Re: USB support in libpcap

["Jon Smirl" <jonsmirl () gmail com>]

On 3/26/07, Gianluca Varenni <gianluca.varenni () cacetech com> wrote:
> ----- Original Message -----
> From: "Michael Richardson" <mcr () sandelman ottawa on ca>
> To: <tcpdump-workers () lists tcpdump org>
> Sent: Monday, March 26, 2007 12:50 PM
> Subject: Re: [tcpdump-workers] USB support in libpcap
>
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> >>>>>> "Jon" == Jon Smirl <jonsmirl () gmail com> writes:
> >    Jon> For example wifi adapters are all built using proprietary USB
> >    Jon> messages, to decode these messages you need to know the USB device
> > ID
> >    Jon> of the adapter. This device id is not normally in the capture
> > stream
> >    Jon> of the adapter. The attached code will force this data into the
> > stream
> >    Jon> when capture is first started so that an app like Wireshark has
> > the
> >    Jon> needed data to full decode the stream.
> >
> >  Okay, so if the point is to do a network capture from a USB attached
> > wifi, why not just capture the 802.11 frames themselves into the already
> > standardized frame formats we have?
>
> I think the point here is that every USB device (being it a network card, a
> pen drive or a webcam) uses its own format for the "packets" that are
> transferred to/from the device. The only way to interpret those data is
> knowing the specific device generating the data. So at least USB vendor ID
> and USB device ID. Sometimes this is not enough, as some USB devices use
> different data formats among different sub-versions and rev's (and this is
> again part of the ID of a USB device).


WiFi was just an example, same logic is true for WebCams, IR remote
controls, my N800, and other devices that don't have a defined USB
class. WiFi is by far the worst offender of the private protocol.


> Have a nice day
> GV
>
> >
> > - --
> > ]            Bear: "Me, I'm just the shape of a bear."          |
> > firewalls  [
> > ]   Michael Richardson,    Xelerance Corporation, Ottawa, ON    |net
> > architect[
> > ] mcr () xelerance com      http://www.sandelman.ottawa.on.ca/mcr/ |device
> > driver[
> > ] panic("Just another Debian GNU/Linux using, kernel hacking, security
> > guy"); [
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.6 (GNU/Linux)
> > Comment: Finger me for keys
> >
> > iQEVAwUBRggkH4CLcPvd0N1lAQI3nggAwY9HAY3Dr5wHC7SXaArnQi+rHL453k07
> > 3Zk2drhcLahUyVYBlC9+lw+FEAiFMHjBMl2M9cL6uANweBHONyg7Sly3XiXjLWFu
> > ZQNyo8gnfqO3kkHm0qQ0bHVdYp309kOyV4M/mhsfHHr+mbpEoNjeObT1pqyCK4Ur
> > sCJ9tzaQGgYhStaKJ460lXrcGs8by/A9JKHi5mpQqaHr7gfnvqhx6tjoZaGzWLL0
> > 9hagKiaTYN+l6ass0DXf+BFuhvsv3so/pinwO89J9dt2S+8p+ma3BGxbnnD+EQMI
> > hlfZCYWELLHcEw8jTLF0EHkhwt4RG+LIRS26tMnpBdU7rs+QS63vIA==
> > =Jnj+
> > -----END PGP SIGNATURE-----
> > -
> > This is the tcpdump-workers list.
> > Visit https://cod.sandelman.ca/ to unsubscribe.
>
> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe.


--
Jon Smirl
jonsmirl () gmail com
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.