Has anyone found a built version of wireshark which does actually include this support? I just pulled in 2.5.x built 2 days ago and the interface shows DLT 266 (not supported). Do I need the nightly build of 2.2 or 2.3 or 2.4 instead?
> On 20 Jun 2017, at 02:13, [email protected] wrote: > > Just a quick update to this thread. With macOS High Sierra you can use > Wireshark to capture USB traffic. The interface needs to be manually brought > up/down to enable/disable packet capture for the specific controller via > ifconfig (where you can also see a list of available interfaces). I don’t > believe there is a “released” version of Wireshark with this support yet but > you can download a nightly build here: > https://www.wireshark.org/download/automated/osx/ > <https://www.wireshark.org/download/automated/osx/>. > > The capture interfaces are named based on the underlying controller type > followed by the bus number: > > $ ifconfig > EHC26: flags=0<> mtu 0 > XHC20: flags=0<> mtu 0 > EHC29: flags=0<> mtu 0 > > $ ioreg -w0 -rc AppleUSBHostController > +-o XHC1@14000000 <class AppleUSBXHCILPTH, id 0x10000029c, registered, > matched, active, busy 0 (1179 ms), retain 128> > +-o EHC2@1a000000 <class AppleUSBEHCIPCI, id 0x1000002a4, registered, > matched, active, busy 0 (400 ms), retain 80> > +-o EHC1@1d000000 <class AppleUSBEHCIPCI, id 0x1000002dd, registered, > matched, active, busy 0 (330 ms), retain 80> > > The format above is <name>@<location> where the most significant byte of the > location is the bus number. For example, if the device your interested in is > connected to the XHCI controller XHC1@14000000 then you would enable packet > capture via "sudo ifconfig XHC20 up” and disable via “sudo ifconfig XHC20 > down”. Once the interface is up then Wireshark will be able to > capture/decode/filter USB traffic for that controller. > > —scott > >> On Apr 17, 2017, at 9:43 AM, [email protected] >> <mailto:[email protected]> wrote: >> >> Hi, >> >> The request was approved and the packet format can be found here: >> http://www.tcpdump.org/linktypes/LINKTYPE_USB_DARWIN.html >> <http://www.tcpdump.org/linktypes/LINKTYPE_USB_DARWIN.html>. Support for >> decoding LINKTYPE_USB_DARWIN has also been submitted to Wireshark: >> https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=62d78199eee5d239b826442c6edd95aeeef1540b >> >> <https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=62d78199eee5d239b826442c6edd95aeeef1540b>. >> >> Unfortunately, at this time, there is no support for packet capture in macOS. >> >> —scott >> >> >> >> >>> On Apr 15, 2017, at 4:01 AM, Roland King <[email protected] >>> <mailto:[email protected]>> wrote: >>> >>> Was there ever anything more on this? The original link went quiet in >>> December, I don’t know if the DLT was ever approved/issued or if the tool >>> made it into a version of OSX. I could do with that this week. >>> >>>> On 16 Feb 2017, at 02:49, Brendan Shanks <[email protected] >>>> <mailto:[email protected]>> wrote: >>>> >>>> Great news: looks like a USB packet capture solution is in the works for a >>>> future (probably the next) version of macOS. >>>> >>>> "We’ve been working to provide developers with a software packet capture >>>> solution for USB transfers at Apple. To that end, I have implemented a >>>> solution which uses BPF and is libpcap compatible..." >>>> >>>> http://seclists.org/tcpdump/2016/q4/23 >>>> <http://seclists.org/tcpdump/2016/q4/23> >>>> >>>> Clicking through the thread (which goes into January) has more info on the >>>> header format and other details. >>>> >>>> >>>> Brendan >>>> _______________________________________________ >>>> Do not post admin requests to the list. They will be ignored. >>>> Usb mailing list ([email protected] <mailto:[email protected]>) >>>> Help/Unsubscribe/Update your Subscription: >>>> https://lists.apple.com/mailman/options/usb/rols%40rols.org >>>> <https://lists.apple.com/mailman/options/usb/rols%40rols.org> >>>> >>>> This email sent to [email protected] >>> >>> _______________________________________________ >>> Do not post admin requests to the list. They will be ignored. >>> Usb mailing list ([email protected] <mailto:[email protected]>) >>> Help/Unsubscribe/Update your Subscription: >>> https://lists.apple.com/mailman/options/usb/sdeandrea%40apple.com >>> <https://lists.apple.com/mailman/options/usb/sdeandrea%40apple.com> >>> >>> This email sent to [email protected] <mailto:[email protected]> >> _______________________________________________ >> Do not post admin requests to the list. They will be ignored. >> Usb mailing list ([email protected] <mailto:[email protected]>) >> Help/Unsubscribe/Update your Subscription: >> https://lists.apple.com/mailman/options/usb/sdeandrea%40apple.com >> <https://lists.apple.com/mailman/options/usb/sdeandrea%40apple.com> >> >> This email sent to [email protected] >
_______________________________________________ Do not post admin requests to the list. They will be ignored. Usb mailing list ([email protected]) Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/usb/archive%40mail-archive.com This email sent to [email protected]
