OSQA is unmaintained. Help us figure out where to go from here.
1
1

Hi, there are lot of examples for capture filtering at http://wiki.wireshark.org/CaptureFilters but unfortunately none of them is referred to usb. Shall you give me an example, please?

asked 18 Aug '14, 10:41

uhum2004's gravatar image

uhum2004
26125
accept rate: 0%

edited 18 Aug '14, 10:42


You can't use a capture filter on USB data, as that's not implemented by libpcap (and/or usbmon), the capture library of Wireshark. The reason: libpcap uses BPF (Berkely Packet Filter) to implement capture filters and that works mainly for network protocols. So, no USB data capture filtering without a a massive rewrite of libpcap.

As a result, you can use display filters for USB traffic in Wireshark and/or tshark, but not capture filters.

Regards
Kurt

permanent link

answered 25 Aug '14, 16:04

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.7k1037236
accept rate: 15%

Thanks, Kurt! But how can I capture the registering traffic? I guess I have to have my device disconnected, then start Wireshark to see registering progress. However, at the moment of starting Wireshark it is not known what address will be given by operating system. What capture filter can be used then?

(25 Aug '14, 19:02) uhum2004

Perhaps the Wireshark USB capture setup wiki page will be of use to you?

(25 Aug '14, 19:32) cmaynard ♦♦

However, at the moment of starting Wireshark it is not known what address will be given by operating system.

correct.

I don't believe you will be able to do what you are trying to with a standard PC and Wireshark. That's what special USB capture devices are made for, especially if you want to monitor the phase while the USB device is connected to the PC.

(26 Aug '14, 02:36) Kurt Knochner ♦
1

if you are using Windows, you can follow the USBPcap guide found here: http://desowin.org/usbpcap/tour.html . As the device will always connect to the same root hub, you will be able to see the enumeration. I guess you should be able to do more or less the same thing with usbmon (as I already saw some Linux captures with the device enumeration).

(26 Aug '14, 03:28) Pascal Quantin
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69

question asked: 18 Aug '14, 10:41

question was seen: 4,064 times

last updated: 26 Aug '14, 03:28

p​o​w​e​r​e​d by O​S​Q​A