Unable to specify interface on Windows. Tshark works fine

[inzel]

PS C:\WINDOWS\system32> termshark -i wifi
Could not find network interface wifi

PS C:\WINDOWS\system32> tshark -i wifi
Capturing on 'wifi'
1 0.000000 2600:100f:b01e:92c1:e497:adce:657c:53c1 → 2600:100f:b01e:92c1:6871:3be5:289d:c5f5 ICMPv6 86 Neighbor Solicitation for 2600:100f:b01e:92c1:6871:3be5:289d:c5f5 from 7e:50:49:23:f5:64
2 0.000250 2600:100f:b01e:92c1:6871:3be5:289d:c5f5 → 2600:100f:b01e:92c1:e497:adce:657c:53c1 ICMPv6 86 Neighbor Advertisement 2600:100f:b01e:92c1:6871:3be5:289d:c5f5 (sol, ovr) is at 20:79:18:8d:81:af
3 0.999516 0 40.90.10.180 → 172.20.10.3 TLSv1.2 85 31 Application Data
3 packets captured

[pocc]

Gimme dat tshark -v

[inzel]

Here you go good sir:

PS C:\WINDOWS\system32> tshark -v
TShark (Wireshark) 3.0.3 (v3.0.3-0-g6130b92b0ec6)

Copyright 1998-2019 Gerald Combs [email protected] and contributors.
License GPLv2+: GNU GPL version 2 or later http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.2, with zlib
1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3
and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.14.0, with LZ4, with Snappy, with libxml2 2.9.9.

Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM)
i9-8950HK CPU @ 2.90GHz (with SSE4.2), with 32630 MB of physical memory, with
locale English_United States.1252, with Npcap version 0.995, based on libpcap
version 1.9.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, binary plugins
supported (0 loaded).

Built using Microsoft Visual Studio 2017 (VC++ 14.16, build 27030).

[pocc]

Gimme tshark -L and tshark -D

[inzel]

PS C:\WINDOWS\system32> tshark -L
Data link types of interface \Device\NPF_{90991D03-785B-42CC-A85A-4305262C28AF} (use option -y to set):
EN10MB (Ethernet)
DOCSIS (DOCSIS)

=================================

PS C:\WINDOWS\system32> tshark -D

1. \Device\NPF_{90991D03-785B-42CC-A85A-4305262C28AF} (Local Area Connection* 9)
2. \Device\NPF_{F61566B1-21B7-4FF5-873E-87DD85F5D76A} (Local Area Connection* 8)
3. \Device\NPF_{A04B1595-A012-4074-ABCD-E7242317141D} (Bluetooth Network Connection)
4. \Device\NPF_{EDA9FA5E-4A47-4AEB-90A5-B1A87A7A42FF} (VMware Network Adapter VMnet8)
5. \Device\NPF_{3D188C77-439B-4078-B5FD-DE9C4BA8EBE9} (Local Area Connection* 2)
6. \Device\NPF_{7B0316BF-333C-491A-9455-F05A16019C91} (Local Area Connection* 10)
7. \Device\NPF_{3EC057D3-A83C-4EF1-AC9B-A5DF40FAF164} (Npcap Loopback Adapter)
8. \Device\NPF_{9C6D292F-74F3-489C-A4F7-BCF044E4E453} (Local Area Connection* 1)
9. \Device\NPF_{CE57B55F-AFA5-4DA1-AF4C-A6B9C7FAA664} (wifi)
10. \Device\NPF_{EEFABE00-7F2F-4155-AEDF-2B0E34EE6719} (VMware Network Adapter VMnet1)
11. \Device\NPF_{68D48BB8-78FC-47EB-8407-372E6BF181B9} (Ethernet)

[inzel]

Checking for any updates

[pocc]

What does termshark -i 9 and tshark -i 9 do? Does termshark still not recognize the interface?

[inzel]

termshark -i 9 and tshark -i 9 both work as expected. Is it normal to need to select the interface number rather than name?

[pocc]

What's the output of netsh interface show interface?

What happens if you use termshark -i "\Device\NPF_{CE57B55F-AFA5-4DA1-AF4C-A6B9C7FAA664}"

[inzel]

netsh interface show interface
Admin State State Type Interface Name

Enabled Disconnected Dedicated Ethernet
Enabled Connected Dedicated VMware Network Adapter VMnet1
Enabled Connected Dedicated VMware Network Adapter VMnet8
Enabled Connected Dedicated wifi
Enabled Connected Dedicated Npcap Loopback Adapter

And termshark works when using termshark -i "\Device\NPF_{CE57B55F-AFA5-4DA1-AF4C-A6B9C7FAA664}"

[gcla]

Hi - if you can give the latest a try, I hope this is now fixed. Something like

export GO111MODULE=on
git clone https://github.com/gcla/termshark
cd termshark
go install ./...

then termshark will be in ~/go/bin/.