On Sep 19, 2008, at 6:02 PM, John R. Hogerhuis wrote:
I've been using the USB support in Wireshark/libpcap. I get lots of
truncated
messages which makes it hard to make use of.
I have a recent Linux kernel 2.6.24-19, which I believe supports the
binary data
format for the kernel usbmon support. Further, my understanding is
that through
the binary data interface, the packets should not be truncated.
So what could be the issue? Does libpcap not support the binary
interface yet?
Libpcap doesn't support Linux USB, period, yet, if by "yet" you mean
"in any release that tcpdump.org has put out".
Perhaps your distribution has added Linux USB support from, for
example, top-of-CVS-tree libpcap; the *current* top-of-CVS tree
libpcap should support the binary interface, but perhaps your
distribution has an earlier version of the code that doesn't support it.
What version of what distribution are you running?