Wireshark · Wireshark-users: Re: [Wireshark-users] Capture cellular modem traffic

Wireshark-users: Re: [Wireshark-users] Capture cellular modem traffic

From: Guy Harris <guy@xxxxxxxxxxxx>

Date: Wed, 19 Mar 2008 10:28:23 -0700

Eli Greenhut wrote:

Does the traffic captured by wireShark is before the driver or after thedriver?


Before the driver.

On Windows, Wireshark uses WinPcap to capture packets, and, on variousUN*Xes, it uses libpcap. WinPcap includes its own driver, whichconnects to the networking code above the network device driver (itplugs into the "top half" of the NDIS mechanism, and networking driversplug into the "bottom half"), and the mechanisms libpcap uses eitherplug into the networking code above the network device drivers or getpackets supplied by the driver.

You won't, for example, see raw GSM/UMTS/cdmaOne/cdma2000/etc. radiotraffic, if that's what you're trying to see.

References:
- [Wireshark-users] Capture cellular modem traffic
  - From: Eli Greenhut

Prev by Date: [Wireshark-users] Capture cellular modem traffic
Next by Date: [Wireshark-users] pdml output
Previous by thread: [Wireshark-users] Capture cellular modem traffic
Next by thread: [Wireshark-users] pdml output
Index(es):
- Date
- Thread