Ask Your Question
0

Need to start capture immediately after RNDIS device plugged in. By the time I can refresh the interfaces list, it is too late and I miss the packets I am interested in.

asked 2018-04-05 13:40:59 +0000

dadawan gravatar image

So I'm trying to debug DHCP failure on a RNDIS ethernet adapter. The problem is that the interface doesn't exist until the USB cable is plugged in. By the time I can refresh the interfaces list and begin capturing, the packets I am interested in are already lost. How can I get it to capture all the packets starting with the first one?

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-04-05 14:09:18 +0000

cmaynard gravatar image

You may want to refer to the Wireshark USB capture setup wiki page for possible ideas, such as using USBPcap if you're on Windows.

But if that doesn't help you, you might need to invest in a USB hardware capture device, such as the ComProbe USB 2.0 Protocol Analyzer from Frontline Test Equipment (a.k.a., Teledyne LeCroy), or the Beagle USB 12 Protocol Analyzer from TotalPhase.

Disclaimer: I am not affiliated with either Frontline Test Equipment or Total Phase in any way, nor have I personally used either of the products mentioned, and so I can't comment on these products' capabilities. Before purchasing any product, you should conduct your own research to be sure the product will meet your needs.

edit flag offensive delete link more

Comments

Thanks for the reply. Capturing the USB packets works very well.

dadawan gravatar imagedadawan ( 2018-04-06 17:00:21 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2018-04-05 13:40:59 +0000

Seen: 1,350 times

Last updated: Apr 05 '18