I want to achieve this:
I have a Linux guest VM using QEMU, using directly a USB Wi-Fi stick via USB passthrough.
In the meantime, using wireshark, I want to sniff the network data from it. In my application, Linux quest may switch Wi-Fi network and I want to sniff its network traffic on whichever network is connected to.
But How I can achieve this
You put the orange arrow in the wrong place: there's no "network" talked on the USB link – just raw commands to the wifi device to synthesize some RF waveform.
The network packets only begin to exist in the network driver inside the Linux guest – so that's where you can sniff:
If you have a full wireshark installation on your host, the easiest way would probably using the sshdump remote dumping method, which you can select in the capture dialog:
You will have to have SSHd running on your guest, and you'll need a private network between your host and the guest, as well as tcpdump available in your guest. The user which you enter in the "Authentication" tab of the settings needs to have privileges to run tcpdump.
If you're developing a kernel Wifi driver, you'd do something else and attach a debugger to the guest kernel; but that would be significantly more complicated, and quite honestly expect you to be pretty trained in gdb and remote debugging already.
tcpdump upon android also I need SSHd upon android as well.
Commented
Jun 24 at 8:49