On Sun, Apr 28, 2013 at 10:39 AM, Roger Smith <irieblue@xxxxxx> wrote:
> Windows 8 added support for MBIM devices/network interfaces. Unfortunately these MBIM interfaces are not showing up as a selectable interface in wireshark. Any idea on how to get this working?
>
> MBIM interfaces transport ip packets and are not wrapped in an Ethernet style frame. Essentially MBIM is a new interface type that adheres to the USB CDC NCM/MBIM Spec that has a pretty well defined headers. I need the ability to decode the packets across an MBIM connection.
>
> Any idea how to get this working? MBIM is finally a standard that should replace RNDIS for USB network devices , but more important work on all platforms wire shark runs on.
Wireshark uses WinPcap [1] to interface with networking devices on
Windows, so support for these devices will have to be added there
first (this will likely involve adding a new linktype to the official
list [2]).
Once that is done we can add a dissector to Wireshark for the framing
protocol, but that will be (mostly) useless without the WinPcap
component already in place.
(For reference, a general spec seems to be available at [3].)
Cheers,
Evan
[1] https://www.winpcap.org/
[2] http://www.tcpdump.org/linktypes.html
[3] http://msdn.microsoft.com/en-us/library/windows/hardware/mbim-based-mobile-broadband-requirements-for-windows.aspx