Hello,
I'm trying to capture packets on USB port from a device without any driver installed on the computer, and I can't find a solution. Is this even possible ?
Thank you
USBPcap (and the capture mechanisms built into some other OSes) don't know or care that there's no driver.
However, with no driver, the amount of USB traffic that will go to the device is limited.
So you may capture a small amount of traffic if the OS is, for example, probing the device to determine what type of device it is, in order to see if it has a driver for it, but that's about it.
The solution is "load a driver for the device"; you can't capture traffic that doesn't exist.
When an USB device is attached and powered to the hub, the enumeration starts. It doesn't matter of any driver.
With Wireshark, I do not check the "Capture from all devices connected" box, I check the "Capture from newly connected devices" box, and I do not check the "Inject already connected devices descriptors into capture data" box. My device is not connected to my computer until the capture is started.
I want to capture the device descriptors when attached but the Wireshark capture remains empty.
@desowin: at least as I read the block diagram on the USBPcap site, the USBPcap driver taps into the traffic between the root hub FDO and the root hub PDO; is that the case? If so, does that mean it will see traffic even to devices for which there is no Windows driver installed, such as the initial device configuration?
Or would those be transactions sent to the device before the device has been assigned its address, as per the ""What you won’t see using USBPcap section of the USBPcap Capture limitations page?
While USBPcap indeed taps between root hub FDO and root hub PDO, it does not capture the traffic on this tap. The root hub tap is used to keep track of connected devices and to create new taps. The actual traffic (URBs) is captured between USB device FDO and PDO (it is mentioned in USBPcap (device) section below the block diagram). USBPcap won't see traffic to device if there is no Windows driver installed as there won't be the actual URB tap (USBPCAP_MAGIC_DEVICE).
As a workaround you could try to install one of libusb supported drivers with Zadig.
USBPcap design can be improved to capture the early enumeration phase but that is not a trivial task. That is, the code most likely will be simpler and clearer than current implementation, but coming with the new design is hard and requires quite significant effort.
Comments
Do you mean that you have a USB network adapter (Ethernet, Wi-Fi, etc.), and your machine doesn't have a driver for that adapter installed, and you want to use the device to capture network traffic?
Or do you mean you want to capture USB traffic between your machine and the device, rather than capturing network traffic?
I mean I want to capture USB traffic between my computer and the device (I have installed USBPcap on Windows10, and I use Wireshark GUI). But the device is unusable because I don't have the drivers installed.