This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

decoding scsi over usb

0

I am trying to analyse a conventional SCSI over USB stream (from a USB DVD drive, using Ubuntu 12.04). I have captured the trace using tcpdump, and Wireshark correctly displays the traffic at the USB command level, however in every case the SCSI payload is shown simply as 'leftover capture data'. On inspection this data is clearly the wanted SCSI payload.

I have tried both the latest 1.8 and also 1.9 code (wireshark-1.8.0rc2, wireshark-1.9.0-SVN-44445) with identical outcome.

Any suggestions?

asked 12 Aug '12, 03:46

hdb3's gravatar image

hdb3
1111
accept rate: 0%

2 Answers:

1

Unfortunately, without seeing the capture, we can't really tell what the underlying problem is. The USB dissector will report stuff as "Leftover Capture Data" if:

  1. the URB says it's a "bulk transfer", "interrupt", or "control" packet, and it doesn't find an appropriate dissector for it;
  2. the URB says it's an "isochronous" packet;
  3. the URB doesn't say it's any of those.

It might be failing to find an appropriate dissector due to a dissector bug.

Please file a bug at the Wireshark Bugzilla, and, if you can, attach a capture that shows the problem.

answered 12 Aug '12, 20:13

Guy%20Harris's gravatar image

Guy Harris ♦♦
17.4k335196
accept rate: 19%

0

Did you start the capture before connecting device to your computer? One reason for leftover capture data would be lack of USB descriptors in capture file.

answered 31 Jul '13, 09:55

desowin's gravatar image

desowin
262
accept rate: 0%