On Oct 25, 2021, at 12:03 PM, Tomasz Moń <desowin@xxxxxxxxx> wrote:
> The heuristic should not be the main USB traffic detection method
> IMHO. The main thing is that people don't necessarily understand that
> capturing full enumeration sequence (aka starting capture before
> plugging in the device) will give you much better dissection in
> multiple cases.
The main thing is that there's no guarantee that you get the full enumeration.
> Recent libpcap versions
> automatically request device and configuration descriptors on capture
> start (easier version request only device descriptor).
Is this done on FreeBSD, macOS, and Windows?
Or is this Linux-only?