Wireshark-dev: [Wireshark-dev] IrDA support confirmed!
From: Tim Abdiukov <tabdiukov@xxxxxxxxx>
Date: Tue, 22 Sep 2020 01:50:23 +1000

Hello list!

I thought I'd notify the Wireshark team one way or another that I managed to set up the IrDA cxapturing now in 2020. No $1000+ equipment, no excessive brain-you-know-what-ery.

Since *anything* IrDA is REALLY hard to find online, I'd post my guide here. Feel free to re-post it to Wiki


Based upon: https://wiki.wireshark.org/CaptureSetup/IrDA - the largely hypothetical and deprecated Wiki page

> With the IrCOMM2k driver installed, and with the appropriate patches to WinPcap, it should be possible to capture on IrDA devices on Windows.

Turns out it's totally realistically possible!


The guide is as follows (per 2020):
1. Set a Windows XP VM, for example, install:

* VirtualBox

* Windows XP onto it

* VirtualBox drivers

Note: Possibly the guide works on Windows 2k/Vista/7/10+. But 32-bit only. But the guide is tested on XP

2. Attach your IrDA device to the VM, get its drivers installed

3. Get the following software:

* IrCOMM software packages - available at: http://www.ircomm2k.de/English/download.html . You'd need

    - IrCOMM2k (itself) v2.0.0 beta 3 (or higher, if available in the future) . v1.2.1 is more stable imo, but it's incompatible with Wireshark

    - "Ethereal IrDA Extensions" -> "IrDA Real-Time Capturing for WinPcap (Win32)" . It's just the .dll file . Don't worry that it says "Ethereal", it's compatible with WireShark. By the way, this patch (or patched file, if you like) is the reason the capturing is stuck to only Windows 32-bit

* WinPCap v3.1 . It's old, but it's what IrCOMM is designed to work with. It's still "finable" online, but to be safe, I archived this version on archive.org (IA), https://archive.org/details/WinPcap31

* WireShark - whatever the last supported version is. For XP, it'ssome outdated but relatively modern version - don't remember which

* [optional] PuTTY (or its counterpart) - for COM port testing. Tip: for Win2k, the last version is v0.6.4, for XP it's whatever the latest. Just for the testing

4. Install them all as follows: IrCOMM2k, WinPCap 3.1,  "IrDA Real-Time Capturing for WinPcap (Win32)" (just copy the file into "system32", overwriting the original), WireShark (do NOT update WinPcap, and don't switch to ncap), PuTTY  . After all that, you might wanna reboot the virtualised OS

5. Done! Now launch WireShark, it'd see the "IrDA connection" interface which it'd interpret perfectly, if not better than the ofgficial specifications. Connect to something via IrDA, and try sending "ATI" (AT command for "Identify yourself") and get a response. Now check with Wireshark, and it'd catch the communication

Tip: IrCOMM2k v2+ is somewhat buggy, occasionally it might get stuck and halt its ability to detect the communication mode and/or device connect / disconnect events. The solution? Reboot the virtualised OS


Kind regards,

Tim