OSQA is unmaintained. Help us figure out where to go from here.

Hello,

I am trying to capture TCP traffic using wire shark. I am using a Satellite phone connected via USB . Any help is greatly appreciated.

Thanks

asked 15 Jul, 08:52

errabolu's gravatar image

errabolu
61
accept rate: 0%

The information about your environment is insufficient.

Some wireless USB modems, regardless what wireless network they use, emulate serial ports, which means that IP connection uses ppp over serial, while others emulate ethernet ports so the IP connection is either direct or PPPoE.

Depending on this, you may be able to capture at the "ethernet" interface if the driver supports that (some Windows drivers don't), or you may have to capture the serial-over-USB packets (I'm not sure whether linux supports capturing at ppp interfaces, Windows do not AFAIK).

Ability to capture USB depends on kernel version on linux or OS X, and you need USBPcap on Windows.

And I'm afraid that dissection of ppp over serial over USB would require heavy post-processing of the capture.

(15 Jul, 11:43) sindy

Microsoft's Message Analyzer (formerly Network Monitor) can capture over PPP.

(15 Jul, 12:11) grahamb ♦

I'm not sure whether linux supports capturing at ppp interfaces

It does.

Windows do not AFAIK

Windows with WinPcap doesn't; Windows with NPcap might.

Ability to capture USB depends on kernel version on linux or OS X

I think any reasonably recent kernel should support it on Linux; for macOS, you'll need High Sierra, I think (the upcoming High Sierra, not just the current Sierra).

Microsoft's Message Analyzer (formerly Network Monitor) can capture over PPP.

The Network Monitor driver probably plugs into the networking stack in a different place from where the WinPcap driver plugs; NPcap might plug in at the same point (although, at one point, I think there was have been a special hack in Windows that looked for the NetMon driver and treated it specially).

I think Message Analyzer may plug into the networking stack in yet another place, although I'm not certain.

(15 Jul, 22:17) Guy Harris ♦♦
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×68
×16
×13
×1

question asked: 15 Jul, 08:52

question was seen: 67 times

last updated: 15 Jul, 22:17

p​o​w​e​r​e​d by O​S​Q​A