Wireshark-users: [Wireshark-users] USBPcap: USB capture on Windows

From: Tomasz Moń <desowin@xxxxxxxxx>
Date: Fri, 12 Apr 2013 12:34:56 +0200
Hello,

As some of you might already know the USBPcap [1] project was released recently. This project can be used together with Wireshark in order to analyse USB traffic on Windows without resorting to the use of Virtual Machines.

Currently the live capture can be done on "standard input" capture basis: you write a magic command in cmd.exe and you get the Wireshark to capture raw USB traffic on Windows.

Unfortunately, on 64-bit versions of Windows, all drivers (that includes USBPcap filter driver which captures the raw USB data) have to be digitally signed. There is a USBPcap donation fund [2] running that collects money towards code signing certificate. If you like the idea of capturing raw USB traffic on Windows, please consider throwing a few bucks into the fund.

In further development I will try to get the USBPcap as tightly integrated into Wireshark as possible. Currently you can download patched version from the project website.

Regards,
Tomasz

[1] http://desowin.org/usbpcap/
[2] http://pledgie.com/campaigns/19773