USBPcap isn't capturing DNS packets
i am using USBPcap 1.2.0.3 to capture the packet of my USB data modem through wireshark. it is capturing all the HTTP HTTPS SSH packets but couldn't capture the DNS Packets. can anyone please explain what is the reason behind this and how i can capture the DNS packets also. i am using the latest version of wireshark and USBPcap.
Can you publish a capture file with just a few frames in it? I may not be up to date but to my knowledge there is no dissector which would be able to extract the IP layer from USB URBs captured on USB communication dongles (modems, Ethernet over USB etc.). So I wonder whether you actually do capture at an USB interface or at the virtual Ethernet interface of your USB modem (and in such case, USBPcap would not be related at all because WinPcap or npcap are used to capture at Ethernet interfaces, even if these are connected via USB or virtual like in case of 3G/4G modems).
To the second part of your question, the simplest explanation would be that the DNS traffic was not there while you were capturing. All operating systems normally cache the DNS responses for these responses' lifetime, so if you access e ...(more)
Just for reference, Wireshark can decode IP traffic over USB for ECM and MBIM classes (and NCM also even if I never explicitly tested it). So as to properly identify the traffic, you need to capture the USB enumeration.
Making a mental note, thanks. I admit I have only tried with physical Ethernet over USB and wasn't able to get anything although the enumeration phase was part of the capture, nor could I get to anything useful using manual "decode as". All that at least a year ago.
And feel free to remove my misleading comment once we get to an actual Answer to the original Question if I don't remove it myself quick enough.