Monitoring (Sniffing) /dev/ttyUSB0 created by FTDI USB Serial Converter

Question

I want to monitor (sniff) the traffic of my /dev/ttyUSB0 which is created by FTDI USB Serial Converter. I've written my own application in Windows and now I try to port it to linux and use /dev/tty/USB0. I want to debug the communication that actually happens.

The software strace is not an option for me because it only shows the syscalls to ioctl.

Using Windows the software "Free Serial Port Monitor" did it by sniffing COM1.

Output of dmesg:

[16975.000221] usb 7-1: new full-speed USB device number 5 using  uhci_hcd
[16975.193543] usb 7-1: New USB device found, idVendor=0403, idProduct=6001
[16975.193548] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[16975.193552] usb 7-1: Product: FT232R USB UART
[16975.193555] usb 7-1: Manufacturer: FTDI
[16975.193558] usb 7-1: SerialNumber: A400BJII
[16975.200550] ftdi_sio 7-1:1.0: FTDI USB Serial Device converter detected
[16975.200599] usb 7-1: Detected FT232RL
[16975.202604] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0

However I tried moserial to do this and the command "echo foobar > /dev/ttyUSB0" to verify, if it works. Also my software doesn't create an output to moserial.

UPDATE:

Found out how to monitor usb directly, now I need to convert USB packets to RS-232 (what FTDI basically does).

1. Setup usbmon

   modprobe usbmon

   1.1 With Linux kernels prior to 2.6.23, you will also need to run this command

   modprobe -t debugfs none /sys/kernel/debug

2. usbmon0 will monitor any traffic from all usbmon0 to usbmonX 2.1. Find the correct usb device

   cat /sys/kernel/debug/usb/devices|grep FTDI -A 7 -B 4

   T:  Bus=07 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 12 Spd=12   MxCh= 0
   D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
   P:  Vendor=0403 ProdID=6001 Rev= 6.00
   S:  Manufacturer=FTDI
   S:  Product=FT232R USB UART
   S:  SerialNumber=A400BJII
   C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr= 90mA
   I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
   E:  Ad=81(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
   E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms
   

   2.2. Note Bus number of the port (Bus=07), so usbmon to monitor will be usbmon7

   2.3. Use wireshark to capture the usbmon7 interface or use following command to get output to the console (stdout) ... replace the number with bus-id

   cat /sys/kernel/debug/usb/usbmon/7u

   What means 'u'? https://www.kernel.org/doc/Documentation/usb/usbmon.txt

   Two formats are supported currently: the original, or '1t' format, and the '1u' format. The '1t' format is deprecated in kernel 2.6.21. The '1u' format adds a few fields, such as ISO frame descriptors, interval, etc. It produces slightly longer lines, but otherwise is a perfect superset of '1t' format.

3. How do I convert the USB capture to RS-232 capture? I don't know it ... TODO

Answer 1

With your hint I managed to solve my problem, so there it is my hint for the last point:

3. Using Wireshark, open usbmon0 and use this filter

   usb.capdata or at
   

Issuing two times the command echo asd > /dev/ttyUSB0 produces the result below in Wireshark

You can extract the whole Leftover Capture Data from a capture file using tshark:

tshark -r capture.pcapng -T fields -e usb.capdata