I am a long time user of WireShark and I frequently use it for demonstrations in my networking classes. I recently upgraded my instructor workstation and WireShark stopped working. It would start, but then hang. When I checked Task Manager, a process called dumpcap.exe was not responding and like in the movies, hard to kill. Let me share what I did to restore functionality and my sanity.
My first attempts involved uninstalling and reinstalling, with reboots before and after. This did not resolve the issue. I then tried going ever further back into the archives of old versions of WireShark. This also failed miserably. I tried running WireShark in compatibility modes for previous version of Windows – to no avail. Enough about the failures, here’s to success!
I will list exactly what I did but there may be steps that are unnecessary for you. Feel free to modify these steps if you wish. First, I uninstalled WireShark (and WinPcap 4.1.3, the latest at the time of this writing) and rebooted. I then downloaded WinPcap 10. It downloaded as an .msi file, which I installed. Then I downloaded the latest version of WireShark (version 2.2.2). When I installed WireShark, I made sure NOT to select the installation of WinPcap 4.1.3. The install completed successfully and I was able to run WireShark and capture packets again.
Here is a screenshot proving success!
This may work with other versions of Windows (Windows 10, for example) but I have not personally tried it out. Once MY machine worked I was happy. Hopefully, if someone else is experiencing this same pain with their previously working WireShark, these steps will help.
Until next time….
Mark Jacob
Cisco and CompTIA Network + Instructor – Interface Technical Training
Phoenix, AZ
