Wireshark mailing list archives

Re: capturing USB data

From: Thomas Epperson <thomas.epperson () gmail com>
Date: Mon, 30 Aug 2010 12:42:39 -0500

Ok I changed libpcap to point to /dev/null.

I can get wireshark to list usbmon interfaces and capture data, but ONLY if
I run it as root. Is there a way to eliminate the depency of running as
root?

I did these steps to allow sniffing "regular (not usb)" traffic as non-root

Setting network privileges for dumpcap
http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Should I do something else?


On Mon, Aug 30, 2010 at 2:43 AM, Guy Harris <guy () alum mit edu> wrote:


On Aug 29, 2010, at 8:28 PM, Thomas Epperson wrote:

I have seen a lot of guides that managed to get USB capture by using the

command: sudo mount -t usbfs /dev/bus/usb /proc/bus/usb

However, when I try this command here is the result

mount: mount point /proc/bus/usb does not exist


Those instructions might be out of date.

I have libpcap-1.1.1 and tcpdump-4.1.1 installed. I patched libpcap to

use /dev/bus/usb instead of /proc/bus/usb,

If /sys/bus/usb/devices exists on your machine, you could have patched
libpcap to use /dev/null and it probably *still* would have worked.  The
only thing when libpcap 1.1.1 from tcpdump.org uses /sys/bus/usb/devices
or /proc/bus/usb for is to enumerate USB devices, not to capture on a USB
bus (yes, I know, "USB bus" is like "ATM machine" or "PIN number" :-)), and
it checks /sys/bus/usb/devices first and only uses /proc/bus/usb if it can't
open /sys/bus/usb/devices.

I presume that the /sys/bus/usb/devices support was added due to kernel
changes in the USB code; the message with the patch just said "Attached is
some clean up for libpcap support of usbmon on Linux." about that part of
the patch.
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe




-- 
Thomas Epperson
Build a man a fire, and he'll be warm for a day. Set a man on fire, and
he'll be warm for the rest of his life. - Terry Pratchett.

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

capturing USB data Thomas Epperson (Aug 29)
- Re: capturing USB data Guy Harris (Aug 30)
  - Re: capturing USB data Thomas Epperson (Aug 30)
    - Re: capturing USB data Guy Harris (Aug 30)
    - Re: capturing USB data Thomas Epperson (Aug 30)