DigeratiPrime Posted June 18, 2009 Posted June 18, 2009 Below are error messages I get when trying to run wireshark-win64-1.2.0 on Windows 7 x64 RC. This version of Windows is not supported by WinPcap 4.1 beta5.Fix:Run this program in compatibility mode for: Windows Vista (SP2)The program can't start because NPPTools.dll is missing from your computer.Fix: winpcap-nmap-4.02.exe from http://nmap.org/dist/nmap-4.85BETA10-win32.zipDumpcap has stopped working.Fix:Unable to load WinPcap (wpcap.dll); Wireshark will no be able to capture packets.Fix:The NPF driver isn't running.Fix: from elevated command prompt: net start npfNotes: The problem is only with the 64-bit version of Wireshark.wireshark-win32-1.2.0.exe installs and works fine on both Windows 7 x86 and x64. Network Monitor 3.3 x64 is installed and works.
cluberti Posted June 18, 2009 Posted June 18, 2009 Note that you can use netsh to take network captures in Win7, so you may only need Wireshark to look at the .cap files if netmon isn't your choice of viewer:http://blogs.technet.com/netmon/archive/20...rk-monitor.aspxnetsh trace start capture=yes
DigeratiPrime Posted June 18, 2009 Author Posted June 18, 2009 oh yeah i forgot about that. I will try that now and report back asap.[edit]Well I was able to save a capture "NetTrace.etl" and open it with Network Monitor 3.3, though I had to change the Windows Parser from Stubs to Full, but I couldn't open that etl directly file with Wireshark. It complained that "the capture file appears to have been cut short in the middle of a packet". Saving it as a cap file and then importing it into Wireshark works though.However as I added at the botton of the top post Wireshark x86 is working fine otherwise in Windows x64, so I consider that an acceptable workaround.Additionally I reccomend decreasing the default size for the trace file to less than 250mb because that took a while to open and parse.[edit2] another more direct method is to use nmcap which will save to a cap file which can be opened directly with wireshark.
CoffeeFiend Posted July 30, 2009 Posted July 30, 2009 However as I added at the botton of the top post Wireshark x86 is working fine otherwise in Windows x64, so I consider that an acceptable workaround.The current version of the installer for Wireshark (1.2.1) bundles a version of winpcap (4.1 beta5) that doesn't install on Win7 x64 -- even the 32 bit version!The current workaround is downloading a separate installer for winpcap, and running that in Vista compatibility mode... Annoying.
Pada Posted September 25, 2009 Posted September 25, 2009 (edited) Thanks for the help. I now have Wireshark 1.2.1 running on my Win 7 x64 RTM.I initially got the "This version of Windows is not supported by WinPcap 4.1 beta5." error when installing Wireshark. Then I installed WinPcap 4.0.2, but this resulted in the "Dumpcap has stopped working." error.The fix was very simple: Run the WinPcap 4.1 beta5 setup with Vista SP2 compatibility. So I guess DigeratiPrime can update the fix for the "Dumpcap has stopped working." > Uninstall 4.0.2 and install 4.1 beta 5 with Vista compatibiliy Edited September 25, 2009 by Pada
tal ormanda Posted September 25, 2009 Posted September 25, 2009 Good to know because I will be using this program soon.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now