Difference between revisions of "Usb"

From Noah.org
Jump to navigationJump to search
m
Line 8: Line 8:
 
sudo update-usbids.sh
 
sudo update-usbids.sh
 
</pre>
 
</pre>
 +
 +
== USB port monitoring / USB traffic sniffing ==
 +
 +
It's pretty easy to monitor the raw traffic on a USB port.
 +
<pre>
 +
modprobe usbmon
 +
ls -l /dev/usbmon*
 +
hexdump /dev/usbmon0
 +
</pre>
 +
 +
There is also a '''debugff''' interface to '''usbmon'''. If you don't already have the debugfs mounted then run this:
 +
<pre>
 +
mount -t debugfs none_debugs /sys/kernel/debug
 +
</pre>
 +
Then if you also loaded the '''usbmon''' kernel module then you should be able to peek at debug info under '''/sys/kernel/debug/usb/usbmon'/''.
 +
 +
The data will be pretty binary noise without a '''USB Protocol Analyzer'''.  You can use '''tcpdump''' and '''WireShark''' monitor, record, and decode USB traffic. Note that newer versions of '''WireShark''' have a USB source built-in, so you don't need a separate '''tcpdump''' running.
 +
<pre>
 +
sudo tcpdump ­-i usbmon0 -­w usbmon0.pcap &
 +
wireshark usbmon0.pcap
 +
</pre>
 +
 +
There are also commercial and free tools specifically for analyzing USB traffic.
 +
 +
[http://vusb-analyzer.sourceforge.net Virtual USB Analyzer]
 +
 +
=== virtual machine logging ===
 +
 +
It's also possible to do something similar by running an OS in a virtual environment. Most virtual machine systems have a facility for logging the data they passthrough to physical hardware.
 +
 +
=== More information ===
 +
 +
[http://elinux.org/images/1/17/USB_Debugging_and_Profiling_Techniques.pdf USB Debugging and Profiling Techniques]

Revision as of 20:10, 20 March 2014


lsusb does not identify a device

If the manufacturer and/or product name column is blank then run the following command to update your USB ID database. This may fill in the empty space. Even new distros often have out of date USB ID databses.

sudo update-usbids.sh

USB port monitoring / USB traffic sniffing

It's pretty easy to monitor the raw traffic on a USB port.

modprobe usbmon
ls -l /dev/usbmon*
hexdump /dev/usbmon0

There is also a debugff interface to usbmon. If you don't already have the debugfs mounted then run this:

mount -t debugfs none_debugs /sys/kernel/debug

Then if you also loaded the usbmon' kernel module then you should be able to peek at debug info under /sys/kernel/debug/usb/usbmon'/.

The data will be pretty binary noise without a USB Protocol Analyzer. You can use tcpdump and WireShark monitor, record, and decode USB traffic. Note that newer versions of WireShark have a USB source built-in, so you don't need a separate tcpdump running.

sudo tcpdump ­-i usbmon0 -­w usbmon0.pcap &
wireshark usbmon0.pcap

There are also commercial and free tools specifically for analyzing USB traffic.

Virtual USB Analyzer

virtual machine logging

It's also possible to do something similar by running an OS in a virtual environment. Most virtual machine systems have a facility for logging the data they passthrough to physical hardware.

More information

USB Debugging and Profiling Techniques