Start network capture as soon as interface is up

usb ethernet sniffing wireshark

A solution exists for Windows, using USBPcap, an open-source USB sniffer for Windows that is integrated with Wireshark. This uses the program USBPcapCMD.exe that is also installed by Wireshark.

The method is discussed in detail in the article USB Packet capture for Windows Tour, but here is a summary:

  • Plug in the device and use USBPcapCMD.exe to identify the Root Hub that this device is connected to
  • Unplug the device and stop USBPcapCMD.exe
  • Run USBPcapCMD.exe again, select the Root Hub and define the output .pcap file
  • Plug-in the device
  • Press Ctrl+C to stop collecting data
  • Start Wireshark and open the .pcap file to analyze it.

You may also do live capture in Wireshark by entering in a Command Prompt (cmd) run as Administrator a command similar to the following :

USBPcapCMD.exe -d \\.\USBPcap2 -o - | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

Related

openldap sizelimit. Can't receive more than 500 entries
diffrence between virtual machine storage and san storage
Slow storage spaces direct S2D setup
Synology HA active-passive performance and failover
Is a VPS with some resources the same as a Dedicated server with exactly same resources?
Why http2 doesn't work on my Apache/2.4.29?
Can the network still work when DNS & DHCP go offline?
Postfix: How to accept email with valid SPF but unresolvable hostname?
vSphere Replication Performance Impact
Can I put the MySQL binlogs on a slow disk?
Use a wild card in StackDriver Logging
Windows server 2019 install not showing GUI options