Why doesn't Wireshark trace USB string descriptors?

asked 2017-11-08 08:53:03 +0000

this post is marked as community wiki

This post is a wiki. Anyone with karma >750 is welcome to improve it.

If I trace a USB enumeration I only get traces of host retrieving device and config desciptors, but not of the string desciptor retrievals (which I can see if I attach a USB bus analyser). How come?

edit retag flag offensive close merge delete


Which operating system?

sindy gravatar imagesindy ( 2017-11-08 15:32:10 +0000 )edit

Windows 7 Pro SP1

MatsW gravatar imageMatsW ( 2017-11-09 08:40:19 +0000 )edit

Presumably you're using USBPcap to capture the USB traffic, so in this case I think this is an issue with USBPcap itself not Wireshark.

grahamb gravatar imagegrahamb ( 2017-11-09 10:11:54 +0000 )edit

To be sure, you would have to capture using USBPcapCMD.exe directly into a file (in order to exclude Wireshark from the chain completely) and analyse the file using something else than Wireshark, to see whether the frames are there but Wireshark cannot see them or whether USBPcap has not saved them.

You can also publish the file, login-free, at any file sharing service and edit your Question with a link to it to let the community have a look. If doing so, it would be fine to paste a cut from the frame list from the external analyzer which would contain the frames missing in the capture plus at least one before and at least one after them, ideally with timestamps.

sindy gravatar imagesindy ( 2017-11-09 11:17:37 +0000 )edit