If not, how does one submit an enhancement request? asked 30 Jun '14, 14:39  steveje0711 |
One Answer:
That's a WinPcap issue, not a Wireshark issue (Wireshark is at the mercy of WinPcap here), so you'd have to submit a WinPcap enhancement request. answered 30 Jun '14, 15:55  Guy Harris ♦♦ showing 5 of 7 show 2 more comments |
Until WinPcap is updated, you can as a workaround capture USB traffic thanks to USBPcap (requires Wireshark 1.10.0 or later). It should allow you to see the data traffic encapsulated in USB packets.
You might also try Network Monitor or its successor Message Analyzer from Microsoft. Wireshark can open their capture files.
The USBPcap approach worked, thank you. How do I go about making a feature request to Wireshark developers?
This is a WinPcap limitation as Guy explained. If you want to fill an enhancement request please follow the link he provided. Or were you thinking about something else?
Well, WinPcap was integrated into Wireshark, which was written to auto-sense available networkinterfaces and list them for choosing. I'd be requesting RiverBed enhance Wireshark developers to integrate USBPcap in the same way, providing a list of USB ports available for captures. The options would be seamless within Wireshark and you wouldn't need to run two separate operations to get a decode.
Wireshark was written to use libpcap to detect interfaces; WinPcap is a port of libpcap to Windows, and, as Windows doesn't come with WinPcap, whereas many UNXes come with libpcap, and on those UNXes that don't come with it, the users are likely to know enough to install it themselves, the Wireshark installer for Windows was changed to install WinPcap (rather than requiring it to be installed separately).
USBPcap is a program, rather than a library, so Wireshark can't use it the same way it uses the libpcap/WinPcap library.
The USBPcap todo list suggests one way of plugging it into Wireshark more seamlessly, but that awaits Wireshark's extcap mechanism being finished - and it won't show up until the next release.
Another way to plug it into Wireshark and into other programs using WinPcap would be to make it a component of WinPcap, but that wouldn't happen until a newer WinPcap release, which awaits some libpcap work to allow WinPcap's remote capture mechanism to be available, and would also mean the USBPcap developer wouldn't be able to maintain their code separately.
If WinPcap had a plugin mechanism that would allow adding "third-party modules", USBPcap could be maintained separately, but that would require developing a plugin interface that doesn't freeze libpcap/WinPcap internals; some work has been done on that, but it's not done yet.
So the "best" you can hope for is to wait for the extcap mechanism to be finished and a future Wireshark release that includes it to come out, and for the USBPcap developers to make an extcap module. Neither Riverbed nor the Wireshark developers can directly do much about the second of those.
I'm not sure what you are requesting, but Wireshark is an open source project. Riverbed has no influence at all on the Wireshark developers, maybe except for those who are employed at Riverbed, which are not that many.
So, besides what @Guy Harris said, if you need a certain feature in Wireshark you have the following options:
Regards
Kurt