I am working on an embedded system. no GUI. Would like to analyze usbmon file offline to see output like wireshark produces. I gather there is no way to do this at the moment since wireshark uses libpcap format.
a) Has someone written a utility to convert usbmon file to correct format. b) if not --> can you point me in the right direction to see if I can do this.
asked 20 Feb '12, 14:30
If your embedded system runs Linux (i.e., if "usbmon" is the Linux USB monitoring mechanism, and the "usbmon file" comes from somehow using usbmon to generate a file, e.g. just dumping the text usbmon output to a text file), then the lack of a GUI wouldn't prevent you from running tcpdump or dumpcap or TShark on the embedded system, and, if the Linux on your embedded system has a sufficiently recent version of libpcap, or if the tcpdump or dumpcap is statically linked with a sufficiently recent version of libpcap (TShark runs dumpcap to do the capture), you should just be able to use tcpdump or dumpcap or TShark to capture using USB, and the output will be in pcap format.
See the Wireshark Wiki page on USB capture for more information. If you're already using usbmon on the embedded system, the setup stuff there won't apply, as you've already done what's necessary to get usbmon to work.
answered 23 Feb '12, 21:18
Guy Harris ♦♦