“There are no interfaces on which a capture can be done.”
When you start up Wireshark to capture network packets, the tool has to go through a series of initialization routines. Towards the end of its startup procedures, Wireshark scans the host computer for network connections. On the initial scan, if the program cannot find any networks attached to the computer on which it is running, it will show the message “No interfaces found.”
The error message appears in the area of the application window where you would expect to see a list of available networks. To capture network traffic packets, you first need to select one of these networks. So, if Wireshark can’t find any networks at all, you can’t progress to the packet capture phase.
Interface error caused by access permissions
When Wireshark reports that it cannot find any “interfaces”, it means that it could not detect any networks. There are many possible reasons for this problem.
“No interfaces found” on Windows 10
Surprisingly, in Windows, you do not need to run Wireshark with administrator network privileges to give the program access to network functions. This is because as far as the network procedures of your computer are concerned, Wireshark is only acting the way any other program that connects to the network would behave ‒ the Wireshark system only needs access to the network, which is available to all regular users, not just the administrator.
One element of the Wireshark suite of programs does need administrator network privileges. This is WinPcap, which is the underlying service that assists in capturing packets. The setup process of Wireshark will install WinPcap for you. The installation process sets WinPcap to run on system startup and also writes it to the register so that it can run with admin rights level. It is this installation phase that requires you to restart your computer.
“No interfaces found” on Linux
Linux users report a different situation when running Wireshark. It seems that it needs to be run with the sudo command. This action runs the normal program with superuser network privileges. This often solves the problem of Wireshark’s inability to access the network functions on a Linux computer. Again, Wireshark doesn’t need to run as root on Linux, but there is one element of the program suite that does. This is dumpcap; you need to run the following command to get this module set up properly.
|dumpcap setuid root|
Not every flavor of Linux behaves in exactly the same way, so if just nominating dumpcap as a root process doesn’t work, try the following command:
|setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/sbin/dumpcap|
It may be that the Wireshark code is held in the bin directory instead of sbin. If the above command returns an error, try:
|setcap ‘CAP_NET_RAW+eip CAP_NET_ADMIN+eip’ /usr/bin/dumpcap|
If the above commands don’t work on your version of Linux, try:
| chown root /usr/sbin/dumpcap
chmod u+s /usr/sbin/dumpcap
If the code for Wireshark is in bin and not sbin, change “/usr/sbin/” to “/usr/bin/” in the above command.
Your firewall shouldn’t be blocking Wireshark’s access to the network because firewalls generally work to prevent external processes from getting onto your computer not to prevent processes on your computer getting to the network. However, just in case the problem lies with your computer’s firewall software try the following test.
Close down Wireshark and turn off your firewall. Open Wireshark again to get it to look for networks. If it now manages to find the network, the problem lies with your firewall. Set Wireshark as an exception in your firewall rules and turn the firewall back on again.
Network card errors
If none of the above tests on the software running on your computer solve the problem, you will need to test your network card.
If you only have access to wifi and you have wifi turned off or you have your network setting in airplane mode, Wireshark should still be able to see the network adapter. Having wifi turned off or blocked will not invoke the “no interfaces found” error. Wireshark is just one of many network-enabled applications on your computer. There is no reason why your network interface should block Wireshark and allow all other applications to get access to the network. So, if Wireshark is not getting through to the network, nothing should be getting through.
Try any other network-active application on your computer to see if it can get access to the network. If anything can get onto the network, the problem doesn’t lie with the physical network card or the network adapter software. If nothing can get onto the internet, you have identified the problem and you should call in a support specialist to get your network access problems fixed.
General advice for Wireshark problems
If you keep getting communication error messages when opening Wireshark, you will get frustrated and stressed. It is vital to keep a perspective on the problem and realize that the error is unlikely to be caused by Wireshark itself. To fix this error, you need to focus on the underlying services that have more direct contact with the network interface.
When approaching the problem, keep in mind three important facts:
- Your network card won’t block Wireshark and only Wireshark
- Your network interface may be to blame, in which case all applications will be affected
- Wireshark doesn’t contact the network directly, that job is left to WinPcap, npcap, or dumpcap
Above all, you need to realize that the problem with visibility of the network is all down to the data capturing process and not Wireshark. You need to focus on the health of WinPcap, npcap, or dumpcap rather than Wireshark itself.
When you install the latest version of Wireshark, the installation process will check for the relevant data capture process that is written to run on your operating system. If you are prompted to allow the installer to stop, remove, replace, or install those capture programs, let it. Your problem with Wireshark may be caused by you missing these messages in the installation wizard and not allowing the new versions of those programs to be installed. Try uninstalling the Wireshark program suite, downloading the latest version and installing it again. Pay attention to the messages about installing supporting software.
Have you experienced problems with Wireshark? Did you manage to find a solution that is not listed here in this guide? Let the community know about your solution by leaving a message in the Comments section below.
Wireshark ‘no interfaces found’ error FAQs
Is WinPcap safe to install?
WinPcap is a packet capture utility. It isn’t a virus and so it is safe to install. However, make sure you get the program from a reputable source.
How do I start Npcap?
It is possible to start Npcap from a command prompt. Open a Command prompt session, enter net start npcap and press return.
Can I use Wireshark to capture packets in software-defined networks?
Yes. Wireshark captures packets traveling across the network. It doesn’t matter what service or application generates or receives those packets. Software-defined networks just tag packets so that they can be identified distinctly from all other traffic flowing over the same network.
More Wireshark tutorials:
- Wireshark Cheat Sheet
- How to decrypt SSL with Wireshark
- Using Wireshark to get the IP address of an Unknown Host
- Running a remote capture with Wireshark and tcpdump
- Wireshark ‘no interfaces found’ error explained
- Identify hardware with OUI lookup in Wireshark
- Best Wireshark alternatives
- How to use Wireshark
- How to use Wireshark to capture and inspect packets
- Ultimate Guide to TCP/IP
- Best packet sniffers