NETCAP
NETCAP
Overview
GitHub
Homepage
GoDoc
Overview
Framework Components
Protocol Support
Specification
Installation
Quickstart
Packet Collection
Audit Record Labeling
Distributed Collection
Workers
Filtering and Export
HTTP Proxy
Metrics
USB Capture
Payload Capture
Utils
Internals
Python Integration
Extension
FAQ
Downloads
Contributing
License
Powered by GitBook

USB Capture

Capture traffic sent via Universal Serial Bus (USB) protocol

Live Capture

USB live capture is now possible, currently the following Audit Records exist: USB and USBRequestBlockSetup.

To capture USB traffic live on macOS, install wireshark and bring up the USB interface:

$ sudo ifconfig XHC20 up

Now attach netcap and set baselayer to USB:

$ net.capture -iface XHC20 -base usb

Offline from dumpfile

To read offline USB traffic from a PCAP file use:

$ net.capture -r usb.pcap -base usb

Don't forget to set the -payload flag if you want to preserve the data being transmitted!

Previous
Metrics
Next
Payload Capture
Last updated Wed May 08 2019 13:30:44 GMT+0000 (UTC)
Contents
Live Capture
Offline from dumpfile