USB packets are not being split into sections on Linux

asked 2021-07-13

MrShnorp

I have a capture file from a Mac device, and I am trying to read the USB packets. On a Windows VM, the packets are correctly split into sections and analyzed: image description

However, for some reason, when I open the same exact file with the same exact Wireshark version on Linux: image description

The packets are not analyzed.

I am using Arch Linux, and I have downloaded Wireshark from the repos and I've also tried compiling it from source, to no avail.

Why is this happening?

1 Answer

answered 2021-07-13

MrShnorp

So, turns out that I just had to increase the size of the part which says "Frame 1".

If you're curious, the names that are generally used for the sections of the Wireshark display are

  • the "packet summary pane", which has one-line summaries of packets (packet number, time stamp, addresses, protocol, summary information, etc.);
  • the "packet detail pane", which has the details of the currently-selected packet;
  • the "hex dump pane", which has a raw hex and ASCII display of the packet data.

(This style of display in sniffers long predates Wireshark - it goes back at least to earlier GUI-based sniffers.)

The part that says "Frame 1" is the packet detail pane.

Guy Harris

