Menu
at the moment I am using usbmon to sniff usb. for better understandability I want to use wireshark. I've used wireshark before for sniffing ethernet packets. But what to capture to sniff USB Packets ? I meant I need to start by selecting which interface to capture in wireshark. but what wold I select there for usb ?
815
Wireshark can capture USB traffic, provided you fulfil the necessary requirements. When you start capturing USB traffic and then insert a USB stick, you'll see something like this: First we see a request (and response) for the device descriptor.
USBPcap is an open-source USB sniffer for Windows.
Grab newest wireshark. Use lsusb before and after plugin in device so You know which usb bus its plugged into.
type in terminal:
su -c "modprobe usbmon" && su -c "wireshark"
(First load kernel module that allow for usb sniffing for root, second load wireshark as root)
Than select usbmonX, where X stand for usb bus number (lsusb show those numbers).
After than you still need to filter packets for device / vendor id, or something else device specific, as wireshark will show all packets from all devices plugged into that bus. (Again lsusb before/after plugging you device will help).
88
Have you taken a look at the documentation for that on the Wireshark website?
In libpcap 1.0.x, the devices for capturing on USB have the name usbn, where n is the number of the bus. In libpcap 1.1.0 and later, they have the name usbmonn.
37
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
