Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

USB HID dissector was improved during Google Summer of Code 2020, so in recent Wireshark versions you get better results than in older ones. However, after opening the capture in Wireshark 3.4.4, the dissection in "GET DESCRIPTOR Response HID Report" is as follows:

HID Report
    Usage Page (Vendor)
        Header
            .... ..10 = bSize: 2 bytes (2)
            .... 01.. = bType: Global (1)
            0000 .... = bTag: Usage Page (0x0)
        Usage Page: Vendor (0xff00)
    Usage (Vendor)
        Header
            .... ..01 = bSize: 1 byte (1)
            .... 10.. = bType: Local (2)
            0000 .... = bTag: Usage (0x0)
        Usage: Vendor (0x01)
    Collection (Application)
        Header
            .... ..01 = bSize: 1 byte (1)
            .... 00.. = bType: Main (0)
            1010 .... = bTag: Collection (0xa)
        Collection type: Application (0x01)
        Logical Minimum (0)
            Header
                .... ..01 = bSize: 1 byte (1)
                .... 01.. = bType: Global (1)
                0001 .... = bTag: Logical Minimum (0x1)
            Logical minimum: 0
        Logical Maximum (255)
            Header
                .... ..10 = bSize: 2 bytes (2)
                .... 01.. = bType: Global (1)
                0010 .... = bTag: Logical Maximum (0x2)
            Logical maximum: 255
        Report Size (8)
            Header
                .... ..01 = bSize: 1 byte (1)
                .... 01.. = bType: Global (1)
                0111 .... = bTag: Report Size (0x7)
            Report size: 8
        Report Count (8)
            Header
                .... ..01 = bSize: 1 byte (1)
                .... 01.. = bType: Global (1)
                1001 .... = bTag: Report Count (0x9)
            Report count: 8
        Usage (Vendor)
            Header
                .... ..01 = bSize: 1 byte (1)
                .... 10.. = bType: Local (2)
                0000 .... = bTag: Usage (0x0)
            Usage: Vendor (0x00)
        Feature (Data,Var,Abs)
            Header
                .... ..10 = bSize: 2 bytes (2)
                .... 00.. = bType: Main (0)
                1011 .... = bTag: Feature (0xb)
            .... .... 0 = Data/constant: Data
            .... ...1 . = Data type: Variable
            .... ..0. . = Coordinates: Absolute
            .... .0.. . = Min/max wraparound: No Wrap
            .... 0... . = Physical relationship to data: Linear
            ...0 .... . = Preferred state: Preferred State
            ..0. .... . = Has null position: No Null position
            .0.. .... . = (Non)-volatile: Non Volatile
            1... .... . = Bits or bytes: Buffered Bytes
        End Collection
            Header
                .... ..00 = bSize: 0 bytes (0)
                .... 00.. = bType: Main (0)
                1100 .... = bTag: End Collection (0xc)

From this you can basically tell that your device just uses HID to transfer Vendor data. This is the old method to get "USB device working without drivers". Unfortunately there is not much more that can be determined from the packets without reverse engineering the vendor protocol.

You might want to check out USB Analysis 101 to get basic idea how USB works and how that differs from networking.