使用wireshark嗅探USB
目前我正在使用 usbmon 来嗅探 USB。为了更好地理解我想使用wireshark。我以前使用过wireshark来嗅探以太网数据包。但是要捕获什么来嗅探 USB 数据包呢?我的意思是我需要首先选择要在wireshark 中捕获的接口。但我会为 USB 选择什么?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
获取最新的wireshark。
在设备中插入之前和之后使用 lsusb 这样您就知道它插入了哪个 USB 总线。
在终端中输入:(
首先加载允许 root 进行 USB 嗅探的内核模块,第二次以 root 身份加载wireshark)
然后选择
usbmonX
,其中X
代表 USB 总线编号(< code>lsusb 显示这些数字)。之后,您仍然需要过滤设备/供应商 ID 或其他特定于设备的数据包,因为wireshark 将显示插入该总线的所有设备的所有数据包。 (在插入设备之前/之后再次
lsusb
会有帮助)。Grab newest wireshark.
Use lsusb before and after plugin in device so You know which usb bus its plugged into.
type in terminal:
(First load kernel module that allow for usb sniffing for root, second load wireshark as root)
Than select
usbmonX
, whereX
stand for usb bus number (lsusb
show those numbers).After than you still need to filter packets for device / vendor id, or something else device specific, as wireshark will show all packets from all devices plugged into that bus. (Again
lsusb
before/after plugging you device will help).您是否查看过 Wireshark 网站上的相关文档?
Have you taken a look at the documentation for that on the Wireshark website?
一个快速的通知,因为我刚刚开始使用wireshark在Linux上嗅探USB数据包。据我了解,您需要加载 usbmon 模块(如果您正在使用它,则应该如此)。另外,我似乎记得,虽然wireshark可以设置为让非root用户嗅探以太网数据包,但一些限制需要对usb包进行root访问(至少在撰写本文时)。
与其他人所说的类似,在我的系统 Ubuntu 12.10 上,USB 接口的名称类似于“usbmon1 USB 总线编号 1”等。
(您可以查看 http://biot.com/blog/usb-sniffing-on- Linux)
列出的链接有一个显示过滤器的图像,该过滤器可用于仅选择来自设备号(来自 lsusb)的流量。
我希望这有帮助
a quick notice since I just started using wireshark to sniff usb packets on linux. as I understand you need usbmon module loaded (which if you are using it should be). Additionally I seem to recall that while wireshark can be setup to let non root users sniff ethernet packets, some limitation required root access for usb packs (at least at the time of writting).
Similar to what others have said, on my system, Ubuntu 12.10, the usb interfaces have names like "usbmon1 USB bus number 1" and so forth.
(you might look at http://biot.com/blog/usb-sniffing-on-linux)
the link listed has an image showing a filter which can be used to select only traffic to from a device number (from lsusb).
I hope thats helpful
@przemo_li 您想按设备地址进行过滤以查看来自主机和设备的通信。其过滤器是
usb.device_address ==
。@przemo_li You want to filter by device address to see the communication from both the host and the device. The filter for that is
usb.device_address ==
.