Hello folks, I am pleased to announce the USBPcap [1]. The project is not end-user ready, but I think it's right time to ask you for comments.
USBPcap consists of two parts: * filter driver (USBPcap.sys) * user-mode application (USBPcapCMD.exe) Filter driver attaches to every root hub in system and creates \Device\USBPcapX control device object. Capture data is internally stored in pcap format and can be retrieved using USBPcapCMD.exe. The pcap format for USBPcap is not yet registered. Please provide feedback before I will request the DLT from tcpdump. To get the idea of the format, take a look inside USBPcapDriver/USBPcapBuffer.h file. I have submitted proof-of-concept patch alongside with a sample capture file to the bugzilla [2]. This patch hijacks the WTAP_ENCAP_USER0 from the packet-user_encap.c. Source code is available at github [3]. Pull requests are welcome. :-) Regards, Tomasz [1] http://desowin.org/usbpcap [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8503 [3] http://github.com/desowin/usbpcap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <[email protected]> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:[email protected]?subject=unsubscribe
