[Cryptech Tech] Constant stream of USB data on Alpha's UART ports?

[Rob Austein]

This is primarily a question for Peter Stuge.

Yuri Schaeffer reports that the Alpha's serial ports seem to be
generating a lot of USB traffic, even when the HSM is idle.  I can
confirm this: Wireshark[*] shows a constant stream of URB_BULK packets
flying between the host and each of the FTDI UART chips.

Is this normal?  Is there something we can and should do about it?
It's not obviously interfering with any of the HSM's functions, it
just seems odd.  But I don't claim to be an expert on USB.

===

[*] For those who aren't already way ahead of me here, here's how to
use Wireshark or tshark to trace USB traffic on a Debian or Ubuntu
machine:

* Run `lsusb` to find out which USB bus connects to your HSM (in my
  test case lsusb reports that it's bus "05").

* Install wireshark / tshark if you haven't already, and load the
  "usbmon" kernel module:

     sudo apt-get install wireshark tshark
     sudo modprobe usbmon

* Run wireshark / tshark to capture some data, using the usbmon
  "interface" corresponding to the USB bus number you found above (so
  "usbmon5" in my test case):

     sudo tshark -i usbmon5 -c 40

  Wireshark is similar, just GUIer.

  Yes, you must run *shark as root, in spite of all the dire warnings
  about never doing that, because if you read the document that the
  dire warnings tells you to read, it says "we lied, for USB you need
  to run *shark as root, get over it".  Given the history of
  vulnerabilities in *shark packet decoders, you might not want to
  perform this test on any machine you consider critical....