I've captured USB traffic using Wireshark, but I'm finding it difficult to analyse. Most of my useful data lies in hundreds of URB_BULK in/out packets (too many to browse through one by one). I'm specifically interested in the actual data sent over USB, not the headers.
For TCP/IP data, I've found the "Follow TCP stream" function very useful to view the entire "coversation" between the host and the client, but there doesn't seem to be anything similar for USB.
What is the best way to view the entire "conversation" of all the USB data?
My best solution so far is to use
asked 16 May ‘12, 09:15
These are the steps I followed to make the data usable:
Disclaimer: I know little about USB, so this might not be useful in the general case. In my case I'm only interested in the data (payload) sent with URB_BULK, and not any other data or headers.
answered 17 May '12, 13:47
edited 17 May '12, 14:13
You could (display) filter on the device and bus ID:
This will show only the communication between that devive and the host.
Do you mean a text representation of the exchanged data? If yes, then there is nothing I know of.
answered 16 May '12, 11:09
Kurt Knochner ♦
edited 16 May '12, 11:11
Thanks, the filter helps cutting away some of the non-relevant data at least. Is there a filter to only show the URB_BULK in/out data?
Yes, I mean viewing the exchanged data (excluding headers) in hex and/or ASCII format.
Just open a USB packet and select any item. You will see the display filter in the status line at the bottom of the window. With that you should be able to build any filter you need.