Ask Your Question
0

Capture usb traffic in vm

asked 2022-05-02 18:20:48 +0000

eduardo74 gravatar image

Hi, i have a linux host Ubuntu 20.04 I want to capture traffic of usb sound card Focusrite Scarlett:

this is the result: my lsusb is:

Bus 002 Device 002: ID 0bc2:ab24 Seagate RSS LLC Backup Plus Portable Drive  
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub  
Bus 001 Device 004: ID 0764:0501 Cyber Power System, Inc. CP1500 AVR UPS  
Bus 001 Device 008: ID 046d:c31c Logitech, Inc. Keyboard K120  
Bus 001 Device 007: ID 058f:9540 Alcor Micro Blockquote Corp. AU9540 Smartcard Reader  
Bus 001 Device 006: ID 046d:082d Logitech, Inc. HD Pro Webcam C920  
Bus 001 Device 005: ID 046d:c077 Logitech, Inc. M105 Optical Mouse  
Bus 001 Device 003: ID 05e3:0606 Genesys Logic, Inc. USB 2.0 Hub / D-Link DUB-H4 USB 2.0 Hub  
Bus 001 Device 002: ID 1235:8212 Focusrite-Novation Scarlett 4i4 USB  
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

So i have installed wireshark in the guest vm with windows10. I need to capture the traffic and dont know how....which filter to use ( im using virtualbox )

Thanks

edit retag flag offensive close merge delete

Comments

So do you want to capture the traffic between Linux and the sound card or between Windows and the sound card?

Guy Harris gravatar imageGuy Harris ( 2022-12-17 00:07:06 +0000 )edit
add a comment

2 Answers

Sort by ยป oldest newest most voted
0

answered 2023-01-09 18:32:55 +0000

abws gravatar image

You have to capture usb traffic of the guest from the host. Either via VirtualBox tools https://docs.oracle.com/en/virtualiza... on the host. Or load the "usbmon" module on the host and start wiresharrk and capture from the usbmon<x> where X is the USB Bus where the device you want to capture is.</x>

Note that the usbmon method capture all the traffic from devices on the same bus, while the virtuabox one allows to capture only one USB device traffic . But sadly here with VirtualBox 6.1.40 r154048 (Qt5.15.4) the VirtualBox method fails silently on the first attempt then on second attempt fails with: VBoxManage: error: Code NS_ERROR_FAILURE (0x80004005) - Operation failed (extended info not available) VBoxManage: error: Context: "AttachUSBDevice(usbId.raw(), captureFilename.raw())" at line 1428 of file VBoxManageControlVM.cpp

edit flag offensive delete link more
add a comment
0

answered 2022-12-16 10:38:49 +0000

Dynaroo gravatar image

The TotalPhase group has developed USB protocol analyzers in hardware version, but their prices are not accessible to all wallets. https://www.totalphase.com/products/usbguide/

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-05-02 18:20:48 +0000

Seen: 614 times

Last updated: Dec 16 '22

Related questions

How to capture USB packets please?

Why doesn't Wireshark trace USB string descriptors?

Capturing USB with libpcap on Linux

USB capture - What is the interpretation of URB fields?

Why am I getting "Malformed Packets" when analyzing USB CDC if they are correct?

Wi-Fi Packet Capture Best Method

USB capture stops working after restart capture

FTDI USB request block baud rate decoding

How is interface "XHC20" created on macOS?

Does Wireshark need admin rights/privileges to execute USB capture