MBIM wireshark dissector

Bjørn Mork bjorn at mork.no
Thu Mar 27 00:54:40 PDT 2014

Ben Chan <benchan at chromium.org> writes:
> On Tue, Mar 25, 2014 at 3:24 AM, Bjørn Mork <bjorn at mork.no> wrote:
>> This might have been mentioned before, but if so then I have forgotten
>> all about it.  And if I have forgotten, then maybe others have as well.
>> At least I can pretend that my memory isn't exceptionally much worse
>> than average... Anyway, repeating the info cannot harm.
>> I was looking at improving the simple LUA based QMI dissector Ilya made
>> a long time ago ( https://gist.github.com/ivoronin/2641557 ) when I
>> noticed that Pascal Quantin already has added a full featured MBIM
>> dissector. The comments indicate that this was made primarily for
>> dissecting USBPcap dumps on Windows8+, but it is properly plugged into
>> the usb dissector so it should work equally fine on with usbmon dumps on
>> Linux.  I couldn't make the control message dissection work in my quick
>> test just now, so this possibly needs some fixing first.
>> Still, the parts that do work are already really useful.  Simple example
>> decoding the bulk data.  Note the advantages of having the normal IP
>> dissector taking care of the IP packets inside the NTB:
> Yeah, I also found it very useful. I've tried capturing MBIM
> communications via tcpdump+usbmon, and then viewed the pcap file in
> wireshark. Like you said, it didn't seem to dissect command messages
> properly. Not sure if it was an issue with capturing or dissecting.

Well, Pascal noticed my post and immediately fixed the minor issue.  I
am happy to say that this now works with the wireshark master branch.

Note that wireshark needs to see the configuration descriptor to be able
to figure out the interface classes, so you should start the capture
before plugging in the modem.  Or you can make the dissector attempt to
decode the control traffic anyway by setting

  Edit->Preferences->Protocols->MBIM->Force decoding...


More information about the libmbim-devel mailing list