Hi, Never tried it myself, but this caught my eye on the Wiki page: "The latest libpcap CVS (not an 0.9.x release or earlier release) is required for capturing raw USB traffic."
Thanx, Jaap Joshua Pollack wrote: > Hi, > > I'm interested in using Wireshark to capture raw USB traffic, but I > can't seem to get this feature to work. Has anyone on this list ever > managed to do this before? > > The page on the wiki > http://wiki.wireshark.org/CaptureSetup/USB > > says that to use this, you must load the usbmon kernel module, which > lets you get access to the data via debugfs, and also mount debugfs at > /sys/kernel/debug. It says that once these steps have been taken, > that devices looking like 'usbX' should show up in Wireshark's > "Capture Interfaces" dialog. > > I've tried these steps and have no such device showing. > > I've confirmed that usbmon is doing what I thought it to be doing, > when I cat /sys/kernel/debug/usbmom/1u, I get the traffic off that > bus. > > My question is, has anyone else used this feature before? How did you > enable it? I tried with both the Wireshark provided by debian and one > I built from source (both 0.99.6). I've tried this on kernel 2.6.18 > as well as 2.6.22 (since the \du interface appeared with 2.6.21) Both > of them I tried with libpcap (0.9.7). Is there some debug output I > could be reading which might indicate why I can't capture from USB? > > If anyone has gotten this to work before I'd be interested in the > configuration details so i can try to reproduce it. > > Thanks, > Joshua > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
