Ah ok I see now. Running this command
sudo chmod o=rw /dev/usbmon*
allowed normal wireshark to capture usb packets (although sometimes it only reads a portion of packets - I'm not sure what normal would be for this)
On Mon, Aug 30, 2010 at 1:21 PM, Guy Harris
<guy@xxxxxxxxxxxx> wrote:
On Aug 30, 2010, at 10:42 AM, Thomas Epperson wrote:
> Ok I changed libpcap to point to /dev/null.
Actually, just undoing your previous change would be sufficient; "change it to /dev/null" was meant to indicate that no change was necessary - as per my mail, /proc/bus/usb isn't necessary with newer libpcaps such as 1.1.x.
> I can get wireshark to list usbmon interfaces and capture data, but ONLY if I run it as root. Is there a way to eliminate the depency of running as root?
What does "ls -l /dev/usbmon*" print?
Presumably those were the "Linux" steps. Those steps are, as per "regular (not usb)", specific to capturing on regular networking devices; capturing USB traffic needs a different mechanism, requiring that the program be able to open the /dev/usbmon* devices. Did you do the "Setting network privileges for dumpcap" steps or the "Limiting capture permission to only one group" steps? If the former, you'll probably need to make the /dev/usbmon* devices publicly readable; if the latter, you'll only need to make them readable by the group in question. (At least on my Ubuntu 9 VM, /sys/bus/usb/devices is publicly readable; if that's the case on your machine, no changes should be necessary to get Wireshark to list usbmon interfaces, although you'd need to make the usbmon devices accessible to dumpcap in order to get Wireshark to capture on them.)
--
Thomas Epperson
Build a man a fire, and he'll be warm for a day. Set a man on fire, and he'll be warm for the rest of his life. - Terry Pratchett.
