IEEE 1394 (marketed as FireWire and i.Link) capture support is not currently available to libpcap on any platforms. On OHCI-based cards (most IEEE 1394 cards sold), promiscuous mode is not supported, however it is supported on PCILynx-based cards.
Some isosyncronous mode traffic can be captured with a "standard" OHCI card on Linux with the dumpiso utility supplied with lib1394raw. However, Wireshark cannot read dumpiso files.
Description of the isodump (used by dumpiso) format (from man dumpiso)
The isodump format stores a series of IEEE 1394 isochronous stream packets (possibly from multiple channels), including their headers. Its main use is as the output format of dumpiso(1) and the input format of sendiso(1). The 32 byte header starts at offset 0 with the string "1394 isodump v1" followed by a zero byte. The next 8 bytes form a 64 bit big endian integer, which represents a bit mask of the channels that were
dumped. A set bit at position (1 << x) signifies that channel x was being listened on. The following 8 bytes are set to zero. The iso packets follow the header and are appended to the data stream in the order they were received. The packets consist of the header quadlet as originally received and the data quadlets following directly. The CRC quadlets after header and data do not appear and everything is in big endian, as seen on the bus. There is no further framing of the packets in the format, packet boundaries can be found by looking at the data size field in the header quadlet of each packet. The data size field appears in the most sig- nificant 16 bits of the header quadlet, contain the size in bytes (the actual packet is padded to a multiple of four bytes) and do not include the header packet.
Imported from https://wiki.wireshark.org/IEEE_1394 on 2020-08-11 23:15:01 UTC