OSX USB Monitoring

Question

How can I monitor all USB traffic on OSX? I downloaded the USB monitoring extensions from the Apple Dev website and ran USB Prober. Nothing shows up when I start the monitoring, and there is data being sent to and from the USB device while monitoring.

I found 2 similar topics on this site, but neither gave an answer aside from using libusb. I was hoping I wouldn't have to write my own monitor from scratch using libusb. Seeing as the questions were asked in 2010, I'm hoping tools have been developed since then to accomplish this on OSX.

Answer 1

USB Prober doesn't log all USB traffic. It only logs USB/HID driver messages (diagnostic/info messages posted by USB/HID drivers).

I've never tried libusb for this but I suspect that it can't capture all USB traffic ether (but I could be wrong).

If you're at all serious about monitoring USB traffic you should consider a hardware USB Protocol Analyzer like the Beagle 12 from Total Phase: http://www.totalphase.com/products/beagle_usb12/

Or the USB Explorer 200 from Ellisys: http://www.ellisys.com/products/usbex200/index.php

You might be interested in contributing to this kickstarted project:

http://www.kickstarter.com/projects/bushing/openvizsla-open-source-usb-protocol-analyzer?ref=card

Answer 2

It's possible in high sierra (and maybe older versions), you'll need Wireshark's nightly build (I am using V2.5.0rc0). After you install it, you'll need to bring up the USB "interface":

sudo ifconfig XHC20 up

And after that you can use wireshark to sniff all the traffic in the XHC20 interface. When you finish, remember to turn the interface down:

sudo ifconfig XHC20 down

Source: aud-ios.