Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: Re: [Wireshark-dev] USB support

From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 19 Sep 2008 19:43:51 -0700

On Sep 19, 2008, at 6:02 PM, John R. Hogerhuis wrote:

I've been using the USB support in Wireshark/libpcap. I get lots of truncated
messages which makes it hard to make use of.

I have a recent Linux kernel 2.6.24-19, which I believe supports the binary data format for the kernel usbmon support. Further, my understanding is that through
the binary data interface, the packets should not be truncated.

So what could be the issue? Does libpcap not support the binary interface yet?

Libpcap doesn't support Linux USB, period, yet, if by "yet" you mean "in any release that tcpdump.org has put out".

Perhaps your distribution has added Linux USB support from, for example, top-of-CVS-tree libpcap; the *current* top-of-CVS tree libpcap should support the binary interface, but perhaps your distribution has an earlier version of the code that doesn't support it.

What version of what distribution are you running?