How can I dump the USB traffic with Wireshark on Linux?
Hi community. How can I dump the USB traffic with Wireshark on Linux?
Regards.
Hi community. How can I dump the USB traffic with Wireshark on Linux?
Regards.
Hi Nickfield,
have you tried the wireshark wiki on this theme?
https://wiki.wireshark.org/CaptureSetup/USB
Cheers!
If you needed to dump the USB traffic between an USB3.0 host and a Basler USB3.0 camera on Linux, you may use Wireshark.
To do so, follow the next steps:
1) download and install Wireshark (Wireshark 1.2.x or newer is recommended):
2) Prepare for dumping:
Mount 'debugfs' (it has to be enabled in your kernel configuration, if not done already), and load the usbmon module (if built as module).
// if this command returns errors, continue with the next one:
# sudo modprobe usbmon
Verify that bus sockets are present:
0s 0u 1s 1t 1u 2s 2t 2u 3s 3t 3u 4s 4t 4u
Now you can find the bus used by your device with step #3.
This allows to filter away annoying devices that talk continuously.
Run:
and find the T-line which corresponds to the device. Usually you do it by looking for the vendor/manufacturer/poroduct/serial number (S-line) string.
If you have many similar devices, unplug one and compare the two '/sys/kernel/debug/usb/devices' outputs.
The T-line will have a bus number.
Example:
T: Bus=07 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#= 2 Spd=5000 MxCh= 0
D: Ver= 3.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs= 1
P: Vendor=2676 ProdID=ba02 Rev= 0.00
S: Manufacturer=Basler
S: Product=acA2500-14uc
S: SerialNumber=21318684
C:* #Ifs= 3 Cfg#= 1 Atr=a0 MxPwr=896mA
"Bus=07" means it's bus 7.
Alternatively, you can look at the output from "lsusb" and get the bus number from the appropriate line.
Example:
Bus 007 Device 002: ID 2676:ba02 Basler AG ace USB3 Vision Camera
or:
Bus 001 Device 004: ID 2676:ba03 Basler AG // for a Basler dart connected to USB2.0 bus
4) run Wireshark as root, e.g:
and start capture on the desired USB bus.
Just drop us an email to ... Show more