AlexDoe's profile - activity

Understood, thank you once again for the info (can't upvote the answer, sorry, not enough reputation).

I'm using Wireshark 3.2.3 and usbmon for capturing USB traffic on Ubuntu 20.04. All the required tools and packages were installed just a week ago, so they ought to be of recent versions.

The problem looks like this in the captured log (after exporting it as JSON):

"frame.len": "524352",
"frame.cap_len": "245824",

Only half of the actual data was captured by Wireshark. Since the payload can only be decoded as a single continuous stream, this makes it entirely impossible to actually decode and analyze anything from this point forward.

How can I increase this limit and capture ALL the payload?

Thank you for the explanation, that's sad. Is there an alternative to usbmon that would let me capture the complete data

How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu? I'm using Wireshark 3.

The most complete way to export capture log from Wireshark that I've found is plain text with packet data, e. g.:

No.     Time           Source                Destination           Protocol Length Info
    320 39.396245      192.168.31.98         192.168.31.84         PTP/IP   66     Init Event Request Connection #:1

Frame 320: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Apple_1b:40:6f (a0:99:9b:1b:40:6f), Dst: Canon_b7:b5:25 (60:12:8b:b7:b5:25)
Internet Protocol Version 4, Src: 192.168.31.98, Dst: 192.168.31.84
Transmission Control Protocol, Src Port: 53371, Dst Port: 15740, Seq: 1, Ack: 1, Len: 12
Picture Transfer Protocol
    Length: 12
    Packet Type: Init Event Request Packet (0x00000003)
    Connection Number: 1

0000  60 12 8b b7 b5 25 a0 99 9b 1b 40 6f 08 00 45 00   `....%[email protected].
0010  00 34 00 00 40 00 40 06 7a bd c0 a8 1f 62 c0 a8   .4..@[email protected]..
0020  1f 54 d0 7b 3d 7c ac 90 76 78 00 24 86 01 50 18   .T.{=|..vx.$..P.
0030  ff ff 28 93 00 00 0c 00 00 00 03 00 00 00 01 00   ..(.............
0040  00 00

However, I need to parse all this data in software, and I'm not looking forward to parsing all this text back to structured binary data. Seems a waste of resources (mostly my time as a programmer) to export to plain text and then parse it all back, removing all the clutter. Isn't there a more machine-friendly way to export capture data (list of packets with their parsed headers and data content)?

No idea how I overlooked that. It's still not perfect, but much better. Thanks.

Export capture log (inc. packet data) in a computer-friendly format The most complete way to export capture log from Wir