Wireshark mailing list archives
Re: Usb dissectors, usb.protocol is always 0x000000
From: Pascal Quantin <pascal.quantin () gmail com>
Date: Sat, 24 Oct 2015 12:03:26 +0200
2015-10-23 21:01 GMT+02:00 Oleksii Shevchuk <public.avatar () gmail com>:
Pascal Quantin <pascal.quantin () gmail com> writes: I tried wireshark in Debian Jessie (1.12) and on gentoo (1.12.8). Screenshot is here - https://alxchk.me/scr.png Dump is here - https://alxchk.me/dump.pcapng.gz
Hi Oleksii, Thanks for the capture. It appears that your device is using a Device Class, Subclass and Protocol with value 0, as seen in packet 46, so what you get in the 'Decode As' window is correct. According to what I can see in the USB 2.0 specification, those values 0 means that the class/subclass/protocol is defined on an interface basis, and not a device basis. This info is stored in the usb_conv_info_t structure. This is the info you should use to trigger your dissection or not (not sure how this can be used with Lua as I only write C code). At least for now we do not provide a interface protocol dissector table. But you could register your dissector as an heuristic one and verify the interface protocol in the usb_conv_info structure given as data parameter. BR, Pascal.
// wbr // Oleksii Shevchuk2015-10-23 17:30 GMT+02:00 [AvataR] <public.avatar () gmail com>: > > Hi, > > ensure to capture the USB enumeration. This is required to fill those > fields. > > Best regards, > Pascal. > To be really sure, I start capture before plugging device to hub. There are enumeration, and descriptors are properly parsed. I can place pcap somewhere, if this may help. yes it could be useful. On my side I'm using USBPcap and USB Class ID,Subclass ID and Protocol are properly populated when the capture contains the USB enumeration.You did not indicate us which Wireshark version you are using. BR, Pascal.___________________________________________________________________________Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe ___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org ?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-request () wireshark org?subject=unsubscribe
Current thread:
- Usb dissectors, usb.protocol is always 0x000000 [AvataR] (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 Pascal Quantin (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 [AvataR] (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 Pascal Quantin (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 Oleksii Shevchuk (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 Pascal Quantin (Oct 24)
- Re: Usb dissectors, usb.protocol is always 0x000000 [AvataR] (Oct 23)
- Re: Usb dissectors, usb.protocol is always 0x000000 Pascal Quantin (Oct 23)