How to activate Leftover capture data

Anonymous

Hi,

i am using wireshark on 64-bit Windows and i cannot find in my columns "Leftover capture data" for example to view usb data. I also dont find it in the columns editor?

Thanks a lot.

cu kami

edit retag close merge delete

Can anyone help me with the custom column??

Thanks a lot.

( 2018-08-17 08:07:12 +0000 )edit

Hi,

please anyone here how can give me some informations with the data from the other direction? usb.capdata only shows the Informations from the device to the host i would like to see what the host sends to the device?

Thanks a lot.

Cu kami

( 2018-08-23 06:35:43 +0000 )edit

Hi,

please anyone here how can give me some informations with the data from the other direction? usb.capdata only shows the Informations from the device to the host i would like to see what the host sends to the device?

Thanks a lot.

Cu kami

( 2018-08-27 06:44:42 +0000 )edit

Without seeing the capture it is hard to answer, but one important point about USB is that the endpoints except the configuration one are unidirectional (at least for isochronous transfers). So whereas the input endpoint gets empty requests from the host and provides data in its responses, the output endpoint receives data in the requests from the host and provides only result codes in the responses. These two endpoints, even if they actually serve one bi-directional logical stream, differ by address.

Besides, what you can see in the capture are not USB packets as seen on the wire but the URBs which are "virtual packets" (actually, memory buffers) exchanged between the USB host chip and the CPU. Again for isochronous transfers, each URB carries data from (or reserved space for) several actual "on the wire" USB packets.

( 2018-08-27 16:10:05 +0000 )edit

Hi,

thanks a lot for the answer. But i am really sorry i dont understand what you mean? My question is easy i can see the messages from the device to the host as usb.capdata but i cannot see the messages in the other direction??

If you just have explained this to me then please try it in another way.

Thanks a lot.

Cu kami

( 2018-08-29 11:29:26 +0000 )edit

Sort by » oldest newest most voted

I think what you're looking for is usb.capdata.

In case that's not what you're looking for, here's the entire list of available USB display filters: https://www.wireshark.org/docs/dfref/...

EDIT: Adding information about how to apply the usb.capdata (or any) field as a column.

Probably the easiest way to add a field as a column is to locate the field of interest in the packet details pane and then right-click on it and select "Apply as Column". The new column is added as the last column on the far right, but you can drag and drop it to any column location you wish.

Alternatively, you can add a column using the column preferences dialog window. Choose "Edit -> Preferences -> Columns -> '+' " to add a new column, which is added as the last column with a default name of "New Column" and a default Type as "Number". Double-click the Number type to choose another type from the drop-down list. In particular, for a custom column, choose "Custom". Next, double-click the blank area in the row under the Fields column. In this case, I suppose you want to enter usb.capdata. Double-click the name of the column to give it a more useful name. Lastly, drag and drop the column so it appears in the location you prefer instead of at the end.

more

Hi,

thanks a lot this goes in the right direction. But now i can see what the USB Host get as an answer of the device. I would like to see what the USB Host send to the USB Device?

Thanks a lot.

Cu kami

( 2018-08-21 06:01:17 +0000 )edit

Did you capture bidirectional traffic? Maybe try posting a capture file somewhere online such as https://www.cloudshark.org/ or Google Drive or any other online site so folks can take a look at it and possibly help. As it is now, there's not enough information to provide any further assistance.

But, you should ask a new question since this one, i.e., "How to activate Leftover capture data?" has been asked and answered and you should therefore accept the answer so folks know it's been answered.

( 2018-08-29 13:49:01 +0000 )edit

If it's undissected data (shown as data.data in the packet details window) you can always add that as type custom column with field data.data

more

Hi,

thanks a lot. I just tried data.data but it isnt working. No Output??

Cu kami

( 2018-08-16 11:15:42 +0000 )edit