How can I dump the USB traffic with Wireshark on Linux?

Deleted user report abuse

Hi community. How can I dump the USB traffic with Wireshark on Linux?

 

Regards.

Comments

Answers

WeepingAngel report abuse

Hi Nickfield,

 

have you tried the wireshark wiki on this theme?

https://wiki.wireshark.org/CaptureSetup/USB

Cheers!

Comments
mbinev report abuse

If you needed to dump the USB traffic between an USB3.0 host and a Basler USB3.0 camera on Linux, you may use Wireshark.

To do so, follow the next steps:

 

1) download and install Wireshark (Wireshark 1.2.x or newer is recommended):

#sudo apt-get install wireshark

 

2) Prepare for dumping:

 

Mount 'debugfs' (it has to be enabled in your kernel configuration, if not done already), and load the usbmon module (if built as module).

 

# sudo mount -t debugfs none_debugs /sys/kernel/debug

// if this command returns errors, continue with the next one:
# sudo modprobe usbmon

 

Verify that bus sockets are present:

 

# ls /sys/kernel/debug/usb/usbmon
0s  0u  1s  1t  1u  2s  2t  2u  3s  3t  3u  4s  4t  4u

 

Now you can find the bus used by your device with step #3.
This allows to filter away annoying devices that talk continuously.

 

3. Find which bus connects to the desired device:

 

Run:  

#cat /sys/kernel/debug/usb/devices

 

and find the T-line which corresponds to the device. Usually you do it by looking for the vendor/manufacturer/poroduct/serial number (S-line) string.

If you have many similar devices, unplug one and compare the two '/sys/kernel/debug/usb/devices' outputs.

The T-line will have a bus number.

 

Example:

T:  Bus=07 Lev=01 Prnt=01 Port=02 Cnt=01 Dev#=  2 Spd=5000 MxCh= 0
D:  Ver= 3.00 Cls=ef(misc ) Sub=02 Prot=01 MxPS= 9 #Cfgs=  1
P:  Vendor=2676 ProdID=ba02 Rev= 0.00
S:  Manufacturer=Basler
S:  Product=acA2500-14uc
S:  SerialNumber=21318684
C:* #Ifs= 3 Cfg#= 1 Atr=a0 MxPwr=896mA

 

"Bus=07" means it's bus 7.

 

Alternatively, you can look at the output from "lsusb" and get the bus number from the appropriate line.

Example:

#lsusb

Bus 007 Device 002: ID 2676:ba02 Basler AG ace USB3 Vision Camera

or:

Bus 001 Device 004: ID 2676:ba03 Basler AG // for a Basler dart connected to USB2.0 bus

 

4) run Wireshark as root, e.g:

#sudo wireshark

and start capture on the desired USB bus.

Comments
Add Answer