How to capture USB traffic with Wireshark in OSX Catalina (10.15)

About

Asked 23/10, 2019 at 13:2 Answered 3/12, 2019 at 2:9

I am trying to get Wireshark USB captures working. Apparently the trick prior to Catalina was to just bring the interface up so that Wireshark could see it.

https://forums.developer.apple.com/thread/95380

However, this does not work in Catalina because the USB hubs are not shown as interfaces any longer. Is there another known way to "bring up" these interfaces in OSX? Perhaps a new system policy setting? How would one go about finding such a thing?

It might just be broken now. I imagine Wireshark and ifconfig use the same API to gather info about the interfaces.

Flurried answered 23/10, 2019 at 13:2 Comment(1)

This is a good question but does not have a programming component, which is the focus of Stack Overflow. You should post it to the Wireshark forums, where Wireshark developers and power users live. – Hospodar 23/10, 2019 at 13:29

You need to disable SIP first

Restart your Mac
Hold down Command-R to reboot into Recovery Mode
Click Utility->Terminal, type "csrutil disable", click Enter.
Restart your Mac

then you can use "sudo ifconfig XHC20 up" command

Cnut answered 3/12, 2019 at 2:9 Comment(2)

Maybe this works. I cannot confirm as I just downgraded to Mojave to sidestep the issue. But oof. Imagine having to completely disable a system-critical protection feature just to allow a really useful feature to work. – Flurried 9/12, 2019 at 19:17

Very helpful, thanks! Differences on a Mac Mini (M1 chip): - Recovery is: Power off. Power on, holding power button until startup options come up. - Available interfaces are XHC0 and XHC1, and possibly others with a USB hub. – Caseous 29/3, 2022 at 21:10

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags