Ask Your Question
0

New to Wireshark and attempting to snoop USB

asked 2020-03-26 18:14:47 +0000

shane gravatar image

I've downloaded and installed Wireshark to snoop 4 USB ports. I've also imported the USBPcap CMD file in to the wireshark extcap directory. However, when I start up wireshark, I only see one instance of a USB device. I'm able to snoop different USB ports on the same USB port in wireshark, but I'd rather have three separte ports listed so I can get an idea as to which one I'm looking at. Any ideas how I can modify this setup? Also, is there a dll file I need to download?

One last thing, I've also downloaded WINPcap. Is this necessary?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2020-03-26 19:08:12 +0000

grahamb gravatar image

  1. If you checked the box to install USBPcap when installing Wireshark, you have everything you need. You don't need WinPcap, nor do you need to copy any USBPcapCMD.exe anywhere else.

  2. The interfaces you see in Wireshark are the ones you get from USBPcap. You need to determine which interface is connected to the device you're interested in, see the USBPcap illustrated tour for info on how to do that.

edit flag offensive delete link more

Comments

Thank you for helping me out here. I did check the box, but the USB ports are not showing up when I run the program. It was only after I placed the USBPcapCMD file in the directory that I got any sort of USB listed ports at all that I could snoop. Looking at the USB port available, with the USBPcapCMD file in the extcap directory, it actually lists all of the available USB ports/devices available and allows me to check or uncheck any port I don't want to monitor. I'm not sure at this point however, if it will actually allow me to monitor them all at once.

I've installed Wireshark twice and I've had the same problem. I'm using Version 3.2.2 (v3.2.2-0-ga3efece3d640). Is there another version I might try instead?

shane gravatar imageshane ( 2020-03-26 21:00:38 +0000 )edit

And, in answer to

One last thing, I've also downloaded WINPcap. Is this necessary?

the answer is "no".

Guy Harris gravatar imageGuy Harris ( 2020-03-26 21:32:52 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

subscribe to rss feed

Stats

Asked: 2020-03-26 18:14:47 +0000

Seen: 1,268 times

Last updated: Mar 26 '20

Related questions

USB capture - What is the interpretation of URB fields?

Does Wireshark need admin rights/privileges to execute USB capture

Filter i2c data contained in a USB packet

Wireshark does not list USB HID mouse or keyboard

USB serial COM capture not working

How to capture USB packets please?

USBPcap isn't capturing DNS packets

Why doesn't Wireshark trace USB string descriptors?

Capturing 3G wireless modem traffic.

How do I fix "WinPcap will not install" problem?

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2