On Wed, 7 Oct 2015, Keith A. Milner wrote:
The data I'm getting from Wireshark via USBMon seems OK from my initial viewing. Incidentally, Wireshark can sniff directly from usbmon interfaces and exposes them as capture interfaces (at least with the version I have).
Same here. I might have been unclear in my previous message, but that is what I meant.
The isochronous data appears as follows:
"54","24.767751000","host","7.14","USB","192","URB_ISOCHRONOUS
Yes, these are the isochronous packet headers.
in","eeffffff 00000000 70000000 00000000 eeffffff 70000000...",""
-------- -------- -------- -------- tag ? offset length status and again (next header)
My understanding is that the isochronous data is sent one packet per frame on the wire (interval: 1 ms for full speed, 125 µs (actually called a microframe) for high speed) but delivering the data one packet at a time to the USB application would result in a lot of packet transfers, so isochronous data is lumped together and delivered at some more or less regular interval to the higher layers. So at USB API (or Wireshark) layer you get these 'isochronous' packets which list a bunch of headers followed by the corresponding data as a single 'packet', even though it's been assembled from several distinct ones. The 'offset' fields are relative to the end of the headers in the resulting packet, where the actual isochronous data starts.
Wireshark also appears to decode them quite nicely. I've pasted one of the GET DESCRIPTOR responses below. ... DESCRIPTOR Response CONFIGURATION
Frame 9: 240 bytes on wire (1920 bits), 240 bytes captured (1920 bits) on interface 0 ... iInterface: 0 UNKNOWN DESCRIPTOR bLength: 6 bDescriptorType: 0x24 (unknown) INTERFACE DESCRIPTOR (1.1): class Vendor Specific bLength: 9 bDescriptorType: 0x04 (INTERFACE) ...
Actually, you should be able to get the configuration information directly in Linux by using 'lsusb -v'. It lists the 'Unknown descriptors' in their entirety in hex (prefixed by 'UNRECOGNIZED:') so that you can decode them separately without having to examine the actual binary packet content in Wireshark.
/Ricard