Wireshark-dev: [Wireshark-dev] Sniffing from USB ports
From: Paolo Abeni <paolo.abeni@xxxxxxxx>
Date: Mon, 09 Oct 2006 14:48:13 +0200
Hello, Current libpcap cvs support sniffing from usb ports. As requested from Ronnie Sahlberg I have created a wiki page on the argument: http://wiki.wireshark.org/USB and added a few samples on the capture samples wiki page: http://wiki.wireshark.org/SampleCaptures#head-88d8d4547e6ef5624e34b7bcb699e9591191128b The attached patch adds support for the newly introduced data link type and add a basic dissector for USB interfaces. ciao, Paolo -- Email.it, the professional e-mail, gratis per te: http://www.email.it/f Sponsor: La vita è fatta di emozioni... che i nostri gioielli ti sapranno di certo regalare. Qualità, competenza e convenienza al tuo servizio con Gioielleria Maglione Clicca qui: http://adv.email.it/cgi-bin/foclick.cgi?mid=5633&d=9-10
Index: epan/dissectors/Makefile.common
===================================================================
--- epan/dissectors/Makefile.common (revision 19459)
+++ epan/dissectors/Makefile.common (working copy)
@@ -658,6 +658,7 @@
packet-uma.c \
packet-udp.c \
packet-ulp.c \
+ packet-usb.c \
packet-umts_fp.c \
packet-umts_rrc.c \
packet-umts_rrc_ies.c \
Index: epan/dissectors/packet-usb.c
===================================================================
--- epan/dissectors/packet-usb.c (revision 0)
+++ epan/dissectors/packet-usb.c (revision 0)
@@ -0,0 +1,194 @@
+/* packet-usb.c
+ *
+ * $Id$
+ *
+ * usb basic dissector
+ * By Paolo Abeni <paolo.abeni@xxxxxxxxx>
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#ifdef HAVE_LIBPCAP
+#include <glib.h>
+#include <epan/packet.h>
+#include <epan/prefs.h>
+#include <epan/etypes.h>
+#include <epan/addr_resolv.h>
+#include <epan/tap.h>
+#include <pcap/bpf.h>
+#include <pcap/usb.h>
+
+/* protocols and header fields */
+static int proto_usb = -1;
+static int hf_usb_urb_type = -1;
+static int hf_usb_device_address = -1;
+static int hf_usb_endpoint_number = -1;
+static int hf_usb_request_type = -1;
+static int hf_usb_request = -1;
+static int hf_usb_value = -1;
+static int hf_usb_index = -1;
+static int hf_usb_length = -1;
+static int hf_usb_data = -1;
+
+static gint usb_hdr = -1;
+static gint usb_setup_hdr = -1;
+
+static int usb_tap = -1;
+
+static const char* urb_type_string[] = {
+ "URB_CONTROL_INPUT",
+ "URB_CONTROL_OUTPUT",
+ "URB_ISOCHRONOUS_INPUT",
+ "URB_ISOCHRONOUS_OUTPUT",
+ "URB_INTERRUPT_INPUT",
+ "URB_INTERRUPT_OUTPUT",
+ "URB_BULK_INPUT",
+ "URB_BULK_OUTPUT"
+};
+
+static void
+dissect_usb(tvbuff_t *tvb, packet_info *pinfo, proto_tree *parent)
+{
+ int offset = 0;
+ int type;
+ gboolean setup;
+ proto_tree *tree = 0;
+
+ if (check_col(pinfo->cinfo, COL_PROTOCOL))
+ col_set_str(pinfo->cinfo, COL_PROTOCOL, "USB");
+
+ /* add usb hdr*/
+ if (parent) {
+ proto_item *ti = proto_tree_add_protocol_format(parent, proto_usb, tvb, 0,
+ sizeof(pcap_usb_header), "USB URB");
+
+ tree = proto_item_add_subtree(ti, usb_hdr);
+ }
+
+
+ type = tvb_get_ntohl(tvb, offset);
+ proto_tree_add_string(tree, hf_usb_urb_type, tvb, offset, 4,
+ urb_type_string[type]);
+ offset += 4;
+ proto_tree_add_item(tree, hf_usb_device_address, tvb, offset, 4, FALSE);
+ offset += 4;
+ proto_tree_add_item(tree, hf_usb_endpoint_number, tvb, offset, 4, FALSE);
+ offset += 4;
+
+ /* check for setup hdr presence */
+ setup = tvb_get_ntohl(tvb, offset);
+ offset += 4;
+ if (setup)
+ {
+ proto_item *ti = proto_tree_add_protocol_format(parent, proto_usb, tvb,
+ offset, sizeof(pcap_usb_setup), "URB setup");
+
+ proto_tree* setup_tree = proto_item_add_subtree(ti, usb_setup_hdr);
+
+ proto_tree_add_item(setup_tree, hf_usb_request_type, tvb, offset, 4, FALSE);
+ offset += 4;
+ proto_tree_add_item(setup_tree, hf_usb_request, tvb, offset, 4, FALSE);
+ offset += 4;
+ proto_tree_add_item(setup_tree, hf_usb_value, tvb, offset, 4, FALSE);
+ offset += 4;
+ proto_tree_add_item(setup_tree, hf_usb_index, tvb, offset, 4, FALSE);
+ offset += 4;
+ proto_tree_add_item(setup_tree, hf_usb_length, tvb, offset, 4, FALSE);
+ offset += 4;
+ }
+
+ proto_tree_add_item(tree, hf_usb_data, tvb,
+ offset, tvb_length_remaining(tvb, offset), FALSE);
+ tap_queue_packet(usb_tap, pinfo, NULL);
+}
+
+#endif
+
+void
+proto_register_usb(void)
+{
+#ifdef HAVE_LIBPCAP
+ static hf_register_info hf[] = {
+
+ { &hf_usb_urb_type,
+ { "URB type", "usb.urb_type", FT_STRING, BASE_NONE, NULL, 0x0,
+ "URB type", HFILL }},
+
+ { &hf_usb_device_address,
+ { "Device", "usb.device_address", FT_UINT32, BASE_DEC, NULL, 0x0,
+ "USB device address", HFILL }},
+
+ { &hf_usb_endpoint_number,
+ { "Endpoint", "usb.endpoint_number", FT_UINT32, BASE_DEC, NULL, 0x0,
+ "usb endpoint number", HFILL }},
+
+ { &hf_usb_request_type,
+ { "Request Type", "usb.request_type", FT_UINT32, BASE_HEX, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_usb_request,
+ { "Request", "usb.request", FT_UINT32, BASE_HEX, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_usb_value,
+ { "value", "usb.value", FT_UINT32, BASE_HEX, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_usb_index,
+ { "Index", "usb.index", FT_UINT32, BASE_DEC, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_usb_length,
+ { "Length", "usb.length", FT_UINT32, BASE_DEC, NULL, 0x0,
+ "", HFILL }},
+
+ { &hf_usb_data,
+ {"Application Data", "usb.data",
+ FT_BYTES, BASE_HEX, NULL, 0x0,
+ "Payload is application data", HFILL }}
+
+ };
+
+ static gint *usb_subtrees[] = {
+ &usb_hdr,
+ &usb_setup_hdr
+ };
+
+
+ proto_usb = proto_register_protocol("USB", "USB", "usb");
+ proto_register_field_array(proto_usb, hf, array_length(hf));
+ proto_register_subtree_array(usb_subtrees, array_length(usb_subtrees));
+
+
+ register_dissector("eth", dissect_usb, proto_usb);
+ usb_tap = register_tap("usb");
+#endif
+}
+
+void
+proto_reg_handoff_usb(void)
+{
+#ifdef HAVE_LIBPCAP
+ dissector_handle_t usb_handle;
+ usb_handle = create_dissector_handle(dissect_usb, proto_usb);
+
+ dissector_add("wtap_encap", WTAP_ENCAP_USB, usb_handle);
+#endif
+}
Index: wiretap/wtap.c
===================================================================
--- wiretap/wtap.c (revision 19459)
+++ wiretap/wtap.c (working copy)
@@ -363,6 +363,9 @@
/* WTAP_ENCAP_JUNIPER_VP */
{ "Juniper Voice PIC", "juniper-vp" },
+
+ /* WTAP_ENCAP_USB */
+ { "Raw USB packets", "usb" },
};
/* Name that should be somewhat descriptive. */
Index: wiretap/wtap.h
===================================================================
--- wiretap/wtap.h (revision 19459)
+++ wiretap/wtap.h (working copy)
@@ -182,9 +182,10 @@
#define WTAP_ENCAP_CATAPULT_DCT2000 89
#define WTAP_ENCAP_BER 90
#define WTAP_ENCAP_JUNIPER_VP 91
+#define WTAP_ENCAP_USB 92
/* last WTAP_ENCAP_ value + 1 */
-#define WTAP_NUM_ENCAP_TYPES 92
+#define WTAP_NUM_ENCAP_TYPES 93
/* File types that can be read by wiretap.
We support writing some many of these file types, too, so we
Index: wiretap/libpcap.c
===================================================================
--- wiretap/libpcap.c (revision 19459)
+++ wiretap/libpcap.c (working copy)
@@ -410,6 +410,8 @@
{ 181, WTAP_ENCAP_JUNIPER_CHDLC },
/* VOIP Frames prepended with meta-information */
{ 183, WTAP_ENCAP_JUNIPER_VP },
+ /* raw USB packets */
+ { 186, WTAP_ENCAP_USB },
/*
- Follow-Ups:
- Re: [Wireshark-dev] Sniffing from USB ports
- From: ronnie sahlberg
- Re: [Wireshark-dev] Sniffing from USB ports
- Prev by Date: [Wireshark-dev] Please help me, I need to automatize the calculation of Interarrival jitter??
- Next by Date: [Wireshark-dev] Please help me, I need to automatize the calculation of Interarrival jitter??
- Previous by thread: Re: [Wireshark-dev] Please help me, I need to automatize the calculation of Interarrival jitter??
- Next by thread: Re: [Wireshark-dev] Sniffing from USB ports
- Index(es):