Hello list!
I thought I'd notify the Wireshark team one way or another that I
managed to set up the IrDA cxapturing now in 2020. No $1000+ equipment,
no excessive brain-you-know-what-ery.
Since **anything** IrDA is REALLY hard to find online, I'd post my guide
here. Feel free to re-post it to Wiki
Based upon: https://wiki.wireshark.org/CaptureSetup/IrDA - the largely
hypothetical and deprecated Wiki page
> With the IrCOMM2k driver installed, and with the appropriate patches
to WinPcap <https://wiki.wireshark.org/WinPcap>, it should be possible
to capture on IrDA devices on Windows.
Turns out it's totally realistically possible!
The guide is as follows (per 2020):
1. Set a Windows XP VM, for example, install:
* VirtualBox
* Windows XP onto it
* VirtualBox drivers
/Note/: Possibly the guide works on Windows 2k/Vista/7/10+. But 32-bit
only. But the guide is tested on XP
2. Attach your IrDA device to the VM, get its drivers installed
3. Get the following software:
* IrCOMM software packages - available at:
http://www.ircomm2k.de/English/download.html . You'd need
- IrCOMM2k (itself) v2.0.0 beta 3 (or higher, if available in the
future) . v1.2.1 is more stable imo, but it's incompatible with Wireshark
- "Ethereal IrDA Extensions" -> "IrDA Real-Time Capturing for
WinPcap (Win32)" . It's just the .dll file . Don't worry that it says
"Ethereal", it's compatible with WireShark. By the way, this patch (or
patched file, if you like) is the reason the capturing is stuck to only
Windows 32-bit
* WinPCap v3.1 . It's old, but it's what IrCOMM is designed to work
with. It's still "finable" online, but to be safe, I archived this
version on archive.org (IA), https://archive.org/details/WinPcap31
* WireShark - whatever the last supported version is. For XP, it'ssome
outdated but relatively modern version - don't remember which
* [optional] PuTTY (or its counterpart) - for COM port testing. Tip: for
Win2k, the last version is v0.6.4, for XP it's whatever the latest. Just
for the testing
4. Install them all as follows: IrCOMM2k, WinPCap 3.1, "IrDA Real-Time
Capturing for WinPcap (Win32)" (just copy the file into "system32",
overwriting the original), WireShark (do NOT update WinPcap, and don't
switch to ncap), PuTTY . After all that, you might wanna reboot the
virtualised OS
5. Done! Now launch WireShark, it'd see the "IrDA connection" interface
which it'd interpret perfectly, if not better than the ofgficial
specifications. Connect to something via IrDA, and try sending "ATI" (AT
command for "Identify yourself") and get a response. Now check with
Wireshark, and it'd catch the communication
Tip: IrCOMM2k v2+ is somewhat buggy, occasionally it might get stuck and
halt its ability to detect the communication mode and/or device connect
/ disconnect events. The solution? Reboot the virtualised OS
Kind regards,
Tim
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
