On 28 June 2011 22:33, Chris Maynard <Chris.Maynard@xxxxxxxxx> wrote:
> tshark -r yourusbcapturefile.pcap -R "usb.transfer_type == 3 &&
> usb.endpoint_number.direction == 0 && usb.device_address == 0x40" -T fields -e
> usb.capdata
$> tshark -v
TShark 1.4.6
I got an error message that usb.endpoint_number.direction == 0 is not
supported, but based on your suggested use of tshark, and looking at
the capture file in wireshark and usb fields available in the filter
expression dialog, I came up with:
tshark -r capfile -R "usb.transfer_type == 2 && usb.data_len == 512"
-T fields -e usb.capdata
and got the firmware. The filter is now possibly a bit more sloppy,
but I have only the firmware upload in my capture file so other data
with length 512 is not present. Anyway, now I can go on and learn more
about filtering
Thanks a lot, and cheers
--
Svenn