Help capturing USB packets in Windows
Hello,
We need to confirm the connection and transfer of data from a USB connected device to a windows based application.
First we need to see the device and data flow from the local PC. Then we need to see the device in an RDP session to a host server where the application lives.
We are running USBPcap 1.5.4.0 and wireshark 3.4.3.
My initial testing here is not with the true target device, just a USB Ethernet adapter for now.
My first step in testing was to attach the USB device to the local PC and then run USBPcapCMD. I could see the device here: \??\USB#ROOT_HUB30# [Port 17] ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter
So the device is seen.
Next I disconnected the device and ran wireshark. I then plugged the device back in and found it with the address 1.11.x.
Question #1, is there any correlation between the 1.11.x address and the port-17 device seen in USBPcap? Can I filter in some way via the port-17 location?
Question #2, if I unplug and then replug the device, it appears that the device address bumps up by one. Right now the USB adapter is 1.14.x. Does this mean that I have to refind the device in WS any time that I unplug/replug?
Question #3, if all looks good on the local USB connection, can I assume that I can run USBPcap and WS on the RDP session and see the passed-thru device there in the same manner?
Thanks for any and all help. These are preliminary questions, I'm sure more to come.
Thanks.
Bryan Hunt