NETCAP
NETCAP
Overview
GitHub
Homepage
GoDoc
Overview
Protocol Support
Specification
Installation
Quickstart
Packet Collection
Audit Record Labeling
HTTP Proxy
USB Capture
Payload Capture
Distributed Collection
Workers
Filtering and Export
Downloads
Internals
Metrics
Python Integration
FAQ
Extension
Contributing
License
Powered by GitBook

USB Capture

Capture traffic sent via Universal Serial Bus (USB) protocol

Live Capture

USB live capture is now possible, currently the following Audit Records exist: USB and USBRequestBlockSetup.

To capture USB traffic live on macOS, install wireshark and bring up the USB interface:

$ sudo ifconfig XHC20 up

Now attach netcap and set baselayer to USB:

$ net.cap -iface XHC20 -base usb

Offline from dumpfile

To read offline USB traffic from a PCAP file use:

$ net.cap -r usb.pcap -base usb

Don't forget to set the -payload flag if you want to preserve the data being transmitted!

Previous
HTTP Proxy
Next
Payload Capture
Last updated -2
Contents
Live Capture
Offline from dumpfile