On 1/22/07, Paolo Abeni <[EMAIL PROTECTED]> wrote: > I'm currently working to update the wireshark dissector to use this new > interface. The update will require some changes to the wiretap library, > to be consistent with libpcap.
Understood. After discussing this with Ulf, and looking at my code that converts usbsnoop logs, I don't think the byte order preference is necessary anymore. I will just do the conversion before writing the text2pcap input. When you do update the dissector, would you please add some documentation for the URB format? It wasn't until after I got very deep into the code that I realized what format the dissector expected the URBs to be in, or that USB capture was even supported by libpcap (apparently, none of my Linux boxes have the usbmon and debugfs modules compiled in the standard kernel packages, so the pseudo-interface doesn't show up in the list). Also, I haven't recompiled the trunk since Saturday, but there seems to be a mismatch between the endianness of the device address in the Source and Destination columns, and the Device field in the protocol details pane. I am doing most of my testing on a big-endian machine, and the Device field looks correct with regard to the capture files posted on the Wiki. The Source and Destination columns often show "16777216.0". I will try to track this down later this week, but I am really not familiar with that part of the code yet. -- - Charles Lepple _______________________________________________ Wireshark-dev mailing list [email protected] http://www.wireshark.org/mailman/listinfo/wireshark-dev
