How can I dump the USB traffic with Wireshark on Linux?

Deleted user report abuse

Hi community. How can I dump the USB traffic with Wireshark on Linux?





WeepingAngel report abuse

Hi Nickfield,


have you tried the wireshark wiki on this theme?


mbinev report abuse

If you needed to dump the USB traffic between an USB3.0 host and a Basler USB3.0 camera on Linux, you may use Wireshark.

To do so, follow the next steps:


1) download and install Wireshark (Wireshark 1.2.x or newer is recommended):

#sudo apt-get install wireshark


2) Prepare for dumping:


Mount 'debugfs' (it has to be enabled in your kernel configuration, if not done already), and load the usbmon module (if built as module).


# sudo mount -t debugfs none_debugs /sys/kernel/debug

// if this command returns errors, continue with the next one:
# sudo modprobe usbmon


Verify that bus sockets are present:


# ls /sys/kernel/debug/usb/usbmon
0s  0u  1s  1t  1u  2s  2t  2u  3s  3t  3u  4s  4t  4u


Now you can find the bus used by your device with step #3.
This allows to filter away annoying devices that talk continuously.


3. Find which bus connects to the desired device:



#cat /sys/kernel/debug/usb/devices


and find the T-line which corresponds to the device. Usually you do it by looking for the vendor/manufacturer/poroduct/serial number (S-line) string.

If you have many similar devices, unplug one and compare the two '/sys/kernel/debug/usb/devices' outputs.

The T-line will have a bus number.



T:  Bus=07 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  2 Spd=5000 MxCh= 0
D:  Ver= 3.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs=  1
P:  Vendor=2676 ProdID=ba02 Rev= 0.00
S:  Manufacturer=Basler
S:  Product=acA2500-14uc
S:  SerialNumber=21318684
C:* #Ifs= 3 Cfg#= 1 Atr=a0 MxPwr=896mA


"Bus=07" means it's bus 7.


Alternatively, you can look at the output from "lsusb" and get the bus number from the appropriate line.



Bus 007 Device 002: ID 2676:ba02 Basler AG ace USB3 Vision Camera


Bus 001 Device 004: ID 2676:ba03 Basler AG // for a Basler dart connected to USB2.0 bus


4) run Wireshark as root, e.g:

#sudo wireshark

and start capture on the desired USB bus.

Add Answer

Need support?

Just drop us an email to ... Show more Arrow right