Generally you want to try to limit capturing to one specific event to make it easier to decode. Depending on the device, the best method of capturing data will vary. For a quick overview, you can read the post Wireshark Interface Overview.Īt this point, you simply want to start capturing USB traffic through Wireshark. If you’re new to using Wireshark, there is an abundance of resources online to get you started, but the application is fairly straight forward for basic use.
The previous command will display a new window with the USBPcap interface along with the USB Hub and devices that are attached to it (the first column is not the USBPcap number). As for using Windows and USBPcap, you can identify the USBPcap interface by running the command USBPcapCMD.exe (located in “C:\Program Files\USBPcap”) without any arguments. For Bus 003 you will capture data from usbmon3. For Linux and usbmon run the command lsusb and find the Bus number for the device. If you see multiple USB capture devices, you need to determine which hub your USB device is on. After starting Wireshark, you want to start capturing packets for the specific device. Additional details can be found on the Wireshark website about USB Capturing.
#Wireshark usb interrupt install
During the Wireshark installation you will be asked if you want to install USB monitoring / capturing. It’s fairly simple to sniff USB traffic using Wireshark with USBmon or USBPcap on Linux or Windows. In my case, the software sent data to the USB device to manage and animate the LEDs on the device. Without the additional software you may not be able to fully see how the device functions. These additional programs will help you see the full picture of how the device functions and what data is sent to the USB device. Before sniffing USB traffic, you should install all drivers and software that the manufacturer of the USB device suggests even if it’s optional. The first task is to figure out what the USB device is actually outputting along with what is being sent to the USB device. I only worked with interrupts and control transfers I didn’t look into bulk transfers. The device used while writing this tutorial was a very simple in that it only sent two different interrupts (pressed / released) along with a method to create LED animations. I wanted to repurpose the button and this is the result of that process. I came about writing this post when I found an old AverMedia RECental USB button in a box of electronics.
#Wireshark usb interrupt how to
This post is going to cover how to take a USB device and write software that can interact with the device without having publicly available documentation.