I've written a crude Wireshark dissector in LUA that strings together data across URB_BULK requests.
From Linux (Debian Stretch/testing):
Get the dissector script usb232.lua at: http://paste.debian.net/447366/
$ mkdir $HOME/.config/wireshark/plugins
Save the usb232.lua plugin in your Wireshark plugins directory (above).
$ lsusb | grep -i serial Bus 008 Device 004: ID 050d:0103 Belkin Components F5U103 Serial Adapter [etek]
Make certain no other USB devices are on the same Bus number. This usually means plugging your USB serial adapter into its own port i.e. not after a hub.
$ lsusb | grep "Bus 008" Bus 008 Device 004: ID 050d:0103 Belkin Components F5U103 Serial Adapter [etek] Bus 008 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
This is fine because the root hub itself doesn't likely send any URB_BULK messages which would confuse the Wireshark dissector script.
$ sudo modprobe usbmon
Run tcpdump as root for access to /dev/usbmon8 (as in Bus 008 above)
$ sudo tcpdump -i usbmon8 -w output.pcap
Break (ctrl-c) when done to quit tcpdump and finalize the capture file.
Change owner of output file to your user account
$ sudo chown $USER. output.pcap
Run Wireshark and open the capture file.
$ wireshark output.pcap
Apply a display filter 'usb232'.
File|Export Packet Dissections|As Plain Text... "export.txt" with options: All packets, Displayed, No Summary line, No Details, Yes Bytes.
The output is cluttered with the USB protocol Frames which we don't care about. I'm not sure yet how to do this better from Wireshark but we can simply post-process to clean this up.
Remove the packet Field data leaving only RS232 bytes: $ sed -i -e '/Frame/,/RS232/{//!d}' -e '/Frame/d' export.txt
See example output (AT3318UV-E radio 168kb) at: http://paste.ubuntu.com/16138458/
Eric
On Tue, Apr 26, 2016 at 8:20 PM, Eric Shattow lucent@gmail.com wrote:
This analysis can be directly in Wireshark by writing a dissector for your USB serial device; the Linux kernel sources tell us details of many USB serial devices. I'll do my best to help when someone can get this started:
wireshark-2.0.3/epan/dissectors/packet-usb-com.c
as an example of a dissector. Also possible is to write this in LUA language but when I started this way I discovered some unexpected behavior / bugs in wireshark 1.9.x LUA support; maybe these are fixed now, but for inclusion into wireshark upstream we should target the upstream C source code tree.
Even without a dissector you should be able to apply a filter:
"usb.capdata and usb.bus_id==8 and usb.device_address==2"
where 8 and 2 are values from the Linux host in 'dmesg' or 'lsusb' output. This gives all transactions where there is more data than the existing USB dissectors can handle, and should be mostly the RS232 data payload we're interested in.
Eric
On Tue, Apr 26, 2016 at 11:44 AM, Pavel Milanes (CO7WT) via chirp_devel chirp_devel@intrepid.danplanet.com wrote:
Hi to all,
Interesting topic, and interesting tip about Wireshark doing USB capture, I will give that a try and see how they pack the usb protocol in the pcap format or whatever format they doit, maybe we can unpack that format in to a kind of log...
David, I used one time in the past a serial capture tool for Windows 8 @64 bits from the Internet (I don't remember the name now) but it was a "limited time you has to buy after 30 days" kind of tool, that may work for a short time frame but isn't a solution on the long term.
73
El 26/04/16 a las 14:08, David Ranch via chirp_devel escribió:
Using wireshark would be excellent from my perspective but I don't know if people who might have written tools against the output of Portmon would work with a PCAP capture.
Marco / Pavel: Any thoughts here?
--David KI6ZHD
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers
chirp_devel mailing list chirp_devel@intrepid.danplanet.com http://intrepid.danplanet.com/mailman/listinfo/chirp_devel Developer docs: http://chirp.danplanet.com/projects/chirp/wiki/Developers