Ask Your Question
0

How to capture USB packets please?

asked 2017-10-31 08:51:41 +0000

BigBaldJohn gravatar image

Hi all,

I used Wireshark many moons ago and need to return to the fold, but this time to sniff USB packets.

I've installed USBpcap but there is no USB interface shown on Wireshark, just the Ethernet connections.

I've looked at the documentation but can't find an idiot's how-to. The references to USB seem to be in the context of USB to Ethernet convertors. Is there a guide available? What am I doing wrong please?

Running Windows 7 and soon Windows 10.

Cheers John

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2017-10-31 09:09:53 +0000

grahamb gravatar image

updated 2017-10-31 09:46:19 +0000

sindy gravatar image

What Wireshark version?

On Windows, USBPcap is the capture driver for USB. What does the output of command line command USBPcapCMD.exe show, it should be a list of USB devices as illustrated here? If it doesn't then you should raise an issue at the USBPcap project site.

If the command does show a list of devices, what does tshark -D display?

edit flag offensive delete link more

Comments

Thanks for the info, Graham, it's certainly helped I hadn't twigged that it's a two-stage process - use USBPcapCMD to capture the packets to a file then use Wireshark to display them. I'm using the latest Wireshark (2.4.2). tshark shows only the wired interfaces, as shown at start-up. Cheers

BigBaldJohn gravatar imageBigBaldJohn ( 2017-10-31 10:19:59 +0000 )edit

It is not intended to be a two-stage process. Normally *shark should call USBPcapCMD.exe in extcap mode and show you each USB root hub as a capture-able interface just as you expect. So if you can capture using USBPcapCMD.exe run from the command line but not from *shark, something is wrong.

sindy gravatar imagesindy ( 2017-10-31 10:40:18 +0000 )edit

So if this is the case, it is a sufficient workaround but not what was intended.

sindy gravatar imagesindy ( 2017-10-31 10:41:49 +0000 )edit

OK, there does seem to be a problem with my installation then, since the USB interfaces aren't offered in Wireshark. What can I do to help sort it out?

BigBaldJohn gravatar imageBigBaldJohn ( 2017-10-31 11:11:23 +0000 )edit

Does your `C:\Program Files\Wireshark\extcap` directory exist and contain a copy of `USBPcapCMD.exe`? (If you have installed Wireshark elsewhere, use that path of course).

sindy gravatar imagesindy ( 2017-10-31 11:55:29 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

2 followers

Stats

Asked: 2017-10-31 08:51:41 +0000

Seen: 69,036 times

Last updated: Oct 31 '17