Menu
Is there a way to sniff the USB port on a Mac? I've looked at libusb and #usblib but I can't find anything that works on the Mac.
637
With macOS High Sierra you can use Wireshark to capture USB traffic. The interface needs to be manually brought up/down to enable/disable packet capture for the specific controller via ifconfig (where you can also see a list of available interfaces).
Capturing USB traffic on Linux is possible since Wireshark 1.2. 0, libpcap 1.0. 0, and Linux 2.6. 11, using the Linux usbmon interface.
Press and hold the right Ctrl key and double-press the Scroll key on the keyboard. Wait until the dump file is created and the system starts in the regular mode. Make sure that the dump file is successfully created.
I found a way, you'll need Wireshark's nightly build (I am using V2.5.0rc0). After you install it, you'll need to bring up the USB "interface":
sudo ifconfig XHC20 up
And after that you can use wireshark to sniff all the traffic in the XHC20 interface. When you finish, remember to turn the interface down:
sudo ifconfig XHC20 down
Source: aud-ios.
138
Beware when installing IOUSBFamily log. It has not been updated in a few years. The OS X versions must match or else all usb devices including builtin touchpad/keyboard could not work. If that does happen you must reload the proper kext manually from recovery:
https://discussions.apple.com/message/20152486#20152486
Here is the steps to reload from recovery:
I had the same issue after installing USB Prober from a wrong OS version on my machine. It installed without any warnings but it turned out that this includes IOSUSBFamily.kext kernel module that's not going to work on my machine and this disabled all the USB devices (which includes laptop's own keyboard and trackpad).
Here's how I fixed it, but please be extremely careful not to break your machine:
1) Hold CTRL+R and turn on your machine, this will boot into the "Recovery mode"
2) Open Terminal
3) Find out where is your original IOUSBFamily kernel extension and the one on the Macintosh HD are. Mine were here:
Original: /System/Library/Extensions/IOUSBFamily.kext
New one (broken): /Volumes/Macintosh\ HD/System/Library/Extensions/IOUSBFamily.kext
4) Move the broken module away:
$ mkdir /Volumes/Macintosh\ HD/Users/recovery-backup
$ mv /Volumes/Macintosh\ HD/System/Library/Extensions/IOUSBFamily.kext /Volumes/Macintosh\ HD/Users/recovery-backup
5) Copy back the original:
$ cp -a /System/Library/Extensions/IOUSBFamily.kext /Volumes/Macintosh\ HD/System/Library/Extensions/IOUSBFamily.kext
Reboot and it should be fixed.
21
You can use IOUSBFamily log. If you are on OSX 10.8.2, you'd probably want to try USB Prober included in Hardware IO Tools for Xcode, February 2012 (Apple Developer account required for both links), since the latest version of IOUSBFamily is for OSX 10.9.4.
Even now (in 2018) there are no newer releases than for 10.9.4, and they don't work in newer macOS releases.
4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
