This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

What does USBPcap do and why would you use it?

0

Hi all,

I am currently learning WireShark and how to use it, understand it and diagnose problems on my network, unfortunately I cannot afford to go on an official course so I am learning from the books that are recommended by the WireShark website and also so suggestions by users on other forums, I am doing really well and getting the hang of WireShark.

But, yesterday I decided to upgrade my WireShark to the latest version and I installed USBPcap which my books do not cover, so I was wondering if anyone could take two minutes to explain to me what this is, why would you capture USB traffic and what scenario would a USB capture apply to?

Any help would be much appreciated as my curiosity is getting the better of me :)

Thanks

Daz

asked 21 Nov '15, 02:08

JimBob321's gravatar image

JimBob321
6224
accept rate: 0%


One Answer:

1

Look at the project home page.

As an example of use case, it helped me debug a mysterious case of sound distortion in audio streams recorded from an USB audio "card" (thanks again, Tomasz).

answered 21 Nov '15, 02:23

sindy's gravatar image

sindy
6.0k4851
accept rate: 24%

edited 21 Nov '15, 02:25

Thanks for that, I did look at the homepage already but it does not really tell me what it does and what you would use it for.

Daz

(21 Nov '15, 02:47) JimBob321

Think about USB the same way you normally think about Ethernet. It is a communication interface allowing you to connect your PC to various pieces of hardware (or vice versa if you prefer) and exchange information with them using various protocols. Sometimes you need to analyse the protocol conversations to find out why something works different from what you've expected or does not work at all, or possibly you need to have a look at the information transported using that protocols (usually called payload) to learn whether already the connected device is sending you corrupt data or whether it is your application which handles them improperly.

And note that in addition to Ethernet and USB, Wireshark can handle also protocols used on various types of serial channels, like those used in "legacy" telephony networks.

(21 Nov '15, 03:02) sindy

Thank you so much! :), that makes sense now, I am sure I will get round to it when I finish my books! :)

Thanks again for taking to time to explain it to me.

(21 Nov '15, 03:16) JimBob321