MBIM wireshark dissector

Ben Chan benchan at chromium.org
Thu Mar 27 00:39:03 PDT 2014


On Tue, Mar 25, 2014 at 3:24 AM, Bjørn Mork <bjorn at mork.no> wrote:
> This might have been mentioned before, but if so then I have forgotten
> all about it.  And if I have forgotten, then maybe others have as well.
> At least I can pretend that my memory isn't exceptionally much worse
> than average... Anyway, repeating the info cannot harm.
>
> I was looking at improving the simple LUA based QMI dissector Ilya made
> a long time ago ( https://gist.github.com/ivoronin/2641557 ) when I
> noticed that Pascal Quantin already has added a full featured MBIM
> dissector. The comments indicate that this was made primarily for
> dissecting USBPcap dumps on Windows8+, but it is properly plugged into
> the usb dissector so it should work equally fine on with usbmon dumps on
> Linux.  I couldn't make the control message dissection work in my quick
> test just now, so this possibly needs some fixing first.
>
>
> Still, the parts that do work are already really useful.  Simple example
> decoding the bulk data.  Note the advantages of having the normal IP
> dissector taking care of the IP packets inside the NTB:
>

Yeah, I also found it very useful. I've tried capturing MBIM
communications via tcpdump+usbmon, and then viewed the pcap file in
wireshark. Like you said, it didn't seem to dissect command messages
properly. Not sure if it was an issue with capturing or dissecting.


More information about the libmbim-devel mailing list