Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

**To further my confusion, I still am collecting some kind of traffic - but unsure what kind. I have two ports - one is "USBcap1" and the other is "USBcap2". But only the former can collect the "traffic" while the other can be clicked only to be returned with "Local interfaces are unavailable" ...

Those are both "devices" for capturing traffic going over the USB bus, and have nothing to do with Npcap.

Wireshark has a mechanism to support capturing traffic from mechanisms not supported by libpcap/WinPcap/Npcap; on Windows, raw USB capture is one of them. That doesn't refer to capturing network traffic on USB adapters - that works the same way that capturing on non-USB-attached network adapters works - but to capturing USB transactions on the bus for any type of USB device. This mechanism is called "extcap", for "external capture", "external" meaning that the code to support it could be third-party code not part of Wireshark, e.g. "external" to Wireshark.

So what you're capturing on USBcap1 is USB transactions, whether it's between your keyboard or mouse and your machine, or between some device plugged into a USB connector on your machine and the machine (network adapter, disk, etc.).

They show up because, even if Wireshark gets an empty list of devices from libpcap/WinPcap/Npcap, it may still show extcap devices.