From Nikon Hacker
Jump to: navigation, search


D5100 camera is represented by USB bus device with product ID 0x0429 vendor ID 0x04B0 (Nikon) and release number 0x0100 and is USB 2.0 compatible. It acts as USB function and implements MTP/PTP protocol with 4 endpoints. Additionally DPS service is implemented on top of PTP that allow usage of PictBridge printer (which acts as USB host).

PTP / MTP Links

DPS / Pictbridge Links

USB Sniffing


Wireshark has built in USB capture and decode [1]. Using current vanilla release of Wireshark you can only capture in Linux. Hopefully, on Windows XP and later you can use to create PCAP file. Once you've created a PCAP file, you can do the analysis with Wireshark. Please note that you have to use patched version of Wireshark to analyse the file created by USBPcap. There is also a command line version of wireshark [2] [3]

Linux Host

From a Linux box you can capture USB packets directly using Wireshark. As of version 1.9.1 the PTP/MTP dissector is not part of the normal distribution. Please see Wireshark PTP Support for install / download details. This page [4] has good details on the VMWare setup.

Once you have wireshark installed run Windows inside a Virtual machine such as VirtualBox or VMWare Player.

sudo apt-get install tshark wireshark
modprobe usbmon
tshark -D 
tshark -i usbmon1 -w my.pcap
tshark -x -r my.pcap
tshark -x -V -r my.pcap

Windows Host

You can use Windows as a host when using VMWare as a guest. VMWare has a built in USB logging feature which you can convert into PCAP files using this conversion script

However, the script seems to be out of date, had to edit it slightly to get it to parse :

> #!/usr/bin/ruby
< 		raise "unknown ts #{ts.inspect}" if ts !~ /^(\w+) (\d+) (\d+):(\d+):(\d+)\.(\d+)$/
< 		@ynow ||=
< 		Time.mktime(@ynow, $1, $2, $3, $4, $5, $6.ljust(6, '0'))
> 		#raise "unknown ts #{ts.inspect}" if ts !~ /^(\w+) (\d+) (\d+):(\d+):(\d+)\.(\d+)$/
> 		#@ynow ||=
> 		#Time.mktime(@ynow, $1, $2, $3, $4, $5, $6.ljust(6, '0'))
>         # 2013-02-23T11:52:33.969-08:00| vcpu-0| I120
> 		raise "unknown ts #{ts.inspect}" if ts !~ /^(\d+)\-(\d+)\-(\d+)T(\d+):(\d+):(\d+)\.(\d+)/
> 		Time.mktime($1, $2, $3, $4, $5, $6, $7)
< 			when /(Up|Down) dev=([0-9a-f]+) endpt=([0-9a-f]+) datalen=(\d+) numPackets=1 status=(-?\d+) ([0-9a-f]+)/i
> 			#when /(Up|Down) dev=([0-9a-f]+) endpt=([0-9a-f]+) datalen=(\d+) numPackets=1 status=(-?\d+) ([0-9a-f]+)/i
>             #Down dev=1 'usb:0' endpt=82 stream=0 datalen=8 numPackets=0 status=0 0\r\n
> 			when /(Up|Down) dev=([0-9a-f]+) '\w+:\d+' endpt=([0-9a-f]+) stream=\d+ datalen=(\d+) numPackets=\d+ status=(-?\d+) ([0-9a-f]+)/i

VMWare Analyzer

There is another open source utility that analyzes USB traffic from VMWare logs. There is no native PTP/MTP support.

sudo apt-get install python-gnome2
sudo apt-get install vusb-analyzer

Of course you could always create an Ubuntu virtual machine just for this or other hacking.

The system version is the same found on Source Forge. It appears to not parse the newest log files coming from VMWare Player. Instead there is a git version that does work for me at

git clone git://
chmod +x vusb-analyzer/vusb-analyzer
vusb-analyzer/vusb-analyzer my.log