Skip to content

Instantly share code, notes, and snippets.

@jonas-schievink
Last active April 26, 2021 15:37
Show Gist options
  • Save jonas-schievink/75198ca6fc943e2d7e667684b6fe45ab to your computer and use it in GitHub Desktop.
Save jonas-schievink/75198ca6fc943e2d7e667684b6fe45ab to your computer and use it in GitHub Desktop.
Wireshark USB

First, run sudo modprobe usbmon.

Now Wireshark should show usbmon0-N capture devices.

They correspond to USB buses (see lsusb), so select the one on which the target device is attached.

Now filter out the right device on the bus by writing a filter.

usb.src and usb.dst are the packet's source and destination address, one of which will always be "host".

Addresses are like 1.10.0 for bus 1 device 10 endpoint 0. To match any endpoint, you can use addr ~ "1.10".

To capture all traffic to and from device 1.10, you can use a filter like this:

usb.dst ~ "1.10" || usb.src ~ "1.10"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment