I recently came across and article by Ludovic Rousseau where he explains how he managed intercept USB traffic using Wireshark. Since he was using Linux “usbmon” in his example and I’m was using a mac, I had to search for an alternative.
Here’s what I found:
I came across a blog post were it’s stated that “Apple has enabled capturing USB traffic”. Since the post is from 2017, many stuff changed specially wireshark version. Now you get XHC20 out of the box, so no need to download Nightly builds from Wireshark to play around with this feature.
On that post it’s stated that you must run the following command:
sudo ifconfig XHC20 up
I hand’t the time to check if my wireshark had XHC20 prior the command execution or if the command is really needed to access this feature ( Could you guys confirm this on comment section? ).
And thats all.
Here an example where I log stuff received by my SmartCard reader. Notice that on both wireshark managed to intercept data flowing between the reader and application.