USB capture using Wireshark?
Previously I had to capture USB traffic outside of Wireshark then display the captured data inside of Wireshark.
I just installed Fedora 29 (which has usbmon built into the kernel) and now I can capture USB traffic within Wireshark. Which version of Wireshark first allowed this?
How did you capture USB traffic outside of Wireshark?
Was the machine on which you couldn't capture USB traffic within Wireshark running Linux? If so, did it have usbmon built into the kernel?
What version of libpcap was Wireshark using on the machine on which you couldn't capture USB traffic, and what version is it using on the Fedora 29 machine?
Don't assume that what changed here was Wireshark....
With Fedora there’s an usbmon utility to go along with the usbmon module.
$ usbmon -i 1
Or
$ cat /sys/kernel/debug/usb/usbmon/1u
Either will pump out USB message traffic for bus #1.
So, with an older version of Fedora (before Fedora 29), you used to capture using the usbmon utility and display that within Wireshark, and Wireshark couldn't capture directly, but, when you upgraded to Fedora 29, you could capture within Wireshark?
Using Fedora 27 I'd capture the USB traffic outside of Wireshark using the usbmon utility then display it using Wireshark. Now way back when it was my understanding that libpcap didn't handle USB traffic. So this may have been an unnecessary step, capturing the traffic then displaying it with 2 separate tools?