User Tools

Site Tools


howto:dumlcapture

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revision Both sides next revision
howto:dumlcapture [2021/11/02 03:18]
czokie
howto:dumlcapture [2021/11/02 03:30]
czokie
Line 9: Line 9:
   * Restart your Mac   * Restart your Mac
   * Hold down Command-R to reboot into Recovery Mode   * Hold down Command-R to reboot into Recovery Mode
-  * Click Utility->Terminal, type "csrutil disable", click Enter.+  * Click Utility >> Terminal, type "csrutil disable", click Enter.
   * Restart your Mac   * Restart your Mac
  
Line 15: Line 15:
  
   sudo ifconfig XHC20 up   sudo ifconfig XHC20 up
 +
 +NOTE: When not required for capturing, you should disable this interface using the following command.
 +
 +  sudo ifconfig XHC20 down
  
 ==== 3. Capture ==== ==== 3. Capture ====
Line 48: Line 52:
   cd /tmp   cd /tmp
   rm -rf mefisto   rm -rf mefisto
 +
 +==== 3. Restart Wireshark and capture ====
 +Start a packet capture in Wireshark, from the XHC20 interface.
 +==== 4. Set a display filter ====
 +
 +  (frame.protocols == "usb" && usb.darwin.request_type == 1 && usb.bInterfaceClass == 0x0a && frame.len > 32) or dji_dumlv1
 +
 +This filter is designed to capture all valid dji_dumlv1 packets, but also to capture any poorly decoded packets to allow you to look at the cause of any problems with the dissectors.
 +
 +==== 5. Set display columns ====
 +
 +This is an optional step, but it will make it easier to read and interpret a DUML flow at a glance.
 +
 +  * Click Wireshark >> Preferences >> Appearance >> Columns
 +  * Configure to your requirements. A sample layout is shown below.
 +{{:howto:preferences.png|}}
  
howto/dumlcapture.txt ยท Last modified: 2021/12/04 20:57 by lawq