Wireshark-dev: Re: [Wireshark-dev] new dissector - dynamic value string table?
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Max Baker <max@xxxxxxxxxx>
Date: Wed, 27 Feb 2013 08:40:32 -0800
On 02/27/2013 02:07 AM, Gisle Vanem wrote:
> "Max Baker" <max@xxxxxxxxxx> wrote:
>
>> I've created a new dissector for USB PTP
>> (http://en.wikipedia.org/wiki/Picture_Transfer_Protocol) .  This is the
>> protocol most digital cameras speak over USB.   I've gotten far enough
>> to do the basic dissection, and I'm pretty stoked on the results!
>
> Just a side-question. Anybody have any experience on USB-snooping
> on Windows? Is it possible at all? The page
> http://wiki.wireshark.org/CaptureSetup/USB
>
> describes how it's done under Linux. This page
> http://benoit.papillault.free.fr/usbsnoop/
>
> describes it for Win, but the project seems abandoned. It would
> be cool it add usb-sniffing to libpcap or Wireshark itself. Ref. airpcap.

I have been successful in an all-windows environment by :
1.  Running Windows inside of Windows using VMWare
2.  Enabling vmvware's usb logging capabilities
3.  Converting their log into PCAP format and then running wireshark.  
I found a script that did this for me, that needed a little bit of
tweaking.   My notes are here : http://nikonhacker.com/wiki/USB_/_PTP


Natively using wireshark is of course much simpler, but requires walking
up stairs and plugging the camera in the linux box :)

h2h,
-m