On Oct 11, 2010, at 9:47 AM, Guy Harris wrote:
> That does, of course, require that the "raw packet data" be in the right format for DLT_USB_LINUX or DLT_USB_LINUX_MMAPPED. I'll discuss that issue in another message.
That format is the format you get from the Linux usbmon module's binary mode.
For DLT_USB_LINUX, in libpcap 1.0.0 and later, there's a <pcap/usb.h> header, which defines a "pcap_usb_header" structure. The "raw packet data" begins with a pcap_usb_header structure, with all multi-byte integral quantities in *host* byte order, followed by the data transferred, if any.
For DLT_USB_LINUX_MMAPPED, in libpcap 1.1.0 and later, that header also defines a "pcap_usb_header_mmapped" header structure. The "raw packet data" begins with a pcap_usb_header_mmapped, again with all multi-byte integral quantities in *host* byte order, followed by the data transferred, if any.
