USB Sniffing In Linux

sniffer

[Robert] sent in this tutorial on how to set up USB sniffing in linux. Useful for seeing exactly what is being communicated to and from your USB devices, this ability is built into linux. [Bert], the author, shows us the steps involved and how to filter it to get the data we desire. You can specify exactly which device to capture data from. His example, shown above, is a session with an Arduino.

16 thoughts on “USB Sniffing In Linux

  1. Ah never realised wireshark can do USB. A while ago I tried to reverse engineer the craft robo protocol using some command line scripts (I forget the name).

    I did actually manage to work out a decent amount of the protocol and I wrote a simple test program to draw a Koch curve. Then I got distracted.

  2. I was trying this out and I had some issues. At the cat /sys/kernel/debug/usbmon/lu I get a “cat: lu: No such file or directory” so I went and check and the file is indeed there, I even moved to that folder and did a cat lu and same deal. Im not an advanced linux user so any help with this would be appreciated

  3. I can’t see how this can be useful to do on linux, don’t get me wrong, i love linux, but the only use i can see for this is reverse engineering proprietary usb devices/protocols, and most if not all proprietary devices run solely on windows. the device needs to be running like normal to understand how it communicates, and for that it requires winblows.

  4. I’m thinking the same thing as joe57005. It would be very useful if there was a way to get the device to run normally…issue a command w/proprietary app and watch the packets sent/received to/from the device. of course, you’d still need windows to run the proprietary app in most cases.

    The only other thing I can think of where this would be useful is if you are designing a USB device yourself. It could be extremely valuable as a debug tool during the software development phase.

  5. Hmm, this might be handy for hacking out a way to communicate with my phone in Linux. It’s Motorola, but moto4lin, bitpim, and p2k all fail to talk to it.

    While Windows might be required for the initial reverse engineering, there’s always VMWare. :D

  6. Bit of necroposting here but I’ve been doing some work on sniffing USB with usbmon and came across this post.

    I was able to get usbmon working fine on my lappy with debian 6.0 but this failed
    when I moved it to my Raspberry Pi.

    Turned out that I was better off using the linux evtest to monitor /dev/input/event*
    there are also perl (Linux::Input) and python versions of it.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.