I captured usb traces using usbmon and got a raw ascii format as output. When I try to open (to analyze) the captures using wireshark, I get an error msg like "The file isn't a capture file in a format wireshark understands".
asked 14 Mar '11, 08:10
On my system, I do this:
After that, run "
For example, if your device shows up as "
You might also take a look at: http://wiki.wireshark.org/CaptureSetup/USB
answered 14 Mar '11, 08:41
The usbmon mechanism has several different modes - there's a pure-text mode, which, from "I captured usb traces using usbmon and got a raw ascii format as output.", I assume you used, and there's also a binary mode.
Wireshark doesn't support directly reading the text files generated by the text mode of usbmon. What it does support is the mechanism in libpcap that uses usbmon to capture on USB; that's what Chris Maynard (cmaynard) described. If you have libpcap 1.1.0 or later ("tshark -v", "wireshark -v", or the "About" item in the "Help" menu for Wireshark, should indicate what version of libpcap you have), you should be able to directly capture on USB with Wireshark or TShark. You can also capture with recent versions of tcpdump and have Wireshark read those captures (tcpdump can also read them, although its ability to dissect them is currently limited).
answered 14 Mar '11, 11:13
Guy Harris ♦♦