Wireshark · Wireshark-dev: Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000

Wireshark-dev: Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000

From: Pascal Quantin <pascal.quantin@xxxxxxxxx>

Date: Sat, 24 Oct 2015 12:03:26 +0200

2015-10-23 21:01 GMT+02:00 Oleksii Shevchuk <public.avatar@xxxxxxxxx>:

Pascal Quantin <pascal.quantin@xxxxxxxxx> writes:

I tried wireshark in Debian Jessie (1.12) and on gentoo (1.12.8).

Screenshot is here - https://alxchk.me/scr.png
Dump is here - https://alxchk.me/dump.pcapng.gz

Hi Oleksii,

Thanks for the capture. It appears that your device is using a Device Class, Subclass and Protocol with value 0, as seen in packet 46, so what you get in the 'Decode As' window is correct.

According to what I can see in the USB 2.0 specification, those values 0 means that the class/subclass/protocol is defined on an interface basis, and not a device basis.

This info is stored in the usb_conv_info_t structure. This is the info you should use to trigger your dissection or not (not sure how this can be used with Lua as I only write C code). At least for now we do not provide a interface protocol dissector table.

But you could register your dissector as an heuristic one and verify the interface protocol in the usb_conv_info structure given as data parameter.

BR,

Pascal.

// wbr
// Oleksii Shevchuk

> 2015-10-23 17:30 GMT+02:00 [AvataR] <public.avatar@xxxxxxxxx>:
>
>
> >
> > Hi,
> >
> > ensure to capture the USB enumeration. This is required to fill those
> > fields.
> >
> > Best regards,
> > Pascal.
> >
>
> To be really sure, I start capture before plugging device to hub.
> There are enumeration, and descriptors are properly parsed. I can
> place pcap somewhere, if this may help.
>
>
> yes it could be useful. On my side I'm using USBPcap and USB Class ID, Subclass ID and Protocol are properly populated when the capture contains the USB enumeration.
> You did not indicate us which Wireshark version you are using.
>
> BR,
> Pascal.
>

> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives: https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

References:
- [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
  - From: [AvataR]
- Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
  - From: Pascal Quantin
- Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
  - From: [AvataR]
- Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
  - From: Pascal Quantin
- Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
  - From: Oleksii Shevchuk

Prev by Date: Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
Next by Date: Re: [Wireshark-dev] Change in wireshark[master]: Convert "dissector filter" registrations to "dissector color...
Previous by thread: Re: [Wireshark-dev] Usb dissectors, usb.protocol is always 0x000000
Next by thread: Re: [Wireshark-dev] Change in wireshark[master]: Convert "dissector filter" registrations to "dissector color...
Index(es):
- Date
- Thread