Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

There was a "Wireshark 2 preview" in the 1.12 Windows installers up to 1.12.1.

The name "Wireshark 2 preview" is a bit confusing. The only way in which it was a preview of Wireshark 2 is that it was built using the Qt toolkit, rather than the GTK+ toolkit, so that it had the new Qt-based user interface; Wireshark 2 was going to offer the Qt-based user interface as the default, with a "legacy" GTK+-based version also available. The rest of it was just 1.12.1, so, other than the UI changes, it offered no new capabilities that the regular GTK+-based 1.12.1 release offered. It didn't dissect any more protocols, it didn't have any bug fixes to protocol dissection that regular 1.12.1 didn't have, it didn't have support for capturing on any devices that regular 1.12.1 didn't support. It may have changed the way some statistics windows worked, due to the UI change; it may also not have had some statistics windows that the regular 1.12.1 version had if those statistics windows hadn't been converted to use Qt yet.

So there's really not much reason to use the "Wireshark 2 preview" version of Wireshark from the 1.12.1 installer.

The "Wireshark 2 preview" was removed in 1.12.2, because "Users wishing to try the Qt UI should use the 1.99.x installers.". The beta and release candidate versions of Wireshark 2.0 were numbered as 1.99.x; they, unlike the 1.12.1-based "Wireshark 2 preview", included changes to the Wireshark code not in the 1.12 releases, including new protocol dissectors, enhancements to new protocol dissectors, and so on.

However, those weren't the final Wireshark 2.0 release. The Wireshark 2.0 release included bug fixes that weren't in any of the 1.99.x releases.

So there's really not much reason to use the 1.99.x versions of Wireshark, either, even if they're available to download.

If the "guys on the Internet" were discussing the Wireshark 2 preview release recently, they're probably very confused; that release is from 2014, more than 4 years ago. If they were talking about it back in 2014, then they weren't confused, but you were mistakenly thinking it was something up to date that you should try to use.

Now, if by "interfaces" you're referring to the network interfaces supported by Wireshark, not the user interface, the version of Wireshark won't make any difference at all - 1.10.x, 1.12.x, 1.12.x "Wireshark 2 preview", 1.99.x, 2.0.x, 2.2.x, 2.4.x, 2.6.x, they'll all see the same interfaces. It's WinPcap that controls what network interfaces show up, and they're all using WinPcap 4.1.3.

The problem with your 3G modem is that it's a "WAN" device from the standpoint of the Windows networking stack, and those devices connect to the rest of the networking stack in ways that don't work very well with the way the WinPcap driver plugs into the networking stack. They show up as PPP (point-to-point protocol) devices, and, as the answer to Q-5 in the WinPcap FAQ says, "Windows XP (x64)/2003 (x64). It's not possible to capture on PPP/VPN connections on these operating systems.", so you're not going to be able to capture regular networking traffic on your 3G modem with Windows XP and programs using WinPcap (such as Wireshark) - no matter what version of Wireshark you use.

You may be able to capture the raw USB traffic to and from the 3G modem; whether it will be possible to extract the contents of packets from that USB traffic using Wireshark is another matter.