Need to start capture immediately after RNDIS device plugged in. By the time I can refresh the interfaces list, it is too late and I miss the packets I am interested in.

2018-04-05

So I'm trying to debug DHCP failure on a RNDIS ethernet adapter. The problem is that the interface doesn't exist until the USB cable is plugged in. By the time I can refresh the interfaces list and begin capturing, the packets I am interested in are already lost. How can I get it to capture all the packets starting with the first one?

2018-04-05

cmaynard

You may want to refer to the Wireshark USB capture setup wiki page for possible ideas, such as using USBPcap if you're on Windows.

But if that doesn't help you, you might need to invest in a USB hardware capture device, such as the ComProbe USB 2.0 Protocol Analyzer from Frontline Test Equipment (a.k.a., Teledyne LeCroy), or the Beagle USB 12 Protocol Analyzer from TotalPhase.

Disclaimer: I am not affiliated with either Frontline Test Equipment or Total Phase in any way, nor have I personally used either of the products mentioned, and so I can't comment on these products' capabilities. Before purchasing any product, you should conduct your own research to be sure the product will meet your needs.

Thanks for the reply. Capturing the USB packets works very well.

dadawan ( 2018-04-06 )

