Ask Your Question
0

How to activate Leftover capture data

asked 2018-08-15 07:02:48 +0000

anonymous user

Anonymous

Hi,

i am using wireshark on 64-bit Windows and i cannot find in my columns "Leftover capture data" for example to view usb data. I also dont find it in the columns editor?

Thanks a lot.

cu kami

edit retag flag offensive close merge delete

Comments

Can anyone help me with the custom column??

Thanks a lot.

kami gravatar imagekami ( 2018-08-17 08:07:12 +0000 )edit

Hi,

please anyone here how can give me some informations with the data from the other direction? usb.capdata only shows the Informations from the device to the host i would like to see what the host sends to the device?

Thanks a lot.

Cu kami

kami gravatar imagekami ( 2018-08-23 06:35:43 +0000 )edit

Hi,

can anyone please help me with this question:

please anyone here how can give me some informations with the data from the other direction? usb.capdata only shows the Informations from the device to the host i would like to see what the host sends to the device?

Thanks a lot.

Cu kami

kami gravatar imagekami ( 2018-08-27 06:44:42 +0000 )edit

Without seeing the capture it is hard to answer, but one important point about USB is that the endpoints except the configuration one are unidirectional (at least for isochronous transfers). So whereas the input endpoint gets empty requests from the host and provides data in its responses, the output endpoint receives data in the requests from the host and provides only result codes in the responses. These two endpoints, even if they actually serve one bi-directional logical stream, differ by address.

Besides, what you can see in the capture are not USB packets as seen on the wire but the URBs which are "virtual packets" (actually, memory buffers) exchanged between the USB host chip and the CPU. Again for isochronous transfers, each URB carries data from (or reserved space for) several actual "on the wire" USB packets.

sindy gravatar imagesindy ( 2018-08-27 16:10:05 +0000 )edit

Hi,

thanks a lot for the answer. But i am really sorry i dont understand what you mean? My question is easy i can see the messages from the device to the host as usb.capdata but i cannot see the messages in the other direction??

If you just have explained this to me then please try it in another way.

Thanks a lot.

Cu kami

kami gravatar imagekami ( 2018-08-29 11:29:26 +0000 )edit

2 Answers

Sort by ยป oldest newest most voted
0

answered 2018-08-16 17:59:03 +0000

cmaynard gravatar image

updated 2018-08-17 13:08:54 +0000

I think what you're looking for is usb.capdata.

In case that's not what you're looking for, here's the entire list of available USB display filters: https://www.wireshark.org/docs/dfref/...

EDIT: Adding information about how to apply the usb.capdata (or any) field as a column.

Probably the easiest way to add a field as a column is to locate the field of interest in the packet details pane and then right-click on it and select "Apply as Column". The new column is added as the last column on the far right, but you can drag and drop it to any column location you wish.

Alternatively, you can add a column using the column preferences dialog window. Choose "Edit -> Preferences -> Columns -> '+' " to add a new column, which is added as the last column with a default name of "New Column" and a default Type as "Number". Double-click the Number type to choose another type from the drop-down list. In particular, for a custom column, choose "Custom". Next, double-click the blank area in the row under the Fields column. In this case, I suppose you want to enter usb.capdata. Double-click the name of the column to give it a more useful name. Lastly, drag and drop the column so it appears in the location you prefer instead of at the end.

edit flag offensive delete link more

Comments

Hi,

thanks a lot this goes in the right direction. But now i can see what the USB Host get as an answer of the device. I would like to see what the USB Host send to the USB Device?

Thanks a lot.

Cu kami

kami gravatar imagekami ( 2018-08-21 06:01:17 +0000 )edit

Did you capture bidirectional traffic? Maybe try posting a capture file somewhere online such as https://www.cloudshark.org/ or Google Drive or any other online site so folks can take a look at it and possibly help. As it is now, there's not enough information to provide any further assistance.

But, you should ask a new question since this one, i.e., "How to activate Leftover capture data?" has been asked and answered and you should therefore accept the answer so folks know it's been answered.

cmaynard gravatar imagecmaynard ( 2018-08-29 13:49:01 +0000 )edit
0

answered 2018-08-15 15:54:28 +0000

Jaap gravatar image

If it's undissected data (shown as data.data in the packet details window) you can always add that as type custom column with field data.data

edit flag offensive delete link more

Comments

Hi,

thanks a lot. I just tried data.data but it isnt working. No Output??

Cu kami

kami gravatar imagekami ( 2018-08-16 11:15:42 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-08-15 07:02:48 +0000

Seen: 7,879 times

Last updated: Aug 27 '18