Ask Your Question

AlexDoe's profile - activity

2022-03-31 08:58:09 +0000 received badge  Popular Question (source)
2021-07-21 09:14:12 +0000 received badge  Popular Question (source)
2021-07-13 21:38:07 +0000 commented answer How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu?

Understood, thank you once again for the info (can't upvote the answer, sorry, not enough reputation).

2021-07-13 21:37:31 +0000 marked best answer How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu?

I'm using Wireshark 3.2.3 and usbmon for capturing USB traffic on Ubuntu 20.04. All the required tools and packages were installed just a week ago, so they ought to be of recent versions.

The problem looks like this in the captured log (after exporting it as JSON):

"frame.len": "524352",
"frame.cap_len": "245824",

Only half of the actual data was captured by Wireshark. Since the payload can only be decoded as a single continuous stream, this makes it entirely impossible to actually decode and analyze anything from this point forward.

How can I increase this limit and capture ALL the payload?

2021-07-13 09:14:16 +0000 commented answer How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu?

Thank you for the explanation, that's sad. Is there an alternative to usbmon that would let me capture the complete data

2021-07-12 14:03:05 +0000 asked a question How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu?

How to increase capture length ("frame.cap_len") when using Wireshark for USB sniffing on Ubuntu? I'm using Wireshark 3.

2018-12-26 09:48:08 +0000 marked best answer Export capture log (inc. packet data) in a computer-friendly format

The most complete way to export capture log from Wireshark that I've found is plain text with packet data, e. g.:

No.     Time           Source                Destination           Protocol Length Info
    320 39.396245      192.168.31.98         192.168.31.84         PTP/IP   66     Init Event Request Connection #:1

Frame 320: 66 bytes on wire (528 bits), 66 bytes captured (528 bits) on interface 0
Ethernet II, Src: Apple_1b:40:6f (a0:99:9b:1b:40:6f), Dst: Canon_b7:b5:25 (60:12:8b:b7:b5:25)
Internet Protocol Version 4, Src: 192.168.31.98, Dst: 192.168.31.84
Transmission Control Protocol, Src Port: 53371, Dst Port: 15740, Seq: 1, Ack: 1, Len: 12
Picture Transfer Protocol
    Length: 12
    Packet Type: Init Event Request Packet (0x00000003)
    Connection Number: 1

0000  60 12 8b b7 b5 25 a0 99 9b 1b 40 6f 08 00 45 00   `....%[email protected]
0010  00 34 00 00 40 00 40 06 7a bd c0 a8 1f 62 c0 a8   [email protected]@.z....b..
0020  1f 54 d0 7b 3d 7c ac 90 76 78 00 24 86 01 50 18   .T.{=|..vx.$..P.
0030  ff ff 28 93 00 00 0c 00 00 00 03 00 00 00 01 00   ..(.............
0040  00 00

However, I need to parse all this data in software, and I'm not looking forward to parsing all this text back to structured binary data. Seems a waste of resources (mostly my time as a programmer) to export to plain text and then parse it all back, removing all the clutter. Isn't there a more machine-friendly way to export capture data (list of packets with their parsed headers and data content)?

2018-12-26 09:48:08 +0000 received badge  Scholar (source)
2018-12-26 09:48:05 +0000 commented answer Export capture log (inc. packet data) in a computer-friendly format

No idea how I overlooked that. It's still not perfect, but much better. Thanks.

2018-12-26 06:33:49 +0000 asked a question Export capture log (inc. packet data) in a computer-friendly format

Export capture log (inc. packet data) in a computer-friendly format The most complete way to export capture log from Wir