Ask Your Question
0

New to Wireshark and attempting to snoop USB

asked 2020-03-26 18:14:47 +0000

shane gravatar image

I've downloaded and installed Wireshark to snoop 4 USB ports. I've also imported the USBPcap CMD file in to the wireshark extcap directory. However, when I start up wireshark, I only see one instance of a USB device. I'm able to snoop different USB ports on the same USB port in wireshark, but I'd rather have three separte ports listed so I can get an idea as to which one I'm looking at. Any ideas how I can modify this setup? Also, is there a dll file I need to download?

One last thing, I've also downloaded WINPcap. Is this necessary?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-03-26 19:08:12 +0000

grahamb gravatar image
  1. If you checked the box to install USBPcap when installing Wireshark, you have everything you need. You don't need WinPcap, nor do you need to copy any USBPcapCMD.exe anywhere else.

  2. The interfaces you see in Wireshark are the ones you get from USBPcap. You need to determine which interface is connected to the device you're interested in, see the USBPcap illustrated tour for info on how to do that.

edit flag offensive delete link more

Comments

Thank you for helping me out here. I did check the box, but the USB ports are not showing up when I run the program. It was only after I placed the USBPcapCMD file in the directory that I got any sort of USB listed ports at all that I could snoop. Looking at the USB port available, with the USBPcapCMD file in the extcap directory, it actually lists all of the available USB ports/devices available and allows me to check or uncheck any port I don't want to monitor. I'm not sure at this point however, if it will actually allow me to monitor them all at once.

I've installed Wireshark twice and I've had the same problem. I'm using Version 3.2.2 (v3.2.2-0-ga3efece3d640). Is there another version I might try instead?

shane gravatar imageshane ( 2020-03-26 21:00:38 +0000 )edit

And, in answer to

One last thing, I've also downloaded WINPcap. Is this necessary?

the answer is "no".

Guy Harris gravatar imageGuy Harris ( 2020-03-26 21:32:52 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2020-03-26 18:14:47 +0000

Seen: 2,175 times

Last updated: Mar 26 '20