This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Wireshark with external custom board

0

Hi,

we are planning to use Wireshark to display Wi-Fi packets which are captured by external Wi-Fi sniffer board. The board itself has USB connection which is recognized as COM PORT on the PC. Can someone help us how to start? Thanks.

asked 09 Mar '16, 04:47

lhend's gravatar image

lhend
6112
accept rate: 0%

The first thing I would ask myself before even obtaining such a board is what transmission speed of the "serial port" its USB part supports. While currently supported WiFi aerial bitrates are in tens of Mbps, USB2.0 has a maximum bitrate of 480 Mbps which actually means about 280 Mbps, but this mode usually doesn't come together with the serial ("com") port model, so you may find yourself limited to 12 Mbps theoretical rate which effectively means about 8.

Unless you can download the data faster than you capture them, you'd have to have a lot of RAM on the board and still its size would set a limit to your captures' size/duration.

If the board's USB interface could behave as a gigabit Ethernet over USB 3.0, that would be a completely different story - no bottleneck and much simpler software interface as you could feed such a GbE interface with the frames captured on WiFi augmented with a simple encapsulation header and capture them using the standard libpcap/WinPcap, rather than deploying the extcap model.

(09 Mar '16, 05:11) sindy

One Answer:

0

You'll likely have to look at writing an extcap plugin. extcap allows an external capturing process to feed the captured traffic into Wireshark.

There's the original SharkFest presentation about extcap here, the extcap man page here and in toe Wireshark source\doc directory there's README.extcap. The last item is probably the most up-to-date resource.

answered 09 Mar '16, 05:30

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%