[Robert] sent in this tutorial on how to set up USB sniffing in linux. Useful for seeing exactly what is being communicated to and from your USB devices, this ability is built into linux. [Bert], the author, shows us the steps involved and how to filter it to get the data we desire. You can specify exactly which device to capture data from. His example, shown above, is a session with an Arduino.
Actually this is mis-attributed, it should be attributed to Bert Vermuelen, as he’s the one who actually put together the writeup!
That has been fixed. thanks.
Ah never realised wireshark can do USB. A while ago I tried to reverse engineer the craft robo protocol using some command line scripts (I forget the name).
I did actually manage to work out a decent amount of the protocol and I wrote a simple test program to draw a Koch curve. Then I got distracted.
I was trying this out and I had some issues. At the cat /sys/kernel/debug/usbmon/lu I get a “cat: lu: No such file or directory” so I went and check and the file is indeed there, I even moved to that folder and did a cat lu and same deal. Im not an advanced linux user so any help with this would be appreciated
@ Greg, first, do a ls -halF in that directory, and tell us the permissions for the file.
Then, do you have a usb device plugged in?
ah i figured it out i thought 1u (one u) was lu (L u) stupid mistake on my part. Thanks for the help though
usb sniffing? is this like kitty huffing?
another useful command line tool is lsusb. that came in handy while getting my touchscreen working on my eeepc
Thanks for this – been looking for a how-to to sniff USB in order to get my Windows-driver-only USB scrolling LED marquee device working under Linux.
I can’t see how this can be useful to do on linux, don’t get me wrong, i love linux, but the only use i can see for this is reverse engineering proprietary usb devices/protocols, and most if not all proprietary devices run solely on windows. the device needs to be running like normal to understand how it communicates, and for that it requires winblows.
I’m thinking the same thing as joe57005. It would be very useful if there was a way to get the device to run normally…issue a command w/proprietary app and watch the packets sent/received to/from the device. of course, you’d still need windows to run the proprietary app in most cases.
The only other thing I can think of where this would be useful is if you are designing a USB device yourself. It could be extremely valuable as a debug tool during the software development phase.
Hmph – no wireshark for suse linux. but the command lines work. very nice.
wish i knew what i was looking at :-(
wouldn’t that work to sniff usb traffic between a connected device and a virtual box running windows ?
are these only compatible with injection…or worth it without it.
Hmm, this might be handy for hacking out a way to communicate with my phone in Linux. It’s Motorola, but moto4lin, bitpim, and p2k all fail to talk to it.
While Windows might be required for the initial reverse engineering, there’s always VMWare. :D
Bit of necroposting here but I’ve been doing some work on sniffing USB with usbmon and came across this post.
I was able to get usbmon working fine on my lappy with debian 6.0 but this failed
when I moved it to my Raspberry Pi.
Turned out that I was better off using the linux evtest to monitor /dev/input/event*
there are also perl (Linux::Input) and python versions of it.