Home page logo

wireshark logo Wireshark mailing list archives

Re: USBPcap: USB capture on Windows
From: "Lobb, Janos" <janos.lobb () yale edu>
Date: Fri, 12 Apr 2013 14:04:53 +0000

On Apr 12, 2013, at 6:34 AM, Tomasz Moń wrote:


As some of you might already know the USBPcap [1] project was released recently. This project can be used together 
with Wireshark in order to analyse USB traffic on Windows without resorting to the use of Virtual Machines.

Currently the live capture can be done on "standard input" capture basis: you write a magic command in cmd.exe and 
you get the Wireshark to capture raw USB traffic on Windows.

Unfortunately, on 64-bit versions of Windows, all drivers (that includes USBPcap filter driver which captures the raw 
USB data) have to be digitally signed. There is a USBPcap donation fund [2] running that collects money towards code 
signing certificate. If you like the idea of capturing raw USB traffic on Windows, please consider throwing a few 
bucks into the fund.

In further development I will try to get the USBPcap as tightly integrated into Wireshark as possible. Currently you 
can download patched version from the project website.


[1] http://desowin.org/usbpcap/
[2] http://pledgie.com/campaigns/19773

Is there any sign that USBPcap will work on the OS X platform ?

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

  By Date           By Thread  

Current thread:
  • Re: USBPcap: USB capture on Windows Lobb, Janos (Apr 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]