On Wednesday, July 2, 2003, at 2:04 AM, Anna Gangitano1 wrote:
is it possible to capture only the traffic from the usb port to the
ethernet card?
Only if the packet capture mechanism on your OS allows it.
If the machine running Ethereal is running Windows, WinPcap knows only
about network interfaces and NDIS, and a USB Ethernet device is
probably using Remote NDIS (in which case WinPcap will be snooping on
the Ethernet card, not on the USB link); it'd be able to snoop a USB
connection only if the USB connection goes through the Windows
networking code, and I don't think it does.
I suspect that USB Ethernet drivers for Linux or BSD have the same
limitation, and that there's no direct connection between USB and the
packet capture mechanism, so they'd have the same limitations. In any
case, as you said in your earlier message "I have installed Ethereal on
my laptop. I have connected my pocketpc to the laptop trhough
ActiveSync." I suspect the machine running Ethereal is running Windows.
Further questions about snooping USB on Windows with WinPcap-based
applications such as Ethereal should be sent to
winpcap-users@xxxxxxxxxxxxxxxxx, as that's the mailing list for
WinPcap. For Linux, I'm not sure what the right mailing list would be
(linux-net?); for BSD, the list would depend on the BSD you're using.
(There's no DLT_USB in any version of libpcap I've seen, which further
suggests that snooping on USB connections with libpcap/WinPcap is
simply not supported at all.)
Please, can someone send me some filters examples about this?
If capturing on a USB link isn't supported, there won't be any filters,
as you can only use filters when capturing....