howto:dumlcapture
This is an old revision of the document!
Table of Contents
Capturing DUML
Capturing DUML packets can be tricky if you are new to the scene. This page is designed to list some of the easy ways to capture DUML. It will grow over time as other people document other methods.
Mac Capture with WireShark
1. Disable SIP
- Restart your Mac
- Hold down Command-R to reboot into Recovery Mode
- Click Utility→Terminal, type “csrutil disable”, click Enter.
- Restart your Mac
2. Bring up the USB interface for DUML traffic
sudo ifconfig XHC20 up
3. Capture
Capture from the XHC20 interface using Wireshark. USB capture filters are unsupported, so you will get lots of garbage mixed in with the duml.
4. Filter
To view only the interesting traffic, the following filter is what worked for me.
frame.protocols == "usb" && usb.darwin.request_type == 1 && usb.bInterfaceClass == 0x0a && frame.len > 32
howto/dumlcapture.1635760526.txt.gz · Last modified: 2021/11/01 09:55 by czokie
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Noncommercial-Share Alike 4.0 International
