On 02/27/2013 02:07 AM, Gisle Vanem wrote:
> "Max Baker" <max@xxxxxxxxxx> wrote:
>
>> I've created a new dissector for USB PTP
>> (http://en.wikipedia.org/wiki/Picture_Transfer_Protocol) . This is the
>> protocol most digital cameras speak over USB. I've gotten far enough
>> to do the basic dissection, and I'm pretty stoked on the results!
>
> Just a side-question. Anybody have any experience on USB-snooping
> on Windows? Is it possible at all? The page
> http://wiki.wireshark.org/CaptureSetup/USB
>
> describes how it's done under Linux. This page
> http://benoit.papillault.free.fr/usbsnoop/
>
> describes it for Win, but the project seems abandoned. It would
> be cool it add usb-sniffing to libpcap or Wireshark itself. Ref. airpcap.
I have been successful in an all-windows environment by :
1. Running Windows inside of Windows using VMWare
2. Enabling vmvware's usb logging capabilities
3. Converting their log into PCAP format and then running wireshark.
I found a script that did this for me, that needed a little bit of
tweaking. My notes are here : http://nikonhacker.com/wiki/USB_/_PTP
Natively using wireshark is of course much simpler, but requires walking
up stairs and plugging the camera in the linux box :)
h2h,
-m