This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Anyone get Wireshark to work with USB modems with Windows 7?

0

If not, how does one submit an enhancement request?

asked 30 Jun '14, 14:39

steveje0711's gravatar image

steveje0711
1111
accept rate: 0%


One Answer:

1

That's a WinPcap issue, not a Wireshark issue (Wireshark is at the mercy of WinPcap here), so you'd have to submit a WinPcap enhancement request.

answered 30 Jun '14, 15:55

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

Until WinPcap is updated, you can as a workaround capture USB traffic thanks to USBPcap (requires Wireshark 1.10.0 or later). It should allow you to see the data traffic encapsulated in USB packets.

(30 Jun '14, 22:57) Pascal Quantin

You might also try Network Monitor or its successor Message Analyzer from Microsoft. Wireshark can open their capture files.

(01 Jul '14, 01:37) grahamb ♦

The USBPcap approach worked, thank you. How do I go about making a feature request to Wireshark developers?

(16 Jul '14, 11:55) steveje0711

This is a WinPcap limitation as Guy explained. If you want to fill an enhancement request please follow the link he provided. Or were you thinking about something else?

(16 Jul '14, 15:10) Pascal Quantin

Well, WinPcap was integrated into Wireshark, which was written to auto-sense available networkinterfaces and list them for choosing. I'd be requesting RiverBed enhance Wireshark developers to integrate USBPcap in the same way, providing a list of USB ports available for captures. The options would be seamless within Wireshark and you wouldn't need to run two separate operations to get a decode.

(04 Aug '14, 14:15) steveje0711

Wireshark was written to use libpcap to detect interfaces; WinPcap is a port of libpcap to Windows, and, as Windows doesn't come with WinPcap, whereas many UNXes come with libpcap, and on those UNXes that don't come with it, the users are likely to know enough to install it themselves, the Wireshark installer for Windows was changed to install WinPcap (rather than requiring it to be installed separately).

USBPcap is a program, rather than a library, so Wireshark can't use it the same way it uses the libpcap/WinPcap library.

The USBPcap todo list suggests one way of plugging it into Wireshark more seamlessly, but that awaits Wireshark's extcap mechanism being finished - and it won't show up until the next release.

Another way to plug it into Wireshark and into other programs using WinPcap would be to make it a component of WinPcap, but that wouldn't happen until a newer WinPcap release, which awaits some libpcap work to allow WinPcap's remote capture mechanism to be available, and would also mean the USBPcap developer wouldn't be able to maintain their code separately.

If WinPcap had a plugin mechanism that would allow adding "third-party modules", USBPcap could be maintained separately, but that would require developing a plugin interface that doesn't freeze libpcap/WinPcap internals; some work has been done on that, but it's not done yet.

So the "best" you can hope for is to wait for the extcap mechanism to be finished and a future Wireshark release that includes it to come out, and for the USBPcap developers to make an extcap module. Neither Riverbed nor the Wireshark developers can directly do much about the second of those.

(04 Aug '14, 14:44) Guy Harris ♦♦

I'd be requesting RiverBed enhance Wireshark developers to integrate USBPcap in the same way,

I'm not sure what you are requesting, but Wireshark is an open source project. Riverbed has no influence at all on the Wireshark developers, maybe except for those who are employed at Riverbed, which are not that many.

So, besides what @Guy Harris said, if you need a certain feature in Wireshark you have the following options:

  • implement it yourself and submit the patches for the benefit of all other Wireshark users (preferred option).
  • open an enhancement request at https://bugs.wireshark.org and hope somebody is willing to implement that feature for you
  • pay somebody to implement it
  • forget about the whole thing and live without that feature ;-)

Regards
Kurt

(04 Aug '14, 15:03) Kurt Knochner ♦
showing 5 of 7 show 2 more comments