Usb

From Noah.org
Revision as of 20:23, 20 March 2014 by Root (talk | contribs) (→‎USB port monitoring / USB traffic sniffing)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search


lsusb does not identify a device

If the manufacturer and/or product name column is blank then run the following command to update your USB ID database. This may fill in the empty space. Even new distros often have out of date USB ID databses. 

sudo update-usbids.sh

USB port monitoring / USB traffic sniffing

It's pretty easy to monitor the raw traffic on a USB port. 

modprobe usbmon
ls -l /dev/usbmon*
hexdump /dev/usbmon0

There is also a debugff interface to usbmon. If you don't already have the debugfs mounted then run this: 

mount -t debugfs none_debugs /sys/kernel/debug

Then if you also loaded the usbmon' kernel module then you should be able to peek at debug info under /sys/kernel/debug/usb/usbmon'/.

The data will be pretty binary noise without a USB Protocol Analyzer. You can use tcpdump and WireShark monitor, record, and decode USB traffic. Note that newer versions of WireShark have a USB source built-in, so you don't need a separate tcpdump running. 

sudo tcpdump ­-i usbmon0 -­w usbmon0.pcap &
wireshark usbmon0.pcap

There are also commercial and free tools specific to analysis of USB traffic.

Linux Kernel Tracepoints

virtual machine logging

It's also possible to do something similar by running an OS in a virtual environment. Most virtual machine systems have a facility for logging the data they passthrough to physical hardware.

More information

  • USB Debugging and Profiling Techniques A great overview.
  • Linux kernel documentation under /usr/src/linux-headers-$(uname -r)/Documentation/usb/*' and /usr/src/linux-headers-$(uname -r)/Documentation/trace/* (don't forget to install the linux-doc package).
Retrieved from "https://www.noah.org/mediawiki-1.34.2/index.php?title=Usb&oldid=7339"