USB Capturing on Windows

Capturing or "sniffing" USB packets on Windows is quite easy, if you know how. All you need is Wireshark and the packet capture driver usbpcap. Here are the steps to get you going:

Install Open Source USB Packet capture for Windows.

Start an admin command prompt cmd.exe.

Run USBPcapCMD.exe to get a list of connected USB devices and which "filter monitor" they belong to:

"C:\Program Files\USBPcap\USBPcapCMD.exe"

You can either start capturing from there or start live capturing with Wireshark instead:

"C:\Program Files\USBPcap\USBPcapCMD.exe" -d \\.\USBPcap1 -o - | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -

Resources