Wireshark mailing list archives
RFC: USBPcap
From: Tomasz Moń <desowin () gmail com>
Date: Wed, 20 Mar 2013 13:05:19 +0100
Hello folks, I am pleased to announce the USBPcap [1]. The project is not end-user ready, but I think it's right time to ask you for comments. USBPcap consists of two parts: * filter driver (USBPcap.sys) * user-mode application (USBPcapCMD.exe) Filter driver attaches to every root hub in system and creates \Device\USBPcapX control device object. Capture data is internally stored in pcap format and can be retrieved using USBPcapCMD.exe. The pcap format for USBPcap is not yet registered. Please provide feedback before I will request the DLT from tcpdump. To get the idea of the format, take a look inside USBPcapDriver/USBPcapBuffer.h file. I have submitted proof-of-concept patch alongside with a sample capture file to the bugzilla [2]. This patch hijacks the WTAP_ENCAP_USER0 from the packet-user_encap.c. Source code is available at github [3]. Pull requests are welcome. :-) Regards, Tomasz [1] http://desowin.org/usbpcap [2] https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8503 [3] http://github.com/desowin/usbpcap ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- RFC: USBPcap Tomasz Moń (Mar 20)
- Re: RFC: USBPcap Max Baker (Mar 20)
- Re: RFC: USBPcap Tomasz Moń (Mar 21)
- Re: RFC: USBPcap Tomasz Moń (Mar 21)
- Re: RFC: USBPcap Tomasz Moń (Mar 21)
- Re: RFC: USBPcap Max Baker (Mar 20)