I'm trying to capture full USB packets on a Raspberry Pi (kernel v4.9.59) using Wireshark (v2.2.6) and have followed the instructions on the Wireshark USB capture setup page. That page indicates that usbmon limits captured data on each block to about 30 bytes so I downloaded, built and installed the latest libpcap (version 1.8.1). Looking at the available interfaces I see usbmon1 listed but when I try to capture it I get the popup that /sys/kernel/debug/usb/usbmon/1t can't be opened (because it doesn't exist). If I load usbmon with modprobe and make /sys/kernel/debug/usb/usbmon/1t readable/writable by me then the capture works but I only get the first 32 bytes of each packet. What do I need to do to get Wireshark to capture using libpcap?
