First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Capture usb traffic in vm

Hi, i have a linux host Ubuntu 20.04 I want to capture traffic of usb sound card Focusrite Scarlett:

this is the result: my lsusb is:

Bus 002 Device 002: ID 0bc2:ab24 Seagate RSS LLC Backup Plus Portable Drive  
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub  
Bus 001 Device 004: ID 0764:0501 Cyber Power System, Inc. CP1500 AVR UPS  
Bus 001 Device 008: ID 046d:c31c Logitech, Inc. Keyboard K120  
Bus 001 Device 007: ID 058f:9540 Alcor Micro Blockquote Corp. AU9540 Smartcard Reader  
Bus 001 Device 006: ID 046d:082d Logitech, Inc. HD Pro Webcam C920  
Bus 001 Device 005: ID 046d:c077 Logitech, Inc. M105 Optical Mouse  
Bus 001 Device 003: ID 05e3:0606 Genesys Logic, Inc. USB 2.0 Hub / D-Link DUB-H4 USB 2.0 Hub  
Bus 001 Device 002: ID 1235:8212 Focusrite-Novation Scarlett 4i4 USB  
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

So i have installed wireshark in the guest vm with windows10. I need to capture the traffic and dont know how....which filter to use ( im using virtualbox )

Thanks

eduardo74's avatar
1
eduardo74
asked 2022-05-02 18:20:48 +0000
edit flag offensive 0 remove flag close merge delete

Comments

So do you want to capture the traffic between Linux and the sound card or between Windows and the sound card?

Guy Harris's avatar Guy Harris (2022-12-17 00:07:06 +0000) edit
more
  • delete
add a comment see more comments

2 Answers

0

The TotalPhase group has developed USB protocol analyzers in hardware version, but their prices are not accessible to all wallets. https://www.totalphase.com/products/usbguide/

Dynaroo's avatar
1
Dynaroo
answered 2022-12-16 10:38:49 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments
0

You have to capture usb traffic of the guest from the host. Either via VirtualBox tools https://docs.oracle.com/en/virtualiza... on the host. Or load the "usbmon" module on the host and start wiresharrk and capture from the usbmon<x> where X is the USB Bus where the device you want to capture is.</x>

Note that the usbmon method capture all the traffic from devices on the same bus, while the virtuabox one allows to capture only one USB device traffic . But sadly here with VirtualBox 6.1.40 r154048 (Qt5.15.4) the VirtualBox method fails silently on the first attempt then on second attempt fails with: VBoxManage: error: Code NS_ERROR_FAILURE (0x80004005) - Operation failed (extended info not available) VBoxManage: error: Context: "AttachUSBDevice(usbId.raw(), captureFilename.raw())" at line 1428 of file VBoxManageControlVM.cpp

abws's avatar
1
abws
answered 2023-01-09 18:32:55 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer