Usman ur Rehman Ahmed's blog

 

EVDO network Interface is not listed by WireShark

Background Context

I am using EVDO broadband wireless Usb stick launched by Pakistan Telecommunication Limited (a 3.1 Mbps device). It is based on "CDMA2000" 3G wireless standard. It works well for me since I am at a rather lesser IT aware populated location. I came across an issue today while trying to capture network traffic on top of EVDO stick. I couldn't find much on this topic so I decided to write a post on this.

The Problem

I was able to get the network interface against EVDO using System.Net.NetworkInformation namespace,

foreach (NetworkInterface nic in NetworkInterface.GetAllNetworkInterfaces()) { ... }

 as following,

                "WAN (PPP/SLIP) Interface"

Evdo-interface
However this interface was not listed at all by either WireShark or by SharpPCap (which I was using to get Network Devices list) so I wasn’t able to send/receive packets. I was running on,

OS: Windows XP (x86)

with following,

WinPCap: 4.1.1

WireShark: Version 1.2.8 (SVN Rev 32676)

SharpPCap: SharpPcap-3.5.0

Solution

Since WAN (PPP/SLIP) interface is no exception I was forced to think that the issue is not due to usb modem but rather with WinPCap. I goggled it a bit and identified that PPP capturing is possible on Windows XP (x86) with WinPCap last stable release version (at the time of this writing) 3.1 which can be downloaded from,

                http://www.winpcap.org/archive/3.1-WinPcap.exe

-          I uninstalled 4.1.1 and reverted back to 3.1 and on the go, both network interfaces (Generic dialup adapter & WAN (PPP/SLIP interface) ) were listed relative to EVDO under WireShark and using SharpPCap (since it utilizes WinPCap).

Wireshark-wan-ppp-slip-interface

Note: As per initial tests, I was able to capture traffic using Wireshark but while trying to open either of these interfaces using SharpPCap, I was getting an exception at device.Open(),

"Unable to open the adapter (rpcap://\Device\NPF_GenericDialupAdapter). Error opening adapter: The system cannot find the device specified. (20)"

OR

Unable to open the adapter (rpcap://\Device\NPF_{F9409E20-55C1-43AD-992A-10929B.....}). Error opening adapter: The system cannot find the device specified. (20)

However since this post is primarily relative to listing of interfaces, the resolution was found. I will speak more on the issue of communication with EVDO device using SharpPCap in another blog post.

References

More details on the topic of PPP capturing can be found at,

                http://wiki.wireshark.org/CaptureSetup/PPP

                http://www.winpcap.org/misc/faq.htm#Q-5

Filed under: .NET 3g EVDO PTCL SharpPCap c# dot net interface network wireless wireshark
11
To Posterous, Love Metalab