Need help to capture traffic from USB using Wireshark

70 views
Skip to first unread message

Sathish M

unread,
Jun 29, 2016, 8:15:58 AM6/29/16
to null
Hi All,

I want to know how to capture traffic from USB drive using Wireshark. Let me give a scenario.

I have a pen drive which has latest software update for a product. Once i connect the pen drive to the product it will compare existing software version with new one and it will verify digital signature of that update. Once verified the new update will be pushed.
Now i want to capture entire traffic from initial handshake till end like how it verifies and how updates are being delivered to the product. I was told that it's possible using Wireshark. 

Any help on this would be much appreciated. Thanks



Aditya Bhel

unread,
Jun 29, 2016, 3:17:11 PM6/29/16
to null
The following steps are required to set up Wireshark to enable traffic capturing.

  1. Insert the USB pendrive in the USB PORT

  2. Open the terminal and use the lsusb command

  3. Find out the bus number to which the USB pendrive is connected to and the device id associated with it.

  4. Use the modprobe usb command to start the intercepting interfaces.

  5. Open wireshark by typing wireshark & in the terminal.

  6. Select the intercepting interface on the basis of the bus to which the device is connected to. The interface corresponding to the bus can be found out using the last digit of the name of the usb interface for example usbmon1 is the interface corresponding to bus number 001. Click start to start the process.

https://lh4.googleusercontent.com/ay8ORWWDkbmu8uZI3b1pICzowhdHP-PfIe5Xik55WCXD6mqB-uEJlXt8mlvszXpGN6Q76ng6SbYH3pH697ZxJcTf74bi6xcsVrT_zQcf2Y9ahQkvdiEP7lgAhDbQHMeFua7O-CNT

  1. Remove the usb pendrive and reinsert the usb pendrive and immediately restart the process of sniffing by clicking on start without saving option. This will enable us to sniff the packets from start.

  2. Use the wireshark filter like usb.device_address!=34 not include packets from device with id=34(see lsusb   for unwanted devices) to exclude from the result.

 

Sathish M

unread,
Jun 30, 2016, 3:10:07 AM6/30/16
to null
We don't have Linux machines here. So I need help in Windows.

Vishwanath KM

unread,
Jul 1, 2016, 3:06:33 AM7/1/16
to null-...@googlegroups.com
http://usbsnoop.sourceforge.net/  (usb snoop did work for me earlier in XP)

http://www.sysnucleus.com/  (I have never tried this one)



On Thu, Jun 30, 2016 at 9:05 AM, Sathish M <goldenr...@gmail.com> wrote:
We don't have Linux machines here. So I need help in Windows.

--
______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
______________________________________________________________________________
se7enth edition of nullcon Goa (Mar 9-12, 2016)
http://nullcon.net
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
Visit this group at https://groups.google.com/group/null-co-in.
For more options, visit https://groups.google.com/d/optout.

anirudhrata

unread,
Jul 1, 2016, 7:00:11 AM7/1/16
to null
Hi, Usblyzer works fine even on Win 10. You can get a fully functional trial from their website.
Reply all
Reply to author
Forward
0 new messages