Monitoring (Sniffing) /dev/ttyUSB0 created by FTDI USB Serial Converter

6
votes

I want to monitor (sniff) the traffic of my /dev/ttyUSB0 which is created by FTDI USB Serial Converter. I've written my own application in Windows and now I try to port it to linux and use /dev/tty/USB0. I want to debug the communication that actually happens.

The software strace is not an option for me because it only shows the syscalls to ioctl.

Using Windows the software "Free Serial Port Monitor" did it by sniffing COM1.

Output of dmesg:

[16975.000221] usb 7-1: new full-speed USB device number 5 using  uhci_hcd
[16975.193543] usb 7-1: New USB device found, idVendor=0403, idProduct=6001
[16975.193548] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[16975.193552] usb 7-1: Product: FT232R USB UART
[16975.193555] usb 7-1: Manufacturer: FTDI
[16975.193558] usb 7-1: SerialNumber: A400BJII
[16975.200550] ftdi_sio 7-1:1.0: FTDI USB Serial Device converter detected
[16975.200599] usb 7-1: Detected FT232RL
[16975.202604] usb 7-1: FTDI USB Serial Device converter now attached to ttyUSB0

However I tried moserial to do this and the command "echo foobar > /dev/ttyUSB0" to verify, if it works. Also my software doesn't create an output to moserial.

UPDATE:

Found out how to monitor usb directly, now I need to convert USB packets to RS-232 (what FTDI basically does).

  1. Setup usbmon

    modprobe usbmon

    1.1 With Linux kernels prior to 2.6.23, you will also need to run this command

    modprobe -t debugfs none /sys/kernel/debug

  2. usbmon0 will monitor any traffic from all usbmon0 to usbmonX 2.1. Find the correct usb device

    cat /sys/kernel/debug/usb/devices|grep FTDI -A 7 -B 4

    T:  Bus=07 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 12 Spd=12   MxCh= 0
D:  Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs=  1
P:  Vendor=0403 ProdID=6001 Rev= 6.00
S:  Manufacturer=FTDI
S:  Product=FT232R USB UART
S:  SerialNumber=A400BJII
C:* #Ifs= 1 Cfg#= 1 Atr=a0 MxPwr= 90mA
I:* If#= 0 Alt= 0 #EPs= 2 Cls=ff(vend.) Sub=ff Prot=ff Driver=ftdi_sio
E:  Ad=81(I) Atr=02(Bulk) MxPS=  64 Ivl=0ms
E:  Ad=02(O) Atr=02(Bulk) MxPS=  64 Ivl=0ms

    2.2. Note Bus number of the port (Bus=07), so usbmon to monitor will be usbmon7

    2.3. Use wireshark to capture the usbmon7 interface or use following command to get output to the console (stdout) ... replace the number with bus-id

    cat /sys/kernel/debug/usb/usbmon/7u

    What means 'u'? https://www.kernel.org/doc/Documentation/usb/usbmon.txt

    Two formats are supported currently: the original, or '1t' format, and the '1u' format. The '1t' format is deprecated in kernel 2.6.21. The '1u' format adds a few fields, such as ISO frame descriptors, interval, etc. It produces slightly longer lines, but otherwise is a perfect superset of '1t' format.

  3. How do I convert the USB capture to RS-232 capture? I don't know it ... TODO

1
linuxserial-portusbmonitoring

1 Answers

3
votes

With your hint I managed to solve my problem, so there it is my hint for the last point:

  1. Using Wireshark, open usbmon0 and use this filter

    usb.capdata or at

Issuing two times the command echo asd > /dev/ttyUSB0 produces the result below in Wireshark

Wireshark result

You can extract the whole Leftover Capture Data from a capture file using tshark:

tshark -r capture.pcapng -T fields -e usb.capdata