This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

No interface for USB traffic found

1

I want to capture traffic from an USB scanner. But after starting wireshark I can't see a proper interface for USB. Capturing network via eth0 works fine.

Wireshark 1.2.8 openSUSE 11.3 with kernel 2.6.34.4-0.1 libpcap 1.1.1

asked 04 Oct '10, 11:45

Gerd's gravatar image

Gerd
36226
accept rate: 100%

3 Answers:

1

After performing a "modprobe usbmon" I can see the USB-Interfaces

answered 06 Oct '10, 11:26

Gerd's gravatar image

Gerd
36226
accept rate: 100%

2

I'm able to capture from usbmon1 on Ubuntu 10.04 (Linux kernel 2.6.32-24) without having to do anything special. dumpcap -D says:

1. eth0
2. usbmon1 (USB bus number 1)
3. any (Pseudo-device that captures on all interfaces)
4. lo

strace shows that dumpcap (libpcap, actually) opens /dev/bus/usb followed by /dev/usbmon1:

4182  open("/dev/bus/usb", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
4182  fcntl(3, F_GETFD)                 = 0x1 (flags FD_CLOEXEC)
4182  getdents(3, /* 3 entries */, 32768) = 72
4182  open("/dev/usbmon1", O_RDONLY)    = 4
4182  ioctl(4, 0x9205, 0)               = 307200
4182  mmap(NULL, 307200, PROT_READ, MAP_SHARED, 4, 0) = 0x7f9a64c5f000
4182  close(4)                          = 0

Do those exist on your system?

answered 05 Oct '10, 13:47

Gerald%20Combs's gravatar image

Gerald Combs ♦♦
3.3k92258
accept rate: 24%

dumpcap -D shows only eth0, any and lo. No usbmon available.

(06 Oct '10, 01:07) Gerd

strace of dumpcap -D shows "No such file or directory" from /dev/usbmon1 to /dev/usbmon6

(06 Oct '10, 03:44) Gerd

0

Since you can't see the USB interface listed, then you can't capture from it.

There's some great information on setting up Wireshark for USB capture on Linux platforms at http://wiki.wireshark.org/CaptureSetup/USB. Hope that works for you.

answered 04 Oct '10, 12:45

lchappell's gravatar image

lchappell ♦
1.2k2730
accept rate: 8%

Sorry, but this is not helpful for me. I'm not new in using Wireshark and asked my question after I found the article "USB capture setup" in the wiki and tried the example without success. Instead of an USB network gadget I used a USB scanner Canon LIDE 50. I performed as Root "mount -t usbfs /dev/bus/usb /proc/bus/usb" and started Wireshark. But there were only the interfaces eth0, Pseudo and IO. The example says "8. On Linux, startup a USB-enabled version of Wireshark..." What is a USB-enabled version ? Are the used versions of Wireshark (1.2.8), Kernel(2.6.34.4-0.1), libpcap (1.1.1) ok ?

(05 Oct '10, 10:46) Gerd

I'm a newbie to the list so please forgive me if I don't understand what you are trying to do. It sounds like you are trying to launch a wireshark scan using a usb scanner (quote:I used a USB scanner Canon LIDE 50)? That isn't really possible as far as I can see. Where did you get the idea? Am I reading your post wrong? If so again I apologize. Please clarify.

(06 Oct '10, 06:04) blacknight

Hi blacknight, I hope my English is sufficient to explain my idea to you... My Scanner works well in Windows XP, but not in Linux. There is a ugly noise when I try to scan. As there is no trace option with the Canon XP driver and I found no suitable free usb sniffer for Windows XP, I use a VirtualBox client to perform scanning in a XP environment. Then I would capture the scanner USB traffic on my Linux box. Compared with trace data when scanning under linux maybe I see what goes wrong.

(06 Oct '10, 11:57) Gerd

@blacknight Just to expand on @Gerd's comment, Wireshark can be used to analyze packet-based technologies that aren't traditionally used for networking such as USB, Bluetooth, and CAN-bus. It can also open MP3 and JPEG files.

(06 Oct '10, 16:43) Gerald Combs ♦♦