How to dump USB traffic?

linux usb debugging
19,705

Solution 1

You can capture USB traffic with Wireshark.
From its wiki:

To dump USB traffic on Linux, you need the usbmon module, which has existed since Linux 2.6.11. Information on that module is available in /usr/src/linux/Documentation/usb/usbmon.txt in the Linux source tree. Depending on the distribution you're using, and the version of that distribution, that module might be built into the kernel, or might be a loadable module; if it's a loadable module, depending on the distribution you're using, and the version of that distribution, it might or might not be loaded for you. If it's a loadable module, and not loaded, you will have to load it with the command

modprobe usbmon

which must be run as root.

libpcap releases prior to 1.0 do not include USB support, so you will need at least libpcap 1.0.0.

For versions of the kernel prior to 2.6.21, the only USB traffic capture mechanism available is a text-based mechanism that limits the total amount of data captured for each raw USB block to about 30 bytes. There is no way to change this without patching the kernel. If debugfs is not already mounted on /sys/kernel/debug, ensure that it is mounted there by issuing the following command as root:

mount -t debugfs / /sys/kernel/debug

For kernel version 2.6.21 and later, there is a binary protocol for tracing USB packets which doesn't have that size limitation. For that kernel version, you will need libpcap 1.1.0 or newer, because the libpcap 1.0.x USB support uses, but does not correctly handle, the memory-mapped mechanism for USB traffic, which libpcap will use if available - it cannot be made unavailable, so libpcap will always use it.

In libpcap 1.0.x, the devices for capturing on USB have the name usbn, where n is the number of the bus.  In libpcap 1.1.0 and later, they have the name usbmonn.

You will also need a Wireshark 1.2.x or newer.

Solution 2

Updating because this was the first result I found when I looked this up. The best method I've found on Debian Stretch is as follows:

# usbhid-dump --entity=all

That will dump the data incoming from all USB devices. Picked up my keyboard like a treat, and I can read every opcode in the stream.

Share:
19,705

Related videos on Youtube

user2485710
Author by

user2485710

Updated on September 18, 2022

Comments

  • user2485710
    user2485710 over 1 year

    I got an USB gamepad and I would like to see and inspect the signals and commands that this peripherals is actually sending to my PC/kernel: how I can do that ?

    I was assuming that something like 

    cat /dev/bus/usb/006/003

    Was enough, but apparently this command returns immediately and prints some unreadable encoded chars .

    There is a way to "debug" an USB device like that ?

  • Philippe De Muyter
    Philippe De Muyter almost 3 years
    As its name implies, usbhid-dump works only for 'HID' USB devices, not for other types of USB devices.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How can I know the USB port?
Are there open source Linux drivers for the Panda Wifi USB adapter?
Android USB Debugging is not showing the authorization dialog
How to debug a Linux kernel that freezes during boot?
debug a dotnet core program in terminal
Reading and writing to/from serial device via USB on Linux with perl or PHP
Linux: How to assign USB driver to device
Create new ethernet usb network interface on Linux
connect phone to Android-Studio in Ubuntu for debugging
python :Read from a USB HID device