(Apologies if this is received twice, I don't think I was on the list
before sending the first time.)
Hi,
I'm interested in using Wireshark to capture raw USB traffic, but I
can't seem to get this feature to work. Has anyone on this list ever
managed to do this before?
The page on the wiki
http://wiki.wireshark.org/CaptureSetup/USB
says that to use this, you must load the usbmon kernel module, which
lets you get access to the data via debugfs, and also mount debugfs at
/sys/kernel/debug. It says that once these steps have been taken,
that devices looking like 'usbX' should show up in Wireshark's
"Capture Interfaces" dialog.
I've tried these steps and have no such device showing.
I've confirmed that usbmon is doing what I thought it to be doing,
when I cat /sys/kernel/debug/usbmom/1u, I get the traffic off that
bus.
My question is, has anyone else used this feature before? How did you
enable it? I tried with both the Wireshark provided by debian and one
I built from source (both 0.99.6). I've tried this on kernel 2.6.18
as well as 2.6.22 (since the \du interface appeared with 2.6.21) Both
of them I tried with libpcap (0.9.7). Is there some debug output I
could be reading which might indicate why I can't capture from USB?
If anyone has gotten this to work before I'd be interested in the
configuration details so i can try to reproduce it.
Thanks,
Joshua
