On Mon, Oct 25, 2021 at 9:08 PM Guy Harris <ghar...@sonic.net> wrote: > On Oct 25, 2021, at 12:03 PM, Tomasz Moń <deso...@gmail.com> wrote: > > The heuristic should not be the main USB traffic detection method > > IMHO. The main thing is that people don't necessarily understand that > > capturing full enumeration sequence (aka starting capture before > > plugging in the device) will give you much better dissection in > > multiple cases. > > The main thing is that there's no guarantee that you get the full enumeration.
Software only USB capture engines provide enough information for Wireshark dissection if you plug in the device after starting the capture. That is, it is good enough when the user is not struggling with board bringup issues while developing USB device firmware. The requests not captured by software only sniffer are not really big deal IMHO after the bringup is complete. > > Recent libpcap versions > > automatically request device and configuration descriptors on capture > > start (easier version request only device descriptor). > > Is this done on FreeBSD, macOS, and Windows? > > Or is this Linux-only? Linux only. On Windows, USBPcap has the option to inject already connected devices descriptors on capture start (technically it is different to what libpcap on Linux does, as it does not actively request the descriptors from device, but rather uses the cached values). I don't know about macOS nor FreeBSD. ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
