Wireshark-dev: Re: [Wireshark-dev] ethernet over USB
From: "Tyson Key" <[email protected]>
Date: Fri, 1 Feb 2008 16:36:41 +0000
Hi, I've just done a quick bit of research, and everything in the undissected (Data) payload after the Linux pseudo-header is the raw Ethernet packet. I've attached some files from monitoring my USB CDC ADSL router, if they provide potential insight.

Hope that helps.
Tyson.

On Feb 1, 2008 2:22 PM, Bill Fassler <[email protected]> wrote:
Tyson,

Thanks I'll check that out.  I also had the idea that perhaps I could export both capture logs into ASCII text and then use a perl script or something to try and identify two corresponding packets the raw USB packet that snoopypro has which matches the clean ethernet only packet(s) that Wireshark captured.  I boiled the Wireshark capture down to six packets, ARP broadcast, ARP response, PING request PING response (x2).

The snoopypro log during this period has closer to 200 packet captures.  I suppose I could just sit down with a magnifying class and in the time I have taken trying to find the sensible easy solution I could have by brute force found them manually (maybe).

Bill


Tyson Key <[email protected]> wrote:
Hi, assuming that you're referring to USB Communications Device Class, or ATM-over-USB devices (e.g. some consumer ADSL routers), everything gets sent as a generic URB_BULK(?) transmission, if I remember correctly, which Wireshark can't currently analyze. I'm not sure myself why it constantly sends a flow of data, even when both computers aren't using the link (presumably heartbeat traffic?). Assuming that Linux doesn't use some weird custom header, the USB Forum specifications might be of use.

Hope that helps.

On Jan 31, 2008 10:57 PM, Bill Fassler <[email protected]> wrote:
Hey guys, I have been trying to understand ethernet over USB.  I have ethernet over USB working on an embedded development board running a blackfin DSP and uClinux.  I have everthing configured and can network with either linux or windows.  I am trying to understand the protocol and packet headers, wrappers and such.

In an attempt to understand things I installed snoopypro and upgraded my Wireshark to 99.7, then I ping the windows box and it responds and I capture the traffic using both sniffers (yours and snoopypro).  I can not yet however, find a packet for packet correlation.  The sequence numbers are different.  I suppose that is because Wireshark sequence numbers are soley based on the Ethernet traffic (ARP and PING), when snoopypro picks up the higher layer and the sequence numbers reflect that.

I tried to limit the traffic to just one ping.  Figuring that should be easy.  It wasn't since apparently the linux ethernet over USB driver sends stuff out almost constantly regardless of whether there is ethernet traffic.

Any hoooo... you guys are the experts here.  I imagine I am making a simple task difficult.  How can I understand the ethernet over USB packet better?  I am thinking about writing a non-linux based version of this...... and don't understand it enough to even start just yet..

Bill Fassler

Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now.

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev



_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev


Never miss a thing. Make Yahoo your homepage.

_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev




--
Fight Internet Censorship! http://www.eff.org
              ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Open-Source Community, and Technology Testbed: http://www.house404.co.uk/

Attachment: USB
Description: Binary data

Attachment: USB1
Description: Binary data

Attachment: Ethernet
Description: Binary data

Attachment: Ethernet1
Description: Binary data