Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] capturing USB data

From: Thomas Epperson <thomas.epperson@xxxxxxxxx>
Date: Mon, 30 Aug 2010 12:42:39 -0500
Ok I changed libpcap to point to /dev/null.

I can get wireshark to list usbmon interfaces and capture data, but ONLY if I run it as root. Is there a way to eliminate the depency of running as root?

I did these steps to allow sniffing "regular (not usb)" traffic as non-root

Setting network privileges for dumpcap
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Should I do something else?


On Mon, Aug 30, 2010 at 2:43 AM, Guy Harris <guy@xxxxxxxxxxxx> wrote:

On Aug 29, 2010, at 8:28 PM, Thomas Epperson wrote:

> I have seen a lot of guides that managed to get USB capture by using the command: sudo mount -t usbfs /dev/bus/usb /proc/bus/usb
> However, when I try this command here is the result
>
> mount: mount point /proc/bus/usb does not exist

Those instructions might be out of date.

> I have libpcap-1.1.1 and tcpdump-4.1.1 installed. I patched libpcap to use /dev/bus/usb instead of /proc/bus/usb,

If /sys/bus/usb/devices exists on your machine, you could have patched libpcap to use /dev/null and it probably *still* would have worked.  The only thing when libpcap 1.1.1 from tcpdump.org uses /sys/bus/usb/devices or /proc/bus/usb for is to enumerate USB devices, not to capture on a USB bus (yes, I know, "USB bus" is like "ATM machine" or "PIN number" :-)), and it checks /sys/bus/usb/devices first and only uses /proc/bus/usb if it can't open /sys/bus/usb/devices.

I presume that the /sys/bus/usb/devices support was added due to kernel changes in the USB code; the message with the patch just said "Attached is some clean up for libpcap support of usbmon on Linux." about that part of the patch.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Thomas Epperson
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. - Terry Pratchett.