Hello, I am trying to capture TCP traffic using wire shark. I am using a Satellite phone connected via USB . Any help is greatly appreciated. Thanks asked 15 Jul '17, 08:52  errabolu |
This is a static archive of our old Q&A Site.
Please post any new questions and answers at ask.wireshark.org.
The information about your environment is insufficient.
Some wireless USB modems, regardless what wireless network they use, emulate serial ports, which means that IP connection uses ppp over serial, while others emulate ethernet ports so the IP connection is either direct or PPPoE.
Depending on this, you may be able to capture at the "ethernet" interface if the driver supports that (some Windows drivers don't), or you may have to capture the serial-over-USB packets (I'm not sure whether linux supports capturing at ppp interfaces, Windows do not AFAIK).
Ability to capture USB depends on kernel version on linux or OS X, and you need USBPcap on Windows.
And I'm afraid that dissection of ppp over serial over USB would require heavy post-processing of the capture.
Microsoft's Message Analyzer (formerly Network Monitor) can capture over PPP.
It does.
Windows with WinPcap doesn't; Windows with NPcap might.
I think any reasonably recent kernel should support it on Linux; for macOS, you'll need High Sierra, I think (the upcoming High Sierra, not just the current Sierra).
The Network Monitor driver probably plugs into the networking stack in a different place from where the WinPcap driver plugs; NPcap might plug in at the same point (although, at one point, I think there was have been a special hack in Windows that looked for the NetMon driver and treated it specially).
I think Message Analyzer may plug into the networking stack in yet another place, although I'm not certain.