I'm trying to debug a linux connection over usb to an embedded controller. The controller is part of a PV inverter and turns itself off when it gets dark. Powering up in the morning does not work properly with the device connected to a Linux box, leaving the embedded controller unable to communicate until it is reset (not a trivial task). All's well with Windows XP. So my question is "how do I start the capture from the usb device before the device exists"?: I want to start the capture at night and review the results after sun-up. Using the pseudo device that includes all devices will collect a lot of noise from other interfaces, so I'd prefer not to use that approach. regards Tim asked 05 Jan '12, 09:42  Tim |
2 Answers:
If by "the pseudo device that includes all devices" you mean the You don't start captures from USB devices, you start captures on USB buses (yes, I know, that should be "on USBs", "USB bus" being like "ATM machine" or "PIN number" :-)) Start a capture on the bus into which you'd plug the controller, before the controller is plugged in, and leave it running. It sounds as if you can't leave the controller plugged in while it's powering up, so I presume you'll plug it in after it powers up; you should see what USB traffic goes to and from it once you plug it in. (If "All's well with Windows XP." means that powering up in the morning works fine with the device plugged into a Windows XP system, you might also want to see whether anybody can help you on that.) answered 05 Jan '12, 21:30  Guy Harris ♦♦ |
Have a look at the usbmon captures question and answers that follow. answered 05 Jan '12, 11:34  cmaynard ♦♦ so don't capture with wireshark. use usbmon and analyse with wireshark. (06 Jan '12, 03:58) Tim In the page to which Chris Maynard was referring, "usbmon" is not a program that you would use instead of Wireshark, "usbmon" is a capture mechanism that libpcap uses when capturing on USB buses and that, since Wireshark uses libpcap to capture, Wireshark can use. I.e., you capture with Wireshark using libpcap using usbmon and then have Wireshark analyze the results. (06 Jan '12, 11:29) Guy Harris ♦♦ |
Sounds like a doc error in Wireshark: the words are nearly verbatim from the UI.
I get wound up by PIN number, but for some reason USB bus doesn't jar so much. I think it's the semantics of B in USB: in my mind it means a specification, rather than a physical bus.
The device is always plugged in (I want to start recording as soon as possible, rather than after I wake up). My linux box is currently dead, but I see the buses that you mean on another.
I don't want to use XP as it's not easy to automate a GUI, although I probably do need to capture the traffic to compare it with the linux case.
If "the words" are the text "Pseudo-device that captures on all interfaces", then it's a code error, and it's in libpcap, not in Wireshark. It should probably say "all network interfaces".
By "plugged in" I mean "plugged into the Linux or Windows box's USB bus" rather than "plugged into the wall socket". I inferred from "Powering up in the morning does not work properly with the device connected to a Linux box" that you can't leave the device plugged into the Linux box's USB bus overnight.
As for XP, it has a command line, but the problem is WinPcap can't capture on a USB bus.