I want to capture traffic from an USB scanner. But after starting wireshark I can't see a proper interface for USB. Capturing network via eth0 works fine.

Wireshark 1.2.8 openSUSE 11.3 with kernel libpcap 1.1.1

After performing a "modprobe usbmon" I can see the USB-Interfaces

I'm able to capture from usbmon1 on Ubuntu 10.04 (Linux kernel 2.6.32-24) without having to do anything special. dumpcap -D says:

1. eth0
2. usbmon1 (USB bus number 1)
3. any (Pseudo-device that captures on all interfaces)
4. lo

strace shows that dumpcap (libpcap, actually) opens /dev/bus/usb followed by /dev/usbmon1:

4182  open("/dev/bus/usb", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3
4182  fcntl(3, F_GETFD)                 = 0x1 (flags FD_CLOEXEC)
4182  getdents(3, /* 3 entries */, 32768) = 72
4182  open("/dev/usbmon1", O_RDONLY)    = 4
4182  ioctl(4, 0x9205, 0)               = 307200
4182  mmap(NULL, 307200, PROT_READ, MAP_SHARED, 4, 0) = 0x7f9a64c5f000
4182  close(4)                          = 0

Do those exist on your system?

dumpcap -D shows only eth0, any and lo. No usbmon available.

(06 Oct '10, 01:07) Gerd

strace of dumpcap -D shows "No such file or directory" from /dev/usbmon1 to /dev/usbmon6

(06 Oct '10, 03:44) Gerd


Since you can't see the USB interface listed, then you can't capture from it.

There's some great information on setting up Wireshark for USB capture on Linux platforms at Hope that works for you.

Sorry, but this is not helpful for me. I'm not new in using Wireshark and asked my question after I found the article "USB capture setup" in the wiki and tried the example without success. Instead of an USB network gadget I used a USB scanner Canon LIDE 50. I performed as Root "mount -t usbfs /dev/bus/usb /proc/bus/usb" and started Wireshark. But there were only the interfaces eth0, Pseudo and IO. The example says "8. On Linux, startup a USB-enabled version of Wireshark..." What is a USB-enabled version ? Are the used versions of Wireshark (1.2.8), Kernel(, libpcap (1.1.1) ok ?

(05 Oct '10, 10:46) Gerd

I'm a newbie to the list so please forgive me if I don't understand what you are trying to do. It sounds like you are trying to launch a wireshark scan using a usb scanner (quote:I used a USB scanner Canon LIDE 50)? That isn't really possible as far as I can see. Where did you get the idea? Am I reading your post wrong? If so again I apologize. Please clarify.

(06 Oct '10, 06:04) blacknight

Hi blacknight, I hope my English is sufficient to explain my idea to you... My Scanner works well in Windows XP, but not in Linux. There is a ugly noise when I try to scan. As there is no trace option with the Canon XP driver and I found no suitable free usb sniffer for Windows XP, I use a VirtualBox client to perform scanning in a XP environment. Then I would capture the scanner USB traffic on my Linux box. Compared with trace data when scanning under linux maybe I see what goes wrong.

(06 Oct '10, 11:57) Gerd

@blacknight Just to expand on @Gerd's comment, Wireshark can be used to analyze packet-based technologies that aren't traditionally used for networking such as USB, Bluetooth, and CAN-bus. It can also open MP3 and JPEG files.

(06 Oct '10, 16:43) Gerald Combs ♦♦