First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Only capturing usb protocols

INTRO-------------------- hey all! I am very new to and generally awful at networking but I suspect someone on my network might be ARP spoofing and I was trying to find out how, hoping wireshark can help me, I am however using a USB to access wifi and so I assume I had to use USBPCap which I ran into with some problems earlier but seems to be working now.

So I tried capturing with all protocols on and only ended up with USB protocols ((destination to "Host")) and ((Source "2.3.1")) as far as I can tell my main problem is that I can not get details of the protocols, any help?

Cheers!

Apool's avatar
1
Apool
asked 2018-12-07 19:36:37 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

I am however using a USB to access wifi and so I assume I had to use USBPCap

No.

USBPcap (for Windows) is only necessary if you want to capture raw USB traffic to and from your machine.

If you have a USB network adapter, it looks, to the capture mechanisms used by libpcap/WinPcap/Npcap, and thus by Wireshark, like any other network adapter; those capture mechanisms don't care whether the network adapter uses PCI or PCI Express or USB or EISA or ISA or... to connect to the CPU.

So I tried capturing with all protocols on and only ended up with USB protocols

That's what USBPcap is for - capturing USB traffic.

Try just capturing on your Wi-Fi adapter as if it were an ordinary adapter.

Note, however, that you might need Npcap; capturing on Wi-Fi adapters on Windows is tricky, and WinPcap's kernel driver might not perform all the appropriate rituals needed for this. That's not a USB issue, it's a "how Windows handles Wi-Fi adapters" issue, applying to Wi-Fi adapters even if they're directly attached to the motherboard.

Guy Harris's avatar
19.9k
Guy Harris
answered 2018-12-07 20:58:32 +0000, updated 2018-12-07 23:15:19 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@Guy Harris Hey! thank you for your reply, my confusion came from the fact my only two options were available (USBPcap 1) and (USBP cap 2) after following your advice and going through a few very somewhat hidden links for an hour or so I came to the conclusion that the only thing left I knew how to do was try and install what ever this "Npcap" is, after doing so I now had four more options with only 1 option called simply "Wi-Fi" that was pulsing signal and it seems to have all finally worked.

-

I do not know if I uninstalled Wincap or not, where either it was the problem at not finding signal or not or what ever else - or even how to use wincap and not usbpCap (my assumptions is wincap did not work) but it was beautiful to finally see computers talk

-

I wish information ... (more)

Apool's avatar Apool (2018-12-07 22:36:32 +0000) edit
more
  • delete

WinPcap ("Pcap", not "Cap") is installed by the Wireshark Windows installer. We'd like to install Npcap instead, but there are some licensing issues getting in the way.

Guy Harris's avatar Guy Harris (2018-12-07 23:11:01 +0000) edit
more
  • delete

@Guy Harris Interesting, thanks for letting me know, I hope you will get it done one day

cheers

Apool's avatar Apool (2018-12-08 01:43:38 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer