Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] [PATCH] enable sniff on USB ports

From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Tue, 19 Sep 2006 23:23:28 +0200 (CEST)
Hi,

Impressive work, it will take some time to absorb all this.
It's going to require some serious testing, I guess.

Thanx,
Jaap

On Tue, 19 Sep 2006, abeni wrote:

> Hi list,
>
> I'm trying to plug USB sniffing support into wireshark, at least under
> Linux. I have some working code (the attached patch, against revision
> 19257), but is quite intrusive, it uses the usbmon infrastructure and
> works only on with recent Linux kernels (I think 2.6.8 or newer is
> needed).
>
> The patch build up a generic 'virtual' API for sniffing that is
> 'hardware agnostic'. The API is instantiated on the pcap library, for
> ethernet sniffing, and on a glue a build up around the usbmon interface,
> for USB sniffing.
>
> I also added a basic USB dissector to show raw URB data contents.
>
> The get the USB sniffing functionality working you need to mount the
> debug file system in /sys/kernel/debug:
>
> mount -t debugfs / /sys/kernel/debug
>
> If everything works, you should be able to see various usb<number>
> interfaces in the wireshark/tshark/dumpcap interfaces list. You will get
> an interface usbX for each detected USB bus on the running host.
>
> Any feedback is very welcome.
>
> ciao,
> 	Paolo
>
>
>
>
>  --
>  Email.it, the professional e-mail, gratis per te: http://www.email.it/f
>
>  Sponsor:
>  Refill s.r.l. - Tutto per la tua stampante a prezzi incredibili: su cartucce, toner, inchiostri, carta speciale risparmi fino al 90%!
>  Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5189&d=19-9