) : 1000 (KB)
19:12:24 Capture Dbg AutostopDuration(0) : 60
19:12:24 Capture Dbg
Wireshark Created pipe =>(\\.\pipe\wireshark_extcap_20171116191224)
19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg ConnectNamedPipe code: 0
19:12:24 Capture Dbg argv[0]: C:\Program Files (x86)\Wireshark\dumpcap.exe
19:12:24 Capture Dbg argv[1]: -n
19:12:24 Capture Dbg argv[2]: -i
19:12:24 Capture Dbg argv[3]: \\.\pipe\wireshark_extcap_20171116191224
19:12:24 Capture Dbg argv[4]: -Z
19:12:24 Capture Dbg argv[5]: 9272
19:12:24 Main Dbg Callback: capture prepared
19:12:24 Dbg FIX: capture_info_ui_create
19:12:24 Capture Dbg read 5 ok indicator: F len: 106 msg: C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extca
p_20171116191224_20171116191224_a10352.pcapng
19:12:24 Capture Msg Capture started
19:12:24 Capture Msg File: "C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extcap_20171116191224_2017111619122
4_a10352.pcapng"
19:12:24 Main Dbg Callback: Opened
19:12:24 Main Dbg Callback: capture update started
19:12:24 Capture Dbg read 5 ok indicator: D len: 2 msg: 0
19:12:24 Capture Info 0 packets dropped
19:12:24 Capture Dbg read from pipe 5: EOF (capture closed?)
19:12:24 Capture Dbg read 5 got an EOF
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
19:12:24 Capture Dbg sync_pipe_input_cb: cleaning extcap pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Cleaning up fifo: \\.\pipe\wireshark_extcap_20171116
191224; PID: 732
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing spawned PID: 732
19:12:24 Capture Msg Capture stopped.
And then the second dialog pops up.
---------------------------
---------------------------
No packets captured.
---------------------------
As no data was captured, closing the temporary capture file.
Help about capturing can be found at
https://wiki.wireshark.org/CaptureSetup
Wireless (Wi-Fi/WLAN):
Try to switch off promiscuous mode in the Capture Options.
---------------------------
OK
---------------------------
When I execute androiddump.exe and dumpcap.exe:
C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\extcap\androiddump.exe" --capture --extcap-interface android-wifi-tcpdump-71UBBLF22BJQ --fifo \.\pipe\wireshark_extcap_20171117112149
it gives "ERROR: Cannot save dump file".C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\dumpcap.exe" -n -i \.\pipe\wireshark_extcap_20171117112149 -Z 4400
it gives nothing.
Is this about root permision? In fact, after setting up a tcpdump script with root at home, it still cannot show any interfaces about android. However, when compared to my company PC, the latter also shows interfaces about android logcat, WIFI... without this tcpdump script (but Error by extcap pipe: ERROR: Broken socket connection.).
D:\ProgramFiles\Wireshark>adb shell
shell@m1note:/ $ tcpdump
tcpdump: (null): You don't have permission to capture on that device
(socket: Operation not permitted)
1|shell@m1note:/ $ which tcpdump
/system/xbin/tcpdump
shell@m1note:/ $ ll /system/bin/tcpdump
/system/bin/tcpdump: No such file or directory
shell@m1note:/ $ su
root@m1note:/ # echo '#!/system/bin/sh\nsu -c "/system/xbin/tcpdump $*"' > /system/bin/tcpdump
root@m1note:/ # cat /system/bin/tcpdump
#!/system/bin/sh
su -c "/system/xbin/tcpdump $*"
root@m1note:/ # ls -l /system/bin/tcpdump
-rw-r----- root root 49 2017-11-19 23:31 tcpdump
root@m1note:/ # chmod 6755 /system/bin/tcpdump
root@m1note:/ # ls -l /system/bin/tcpdump
-rwsr-sr-x root root 34 2017-11-16 18:26 tcpdump
root@m1note:/ # mount -o ro,remount,ro /system
mount -o ro,remount,ro /system
root@m1note:/ # exit
shell@m1note:/ $ which tcpdump
/system/bin/tcpdump
shell@m1note:/ $ tcpdump -h
tcpdump version 4.5.1
libpcap version 1.5.2
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
shell@m1note:/ $ tcpdump -D
activate_mmap...activate_mmap...activate_mmap...activate_mmap...1.wlan0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.p2p0
5.any (Pseudo-device that captures on all interfaces)
6.lo
shell@m1note:/ $ tcpdump -s0 -i any
activate_mmap...23:33:58.682083 IP 192.168.1.100.34652 > 1.2.3.4.www: Flags [.], ack 561217935, win 1369, options [nop,nop
,TS val 20609232 ecr 1143016662], length 0
23:33:59.591056 IP 192.168.1.100.10535 > 74.125.239.56.domain: 61737+ PTR? 100.1.168.192.in-addr.arpa. (44)
23:33:59.617806 IP 74.125.239.56.domain > 192.168.1.100.10535: 61737 NXDomain* 0/1/0 (79)
23:33:59.619580 IP 192.168.1.100.40402 > 74.125.239.56.domain: 57106+ PTR? 118.51.240.58.in-addr.arpa. (44)
PS: "activate_mmap..." will output to stderr. the result of tcpdump -h
aslo outputs to stderr.
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
The above error ocurred on my home PC.
================================================================
On my company computer (Microsoft Windows [Version 6.1.7601]), I have Wireshark Version 2.2.3 (v2.2.3-0-g57531cd) installed(PS: no permision to install any software that needs privilege in my company), it lists plugins in the plugins tab of Help -> About Wireshark.
ciscodump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\ciscodump.exe
androiddump.exe 1.0.3 extcap C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
randpktdump.exe 0.1.0 extcap C:\Program Files (x86)\Wireshark\extcap\randpktdump.exe
sshdump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\sshdump.exe
However, when I capture by android-wifi-tcpdump-71UBBLF22BJQ, it pops up an error dialog (Copy text) as following.
---------------------------
---------------------------
Error by extcap pipe: ERROR: Broken socket connection.
---------------------------
OK
---------------------------
And console log is as following:
C:\Program Files (x86)\Wireshark>19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.002s
19:12:24 Capture Msg Capture Start ...
19:12:24 Capture Dbg sync_pipe_start
19:12:24 Capture Dbg CAPTURE OPTIONS :
19:12:24 Capture Dbg Interface name[00] : android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Interface description[00] : Android WiFi m1_note 71UBBLF22BJQ
19:12:24 Capture Dbg Console display name[00]: android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Capture filter[00] : (unspecified)
19:12:24 Capture Dbg Snap length[00] (0) : 262144
19:12:24 Capture Dbg Link Type[00] : -1
19:12:24 Capture Dbg Promiscuous Mode[00]: TRUE
19:12:24 Capture Dbg Extcap[00] : C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
19:12:24 Capture Dbg Extcap FIFO[00] : (unspecified)
19:12:24 Capture Dbg Extcap PID[00] : -1
19:12:24 Capture Dbg Buffer size[00] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[00] : FALSE
19:12:24 Capture Dbg Capture source[00] : Remote interface
19:12:24 Capture Dbg Remote host[00] : (unspecified)
19:12:24 Capture Dbg Remote port[00] : (unspecified)
19:12:24 Capture Dbg Authentication[00] : Null
19:12:24 Capture Dbg UDP data tfer[00] : 0
19:12:24 Capture Dbg No cap. RPCAP[00] : 1
19:12:24 Capture Dbg No cap. local[00] : 0
19:12:24 Capture Dbg Sampling meth.[00] : 0
19:12:24 Capture Dbg Sampling param.[00] : 0
19:12:24 Capture Dbg Interface name[df] : (unspecified)
19:12:24 Capture Dbg Interface Descr[df] : (unspecified)
19:12:24 Capture Dbg Capture filter[df] :
19:12:24 Capture Dbg Snap length[df] (0) : 262144
19:12:24 Capture Dbg Link Type[df] : -1
19:12:24 Capture Dbg Promiscuous Mode[df]: TRUE
19:12:24 Capture Dbg Extcap[df] : (unspecified)
19:12:24 Capture Dbg Extcap FIFO[df] : (unspecified)
19:12:24 Capture Dbg Buffer size[df] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[df] : FALSE
19:12:24 Capture Dbg Capture source[df] : Local interface
19:12:24 Capture Dbg Authentication[df] : Null
19:12:24 Capture Dbg UDP data tfer[df] : 0
19:12:24 Capture Dbg No cap. RPCAP[df] : 1
19:12:24 Capture Dbg No cap. local[df] : 0
19:12:24 Capture Dbg Sampling meth. [df] : 0
19:12:24 Capture Dbg Sampling param.[df] : 0
19:12:24 Capture Dbg SavingToFile : 0
19:12:24 Capture Dbg SaveFile :
19:12:24 Capture Dbg GroupReadAccess : 0
19:12:24 Capture Dbg Fileformat : PCAPNG
19:12:24 Capture Dbg RealTimeMode : 1
19:12:24 Capture Dbg ShowInfo : 1
19:12:24 Capture Dbg MultiFilesOn : 0
19:12:24 Capture Dbg FileDuration (0) : 60
19:12:24 Capture Dbg RingNumFiles (0) : 0
19:12:24 Capture Dbg AutostopFiles (0) : 1
19:12:24 Capture Dbg AutostopPackets (0) : 0
19:12:24 Capture Dbg AutostopFilesize(0) : 1000 (KB)
19:12:24 Capture Dbg AutostopDuration(0) : 60
19:12:24 Capture Dbg
Wireshark Created pipe =>(\\.\pipe\wireshark_extcap_20171116191224)
19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg ConnectNamedPipe code: 0
19:12:24 Capture Dbg argv[0]: C:\Program Files (x86)\Wireshark\dumpcap.exe
19:12:24 Capture Dbg argv[1]: -n
19:12:24 Capture Dbg argv[2]: -i
19:12:24 Capture Dbg argv[3]: \\.\pipe\wireshark_extcap_20171116191224
19:12:24 Capture Dbg argv[4]: -Z
19:12:24 Capture Dbg argv[5]: 9272
19:12:24 Main Dbg Callback: capture prepared
19:12:24 Dbg FIX: capture_info_ui_create
19:12:24 Capture Dbg read 5 ok indicator: F len: 106 msg: C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extca
p_20171116191224_20171116191224_a10352.pcapng
19:12:24 Capture Msg Capture started
19:12:24 Capture Msg File: "C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extcap_20171116191224_2017111619122
4_a10352.pcapng"
19:12:24 Main Dbg Callback: Opened
19:12:24 Main Dbg Callback: capture update started
19:12:24 Capture Dbg read 5 ok indicator: D len: 2 msg: 0
19:12:24 Capture Info 0 packets dropped
19:12:24 Capture Dbg read from pipe 5: EOF (capture closed?)
19:12:24 Capture Dbg read 5 got an EOF
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
19:12:24 Capture Dbg sync_pipe_input_cb: cleaning extcap pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Cleaning up fifo: \\.\pipe\wireshark_extcap_20171116
191224; PID: 732
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing spawned PID: 732
19:12:24 Capture Msg Capture stopped.
And then the second dialog pops up.
---------------------------
---------------------------
No packets captured.
---------------------------
As no data was captured, closing the temporary capture file.
Help about capturing can be found at
https://wiki.wireshark.org/CaptureSetup
Wireless (Wi-Fi/WLAN):
Try to switch off promiscuous mode in the Capture Options.
---------------------------
OK
---------------------------
When I execute androiddump.exe and dumpcap.exe:
C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\extcap\androiddump.exe" --capture --extcap-interface android-wifi-tcpdump-71UBBLF22BJQ --fifo \.\pipe\wireshark_extcap_20171117112149
it gives "ERROR: Cannot save dump file".C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\dumpcap.exe" -n -i \.\pipe\wireshark_extcap_20171117112149 -Z 4400
it gives nothing.
Is this about root permision? In fact, but after setting up a tcpdump script with root at home, root, it still cannot show any interfaces about android. However, when compared to my company PC, the latter also shows interfaces about android logcat, WIFI... without this tcpdump script (but Error by extcap pipe: ERROR: Broken socket connection.).doesn't work
D:\ProgramFiles\Wireshark>adb shell
shell@m1note:/ $ tcpdump
tcpdump: (null): You don't have permission to capture on that device
(socket: Operation not permitted)
1|shell@m1note:/ $ which tcpdump
/system/xbin/tcpdump
shell@m1note:/ $ ll /system/bin/tcpdump
/system/bin/tcpdump: No such file or directory
shell@m1note:/ $ su
root@m1note:/ # echo '#!/system/bin/sh\nsu -c "/system/xbin/tcpdump $*"' > /system/bin/tcpdump
root@m1note:/ # cat /system/bin/tcpdump
#!/system/bin/sh
su -c "/system/xbin/tcpdump $*"
root@m1note:/ # ls -l /system/bin/tcpdump
-rw-r----- root root 49 2017-11-19 23:31 tcpdump
root@m1note:/ # chmod 6755 /system/bin/tcpdump
root@m1note:/ # ls -l /system/bin/tcpdump
-rwsr-sr-x root root 34 2017-11-16 18:26 tcpdump
root@m1note:/ # mount -o ro,remount,ro /system
mount -o ro,remount,ro /system
root@m1note:/ # exit
shell@m1note:/ $ which tcpdump
/system/bin/tcpdump
shell@m1note:/ $ tcpdump -h
tcpdump version 4.5.1
libpcap version 1.5.2
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
shell@m1note:/ $ tcpdump -D
activate_mmap...activate_mmap...activate_mmap...activate_mmap...1.wlan0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.p2p0
5.any (Pseudo-device that captures on all interfaces)
6.lo
shell@m1note:/ $ tcpdump -s0 -i any
activate_mmap...23:33:58.682083 IP 192.168.1.100.34652 > 1.2.3.4.www: Flags [.], ack 561217935, win 1369, options [nop,nop
,TS val 20609232 ecr 1143016662], length 0
23:33:59.591056 IP 192.168.1.100.10535 > 74.125.239.56.domain: 61737+ PTR? 100.1.168.192.in-addr.arpa. (44)
23:33:59.617806 IP 74.125.239.56.domain > 192.168.1.100.10535: 61737 NXDomain* 0/1/0 (79)
23:33:59.619580 IP 192.168.1.100.40402 > 74.125.239.56.domain: 57106+ PTR? 118.51.240.58.in-addr.arpa. (44)
PS: "activate_mmap..." will output to stderr. the result of tcpdump -h
aslo outputs to stderr.
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
The above error ocurred on my home PC.
================================================================
On my company computer (Microsoft Windows [Version 6.1.7601]), I have Wireshark Version 2.2.3 (v2.2.3-0-g57531cd) installed(PS: no permision to install any software that needs privilege in my company), it lists plugins in the plugins tab of Help -> About Wireshark.
ciscodump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\ciscodump.exe
androiddump.exe 1.0.3 extcap C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
randpktdump.exe 0.1.0 extcap C:\Program Files (x86)\Wireshark\extcap\randpktdump.exe
sshdump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\sshdump.exe
However, when I capture by android-wifi-tcpdump-71UBBLF22BJQ, it pops up an error dialog (Copy text) as following.
---------------------------
---------------------------
Error by extcap pipe: ERROR: Broken socket connection.
---------------------------
OK
---------------------------
And console log is as following:
C:\Program Files (x86)\Wireshark>19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.002s
19:12:24 Capture Msg Capture Start ...
19:12:24 Capture Dbg sync_pipe_start
19:12:24 Capture Dbg CAPTURE OPTIONS :
19:12:24 Capture Dbg Interface name[00] : android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Interface description[00] : Android WiFi m1_note 71UBBLF22BJQ
19:12:24 Capture Dbg Console display name[00]: android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Capture filter[00] : (unspecified)
19:12:24 Capture Dbg Snap length[00] (0) : 262144
19:12:24 Capture Dbg Link Type[00] : -1
19:12:24 Capture Dbg Promiscuous Mode[00]: TRUE
19:12:24 Capture Dbg Extcap[00] : C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
19:12:24 Capture Dbg Extcap FIFO[00] : (unspecified)
19:12:24 Capture Dbg Extcap PID[00] : -1
19:12:24 Capture Dbg Buffer size[00] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[00] : FALSE
19:12:24 Capture Dbg Capture source[00] : Remote interface
19:12:24 Capture Dbg Remote host[00] : (unspecified)
19:12:24 Capture Dbg Remote port[00] : (unspecified)
19:12:24 Capture Dbg Authentication[00] : Null
19:12:24 Capture Dbg UDP data tfer[00] : 0
19:12:24 Capture Dbg No cap. RPCAP[00] : 1
19:12:24 Capture Dbg No cap. local[00] : 0
19:12:24 Capture Dbg Sampling meth.[00] : 0
19:12:24 Capture Dbg Sampling param.[00] : 0
19:12:24 Capture Dbg Interface name[df] : (unspecified)
19:12:24 Capture Dbg Interface Descr[df] : (unspecified)
19:12:24 Capture Dbg Capture filter[df] :
19:12:24 Capture Dbg Snap length[df] (0) : 262144
19:12:24 Capture Dbg Link Type[df] : -1
19:12:24 Capture Dbg Promiscuous Mode[df]: TRUE
19:12:24 Capture Dbg Extcap[df] : (unspecified)
19:12:24 Capture Dbg Extcap FIFO[df] : (unspecified)
19:12:24 Capture Dbg Buffer size[df] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[df] : FALSE
19:12:24 Capture Dbg Capture source[df] : Local interface
19:12:24 Capture Dbg Authentication[df] : Null
19:12:24 Capture Dbg UDP data tfer[df] : 0
19:12:24 Capture Dbg No cap. RPCAP[df] : 1
19:12:24 Capture Dbg No cap. local[df] : 0
19:12:24 Capture Dbg Sampling meth. [df] : 0
19:12:24 Capture Dbg Sampling param.[df] : 0
19:12:24 Capture Dbg SavingToFile : 0
19:12:24 Capture Dbg SaveFile :
19:12:24 Capture Dbg GroupReadAccess : 0
19:12:24 Capture Dbg Fileformat : PCAPNG
19:12:24 Capture Dbg RealTimeMode : 1
19:12:24 Capture Dbg ShowInfo : 1
19:12:24 Capture Dbg MultiFilesOn : 0
19:12:24 Capture Dbg FileDuration (0) : 60
19:12:24 Capture Dbg RingNumFiles (0) : 0
19:12:24 Capture Dbg AutostopFiles (0) : 1
19:12:24 Capture Dbg AutostopPackets (0) : 0
19:12:24 Capture Dbg AutostopFilesize(0) : 1000 (KB)
19:12:24 Capture Dbg AutostopDuration(0) : 60
19:12:24 Capture Dbg
Wireshark Created pipe =>(\\.\pipe\wireshark_extcap_20171116191224)
19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg ConnectNamedPipe code: 0
19:12:24 Capture Dbg argv[0]: C:\Program Files (x86)\Wireshark\dumpcap.exe
19:12:24 Capture Dbg argv[1]: -n
19:12:24 Capture Dbg argv[2]: -i
19:12:24 Capture Dbg argv[3]: \\.\pipe\wireshark_extcap_20171116191224
19:12:24 Capture Dbg argv[4]: -Z
19:12:24 Capture Dbg argv[5]: 9272
19:12:24 Main Dbg Callback: capture prepared
19:12:24 Dbg FIX: capture_info_ui_create
19:12:24 Capture Dbg read 5 ok indicator: F len: 106 msg: C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extca
p_20171116191224_20171116191224_a10352.pcapng
19:12:24 Capture Msg Capture started
19:12:24 Capture Msg File: "C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extcap_20171116191224_2017111619122
4_a10352.pcapng"
19:12:24 Main Dbg Callback: Opened
19:12:24 Main Dbg Callback: capture update started
19:12:24 Capture Dbg read 5 ok indicator: D len: 2 msg: 0
19:12:24 Capture Info 0 packets dropped
19:12:24 Capture Dbg read from pipe 5: EOF (capture closed?)
19:12:24 Capture Dbg read 5 got an EOF
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
19:12:24 Capture Dbg sync_pipe_input_cb: cleaning extcap pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Cleaning up fifo: \\.\pipe\wireshark_extcap_20171116
191224; PID: 732
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing spawned PID: 732
19:12:24 Capture Msg Capture stopped.
And then the second dialog pops up.
---------------------------
---------------------------
No packets captured.
---------------------------
As no data was captured, closing the temporary capture file.
Help about capturing can be found at
https://wiki.wireshark.org/CaptureSetup
Wireless (Wi-Fi/WLAN):
Try to switch off promiscuous mode in the Capture Options.
---------------------------
OK
---------------------------
When I execute androiddump.exe and dumpcap.exe:
C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\extcap\androiddump.exe" --capture --extcap-interface android-wifi-tcpdump-71UBBLF22BJQ --fifo \.\pipe\wireshark_extcap_20171117112149
it gives "ERROR: Cannot save dump file".C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\dumpcap.exe" -n -i \.\pipe\wireshark_extcap_20171117112149 -Z 4400
it gives nothing.
Is this about root permision? but after setting up a tcpdump with root, it still doesn't work
D:\ProgramFiles\Wireshark>adb shell
shell@m1note:/ $ tcpdump
tcpdump: (null): You don't have permission to capture on that device
(socket: Operation not permitted)
1|shell@m1note:/ $ which tcpdump
/system/xbin/tcpdump
shell@m1note:/ $ ll /system/bin/tcpdump
/system/bin/tcpdump: No such file or directory
shell@m1note:/ $ su
root@m1note:/ # echo '#!/system/bin/sh\nsu -c "/system/xbin/tcpdump $*"' > /system/bin/tcpdump
root@m1note:/ # cat /system/bin/tcpdump
#!/system/bin/sh
su -c "/system/xbin/tcpdump $*"
root@m1note:/ # ls -l /system/bin/tcpdump
-rw-r----- root root 49 2017-11-19 23:31 tcpdump
root@m1note:/ # chmod 6755 /system/bin/tcpdump
root@m1note:/ # ls -l /system/bin/tcpdump
-rwsr-sr-x root root 34 2017-11-16 18:26 tcpdump
root@m1note:/ # mount -o ro,remount,ro /system
mount -o ro,remount,ro /system
root@m1note:/ # exit
shell@m1note:/ $ which tcpdump
/system/bin/tcpdump
shell@m1note:/ $ tcpdump -h
tcpdump version 4.5.1
libpcap version 1.5.2
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -Q in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
shell@m1note:/ $ tcpdump -D
activate_mmap...activate_mmap...activate_mmap...activate_mmap...1.wlan0
2.nflog (Linux netfilter log (NFLOG) interface)
3.nfqueue (Linux netfilter queue (NFQUEUE) interface)
4.p2p0
5.any (Pseudo-device that captures on all interfaces)
6.lo
shell@m1note:/ $ tcpdump -s0 -i any
activate_mmap...23:33:58.682083 IP 192.168.1.100.34652 > 1.2.3.4.www: Flags [.], ack 561217935, win 1369, options [nop,nop
,TS val 20609232 ecr 1143016662], length 0
23:33:59.591056 IP 192.168.1.100.10535 > 74.125.239.56.domain: 61737+ PTR? 100.1.168.192.in-addr.arpa. (44)
23:33:59.617806 IP 74.125.239.56.domain > 192.168.1.100.10535: 61737 NXDomain* 0/1/0 (79)
23:33:59.619580 IP 192.168.1.100.40402 > 74.125.239.56.domain: 57106+ PTR? 118.51.240.58.in-addr.arpa. (44)
PS: "activate_mmap..." will output to stderr. the result of tcpdump -h
aslo outputs to stderr.
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
The above error ocurred on my home PC.
================================================================
On my company computer (Microsoft Windows [Version 6.1.7601]), I have Wireshark Version 2.2.3 (v2.2.3-0-g57531cd) installed(PS: no permision to install any software that needs privilege in my company), it lists plugins in the plugins tab of Help -> About Wireshark.
ciscodump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\ciscodump.exe
androiddump.exe 1.0.3 extcap C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
randpktdump.exe 0.1.0 extcap C:\Program Files (x86)\Wireshark\extcap\randpktdump.exe
sshdump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\sshdump.exe
However, when I capture by android-wifi-tcpdump-71UBBLF22BJQ, it pops up an error dialog (Copy text) as following.
---------------------------
---------------------------
Error by extcap pipe: ERROR: Broken socket connection.
---------------------------
OK
---------------------------
And console log is as following:
C:\Program Files (x86)\Wireshark>19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.002s
19:12:24 Capture Msg Capture Start ...
19:12:24 Capture Dbg sync_pipe_start
19:12:24 Capture Dbg CAPTURE OPTIONS :
19:12:24 Capture Dbg Interface name[00] : android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Interface description[00] : Android WiFi m1_note 71UBBLF22BJQ
19:12:24 Capture Dbg Console display name[00]: android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Capture filter[00] : (unspecified)
19:12:24 Capture Dbg Snap length[00] (0) : 262144
19:12:24 Capture Dbg Link Type[00] : -1
19:12:24 Capture Dbg Promiscuous Mode[00]: TRUE
19:12:24 Capture Dbg Extcap[00] : C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
19:12:24 Capture Dbg Extcap FIFO[00] : (unspecified)
19:12:24 Capture Dbg Extcap PID[00] : -1
19:12:24 Capture Dbg Buffer size[00] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[00] : FALSE
19:12:24 Capture Dbg Capture source[00] : Remote interface
19:12:24 Capture Dbg Remote host[00] : (unspecified)
19:12:24 Capture Dbg Remote port[00] : (unspecified)
19:12:24 Capture Dbg Authentication[00] : Null
19:12:24 Capture Dbg UDP data tfer[00] : 0
19:12:24 Capture Dbg No cap. RPCAP[00] : 1
19:12:24 Capture Dbg No cap. local[00] : 0
19:12:24 Capture Dbg Sampling meth.[00] : 0
19:12:24 Capture Dbg Sampling param.[00] : 0
19:12:24 Capture Dbg Interface name[df] : (unspecified)
19:12:24 Capture Dbg Interface Descr[df] : (unspecified)
19:12:24 Capture Dbg Capture filter[df] :
19:12:24 Capture Dbg Snap length[df] (0) : 262144
19:12:24 Capture Dbg Link Type[df] : -1
19:12:24 Capture Dbg Promiscuous Mode[df]: TRUE
19:12:24 Capture Dbg Extcap[df] : (unspecified)
19:12:24 Capture Dbg Extcap FIFO[df] : (unspecified)
19:12:24 Capture Dbg Buffer size[df] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[df] : FALSE
19:12:24 Capture Dbg Capture source[df] : Local interface
19:12:24 Capture Dbg Authentication[df] : Null
19:12:24 Capture Dbg UDP data tfer[df] : 0
19:12:24 Capture Dbg No cap. RPCAP[df] : 1
19:12:24 Capture Dbg No cap. local[df] : 0
19:12:24 Capture Dbg Sampling meth. [df] : 0
19:12:24 Capture Dbg Sampling param.[df] : 0
19:12:24 Capture Dbg SavingToFile : 0
19:12:24 Capture Dbg SaveFile :
19:12:24 Capture Dbg GroupReadAccess : 0
19:12:24 Capture Dbg Fileformat : PCAPNG
19:12:24 Capture Dbg RealTimeMode : 1
19:12:24 Capture Dbg ShowInfo : 1
19:12:24 Capture Dbg MultiFilesOn : 0
19:12:24 Capture Dbg FileDuration (0) : 60
19:12:24 Capture Dbg RingNumFiles (0) : 0
19:12:24 Capture Dbg AutostopFiles (0) : 1
19:12:24 Capture Dbg AutostopPackets (0) : 0
19:12:24 Capture Dbg AutostopFilesize(0) : 1000 (KB)
19:12:24 Capture Dbg AutostopDuration(0) : 60
19:12:24 Capture Dbg
Wireshark Created pipe =>(\\.\pipe\wireshark_extcap_20171116191224)
19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg ConnectNamedPipe code: 0
19:12:24 Capture Dbg argv[0]: C:\Program Files (x86)\Wireshark\dumpcap.exe
19:12:24 Capture Dbg argv[1]: -n
19:12:24 Capture Dbg argv[2]: -i
19:12:24 Capture Dbg argv[3]: \\.\pipe\wireshark_extcap_20171116191224
19:12:24 Capture Dbg argv[4]: -Z
19:12:24 Capture Dbg argv[5]: 9272
19:12:24 Main Dbg Callback: capture prepared
19:12:24 Dbg FIX: capture_info_ui_create
19:12:24 Capture Dbg read 5 ok indicator: F len: 106 msg: C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extca
p_20171116191224_20171116191224_a10352.pcapng
19:12:24 Capture Msg Capture started
19:12:24 Capture Msg File: "C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extcap_20171116191224_2017111619122
4_a10352.pcapng"
19:12:24 Main Dbg Callback: Opened
19:12:24 Main Dbg Callback: capture update started
19:12:24 Capture Dbg read 5 ok indicator: D len: 2 msg: 0
19:12:24 Capture Info 0 packets dropped
19:12:24 Capture Dbg read from pipe 5: EOF (capture closed?)
19:12:24 Capture Dbg read 5 got an EOF
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
19:12:24 Capture Dbg sync_pipe_input_cb: cleaning extcap pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Cleaning up fifo: \\.\pipe\wireshark_extcap_20171116
191224; PID: 732
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing spawned PID: 732
19:12:24 Capture Msg Capture stopped.
And then the second dialog pops up.
---------------------------
---------------------------
No packets captured.
---------------------------
As no data was captured, closing the temporary capture file.
Help about capturing can be found at
https://wiki.wireshark.org/CaptureSetup
Wireless (Wi-Fi/WLAN):
Try to switch off promiscuous mode in the Capture Options.
---------------------------
OK
---------------------------
When I execute androiddump.exe and dumpcap.exe:
C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\extcap\androiddump.exe" --capture --extcap-interface android-wifi-tcpdump-71UBBLF22BJQ --fifo \.\pipe\wireshark_extcap_20171117112149
it gives "ERROR: Cannot save dump file".C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\dumpcap.exe" -n -i \.\pipe\wireshark_extcap_20171117112149 -Z 4400
it gives nothing.
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240] 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
The above error ocurred on my home PC.
================================================================
On my company computer (Microsoft Windows [Version 6.1.7601]), I have Wireshark Version 2.2.3 (v2.2.3-0-g57531cd) installed(PS: no permision to install any software that needs privilege in my company), it lists plugins in the plugins tab of Help -> About Wireshark.
ciscodump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\ciscodump.exe
androiddump.exe 1.0.3 extcap C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
randpktdump.exe 0.1.0 extcap C:\Program Files (x86)\Wireshark\extcap\randpktdump.exe
sshdump.exe 1.0.0 extcap C:\Program Files (x86)\Wireshark\extcap\sshdump.exe
However, when I capture by android-wifi-tcpdump-71UBBLF22BJQ, it pops up an error dialog (Copy text) as following.
---------------------------
---------------------------
Error by extcap pipe: ERROR: Broken socket connection.
---------------------------
OK
---------------------------
And console log is as following:
C:\Program Files (x86)\Wireshark>19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.002s
19:12:24 Capture Msg Capture Start ...
19:12:24 Capture Dbg sync_pipe_start
19:12:24 Capture Dbg CAPTURE OPTIONS :
19:12:24 Capture Dbg Interface name[00] : android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Interface description[00] : Android WiFi m1_note 71UBBLF22BJQ
19:12:24 Capture Dbg Console display name[00]: android-wifi-tcpdump-71UBBLF22BJQ
19:12:24 Capture Dbg Capture filter[00] : (unspecified)
19:12:24 Capture Dbg Snap length[00] (0) : 262144
19:12:24 Capture Dbg Link Type[00] : -1
19:12:24 Capture Dbg Promiscuous Mode[00]: TRUE
19:12:24 Capture Dbg Extcap[00] : C:\Program Files (x86)\Wireshark\extcap\androiddump.exe
19:12:24 Capture Dbg Extcap FIFO[00] : (unspecified)
19:12:24 Capture Dbg Extcap PID[00] : -1
19:12:24 Capture Dbg Buffer size[00] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[00] : FALSE
19:12:24 Capture Dbg Capture source[00] : Remote interface
19:12:24 Capture Dbg Remote host[00] : (unspecified)
19:12:24 Capture Dbg Remote port[00] : (unspecified)
19:12:24 Capture Dbg Authentication[00] : Null
19:12:24 Capture Dbg UDP data tfer[00] : 0
19:12:24 Capture Dbg No cap. RPCAP[00] : 1
19:12:24 Capture Dbg No cap. local[00] : 0
19:12:24 Capture Dbg Sampling meth.[00] : 0
19:12:24 Capture Dbg Sampling param.[00] : 0
19:12:24 Capture Dbg Interface name[df] : (unspecified)
19:12:24 Capture Dbg Interface Descr[df] : (unspecified)
19:12:24 Capture Dbg Capture filter[df] :
19:12:24 Capture Dbg Snap length[df] (0) : 262144
19:12:24 Capture Dbg Link Type[df] : -1
19:12:24 Capture Dbg Promiscuous Mode[df]: TRUE
19:12:24 Capture Dbg Extcap[df] : (unspecified)
19:12:24 Capture Dbg Extcap FIFO[df] : (unspecified)
19:12:24 Capture Dbg Buffer size[df] : 2 (MB)
19:12:24 Capture Dbg Monitor Mode[df] : FALSE
19:12:24 Capture Dbg Capture source[df] : Local interface
19:12:24 Capture Dbg Authentication[df] : Null
19:12:24 Capture Dbg UDP data tfer[df] : 0
19:12:24 Capture Dbg No cap. RPCAP[df] : 1
19:12:24 Capture Dbg No cap. local[df] : 0
19:12:24 Capture Dbg Sampling meth. [df] : 0
19:12:24 Capture Dbg Sampling param.[df] : 0
19:12:24 Capture Dbg SavingToFile : 0
19:12:24 Capture Dbg SaveFile :
19:12:24 Capture Dbg GroupReadAccess : 0
19:12:24 Capture Dbg Fileformat : PCAPNG
19:12:24 Capture Dbg RealTimeMode : 1
19:12:24 Capture Dbg ShowInfo : 1
19:12:24 Capture Dbg MultiFilesOn : 0
19:12:24 Capture Dbg FileDuration (0) : 60
19:12:24 Capture Dbg RingNumFiles (0) : 0
19:12:24 Capture Dbg AutostopFiles (0) : 1
19:12:24 Capture Dbg AutostopPackets (0) : 0
19:12:24 Capture Dbg AutostopFilesize(0) : 1000 (KB)
19:12:24 Capture Dbg AutostopDuration(0) : 60
19:12:24 Capture Dbg
Wireshark Created pipe =>(\\.\pipe\wireshark_extcap_20171116191224)
19:12:24 Capture Dbg Extcap path C:\Program Files (x86)\Wireshark\extcap
19:12:24 Capture Dbg ConnectNamedPipe code: 0
19:12:24 Capture Dbg argv[0]: C:\Program Files (x86)\Wireshark\dumpcap.exe
19:12:24 Capture Dbg argv[1]: -n
19:12:24 Capture Dbg argv[2]: -i
19:12:24 Capture Dbg argv[3]: \\.\pipe\wireshark_extcap_20171116191224
19:12:24 Capture Dbg argv[4]: -Z
19:12:24 Capture Dbg argv[5]: 9272
19:12:24 Main Dbg Callback: capture prepared
19:12:24 Dbg FIX: capture_info_ui_create
19:12:24 Capture Dbg read 5 ok indicator: F len: 106 msg: C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extca
p_20171116191224_20171116191224_a10352.pcapng
19:12:24 Capture Msg Capture started
19:12:24 Capture Msg File: "C:\Users\ssfang\AppData\Local\Temp\wireshark_wireshark_extcap_20171116191224_2017111619122
4_a10352.pcapng"
19:12:24 Main Dbg Callback: Opened
19:12:24 Main Dbg Callback: capture update started
19:12:24 Capture Dbg read 5 ok indicator: D len: 2 msg: 0
19:12:24 Capture Info 0 packets dropped
19:12:24 Capture Dbg read from pipe 5: EOF (capture closed?)
19:12:24 Capture Dbg read 5 got an EOF
19:12:24 Capture Dbg sync_pipe_wait_for_child: wait till child closed
19:12:24 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.000s
19:12:24 Capture Dbg sync_pipe_input_cb: cleaning extcap pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Cleaning up fifo: \\.\pipe\wireshark_extcap_20171116
191224; PID: 732
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing pipe
19:12:24 Capture Dbg Extcap [android-wifi-tcpdump-71UBBLF22BJQ] - Closing spawned PID: 732
19:12:24 Capture Msg Capture stopped.
C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\extcap\androiddump.exe" --capture --extcap-interface android-wifi-tcpdump-71UBBLF22BJQ --fifo \.\pipe\wireshark_extcap_20171117112149
it gives "ERROR: Cannot save dump file".C:\Program Files (x86)\Wireshark> "C:\Program Files (x86)\Wireshark\dumpcap.exe" -n -i \.\pipe\wireshark_extcap_20171117112149 -Z 4400
it gives nothing.
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
Microsoft Windows [Version 10.0.10240]
(c) 2015 Microsoft Corporation. All rights reserved.
C:\Users\fang>adb version
Android Debug Bridge version 1.0.39
Revision 3db08f2c6889-android
Installed as C:\WINDOWS\adb.exe
C:\Users\fang>CD C:\WINDOWS\adb.exe CD
/d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
C:\Users\fang>adb version Android Debug Bridge version 1.0.39 Revision 3db08f2c6889-android Installed as C:\WINDOWS\adb.exe
CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"
Wireshark-win64-2.2.10 Cannot load interfaces for androiddump.exe on Win10
C:\Users\fang>adb version Android Debug Bridge version 1.0.39 Revision 3db08f2c6889-android Installed as C:\WINDOWS\adb.exe
CD /d D:\ProgramFiles\Wireshark
D:\ProgramFiles\Wireshark> Wireshark -oconsole.log.level:252 -ogui.console_open:ALWAYS
D:\ProgramFiles\Wireshark>file D:\ProgramFiles\Wireshark\extcap\androiddump.exe
D:\ProgramFiles\Wireshark\extcap\androiddump.exe: PE32+ executable (GUI) x86-64, for MS Windows
D:\ProgramFiles\Wireshark>
D:\ProgramFiles\Wireshark>18:00:00 Capture Msg Capture Interface List ...
18:00:00 Capture Dbg sync_interface_list_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -D
18:00:00 Capture Dbg argv[2]: -Z
18:00:00 Capture Dbg argv[3]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:00 Capture Dbg read 6 indicator: S empty value
18:00:00 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:00 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:00 Capture Info sync_pipe_run_command() ends, taking 0.218s, result=0
18:00:00 Capture Msg Loading External Capture Interface List ...
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Cannot load interfaces for D:\ProgramFiles\Wireshark\extcap\androiddump.exe
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found cisco
18:00:00 Capture Dbg Interface [cisco] "Cisco remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found randpkt
18:00:00 Capture Dbg Interface [randpkt] "Random packet generator"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found ssh
18:00:00 Capture Dbg Interface [ssh] "SSH remote capture"
18:00:00 Capture Dbg Loading interface list for D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:00 Capture Dbg Interface found (null)
18:00:00 Capture Dbg Extcap [(null)]
18:00:00 Capture Dbg Interface found udpdump
18:00:00 Capture Dbg Interface [udpdump] "UDP Listener remote capture"
18:00:00 Capture Msg Capture Interface Capabilities ...
18:00:00 Capture Dbg sync_if_capabilities_open
18:00:00 Capture Info sync_pipe_run_command() starts
18:00:00 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:00 Capture Dbg argv[1]: -i
18:00:00 Capture Dbg argv[2]: \Device\NPF_{7CCA571D-7442-4397-908C-478D09E86C8B}
18:00:00 Capture Dbg argv[3]: -L
18:00:00 Capture Dbg argv[4]: -Z
18:00:00 Capture Dbg argv[5]: none
18:00:00 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{CE8E087E-10A1-4F3D-B4FD-07F8CDCDD7B1}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.108s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{B662434A-D296-4696-B725-7277E802E7A5}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.110s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg sync_if_capabilities_open
18:00:01 Capture Info sync_pipe_run_command() starts
18:00:01 Capture Dbg argv[0]: D:\ProgramFiles\Wireshark\dumpcap.exe
18:00:01 Capture Dbg argv[1]: -i
18:00:01 Capture Dbg argv[2]: \Device\NPF_{680316E3-5539-4EFD-B11A-30534782830B}
18:00:01 Capture Dbg argv[3]: -L
18:00:01 Capture Dbg argv[4]: -Z
18:00:01 Capture Dbg argv[5]: none
18:00:01 Capture Dbg sync_pipe_open_command
18:00:01 Capture Dbg read 6 indicator: S empty value
18:00:01 Capture Dbg sync_pipe_wait_for_child: wait till child closed
18:00:01 Capture Dbg sync_pipe_wait_for_child: capture child closed after 0.001s
18:00:01 Capture Info sync_pipe_run_command() ends, taking 0.109s, result=0
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\ciscodump.exe
18:00:01 Capture Dbg DLT 147 name="cisco" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\randpktdump.exe
18:00:01 Capture Dbg DLT 147 name="randpkt" display="Generator dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\sshdump.exe
18:00:01 Capture Dbg DLT 147 name="ssh" display="Remote capture dependent DLT"
18:00:01 Capture Msg Capture Interface Capabilities ...
18:00:01 Capture Dbg Extcap pipe D:\ProgramFiles\Wireshark\extcap\udpdump.exe
18:00:01 Capture Dbg DLT 252 name="udpdump" display="Exported PDUs"