Help capturing USB packets in Windows

asked 2021-02-18 13:38:42 +0000


We need to confirm the connection and transfer of data from a USB connected device to a windows based application.

First we need to see the device and data flow from the local PC. Then we need to see the device in an RDP session to a host server where the application lives.

We are running USBPcap and wireshark 3.4.3.

My initial testing here is not with the true target device, just a USB Ethernet adapter for now.

My first step in testing was to attach the USB device to the local PC and then run USBPcapCMD. I could see the device here: \??\USB#ROOT_HUB30# [Port 17] ASIX AX88179 USB 3.0 to Gigabit Ethernet Adapter

So the device is seen.

Next I disconnected the device and ran wireshark. I then plugged the device back in and found it with the address 1.11.x.

Question #1, is there any correlation between the 1.11.x address and the port-17 device seen in USBPcap? Can I filter in some way via the port-17 location?

Question #2, if I unplug and then replug the device, it appears that the device address bumps up by one. Right now the USB adapter is 1.14.x. Does this mean that I have to refind the device in WS any time that I unplug/replug?

Question #3, if all looks good on the local USB connection, can I assume that I can run USBPcap and WS on the RDP session and see the passed-thru device there in the same manner?

Thanks for any and all help. These are preliminary questions, I'm sure more to come.


Bryan Hunt

edit retag flag offensive close merge delete