Re: capturing USB data

[Guy Harris <guy () alum mit edu>]

On Aug 30, 2010, at 10:42 AM, Thomas Epperson wrote:

> Ok I changed libpcap to point to /dev/null.

Actually, just undoing your previous change would be sufficient; "change it to /dev/null" was meant to indicate that no 
change was necessary - as per my mail, /proc/bus/usb isn't necessary with newer libpcaps such as 1.1.x.

> I can get wireshark to list usbmon interfaces and capture data, but ONLY if I run it as root. Is there a way to 
> eliminate the depency of running as root?

What does "ls -l /dev/usbmon*" print?

> I did these steps to allow sniffing "regular (not usb)" traffic as non-root
>
> Setting network privileges for dumpcap
> http://wiki.wireshark.org/CaptureSetup/CapturePrivileges

Presumably those were the "Linux" steps.  Those steps are, as per "regular (not usb)", specific to capturing on regular 
networking devices; capturing USB traffic needs a different mechanism, requiring that the program be able to open the 
/dev/usbmon* devices.  Did you do the "Setting network privileges for dumpcap" steps or the "Limiting capture 
permission to only one group" steps?  If the former, you'll probably need to make the /dev/usbmon* devices publicly 
readable; if the latter, you'll only need to make them readable by the group in question.  (At least on my Ubuntu 9 VM, 
/sys/bus/usb/devices is publicly readable; if that's the case on your machine, no changes should be necessary to get 
Wireshark to list usbmon interfaces, although you'd need to make the usbmon devices accessible to dumpcap in order to 
get Wireshark to capture on them.)
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe