1 / 15

USB software sniffers

USB software sniffers. EE 587 Advanced Embedded Systems Prof. James E. Lumpp Presented by Sri Harsha Yenuganti. What are we going to see today?. Today we are going to see some of the free software USB sniffers available . We will compare them and analyze their use for our application.

leenancy
Download Presentation

USB software sniffers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. USB software sniffers EE 587 Advanced Embedded Systems Prof. James E. Lumpp Presented by Sri Harsha Yenuganti USB software Sniffers

  2. What are we going to see today? • Today we are going to see some of the free software USB sniffers available . • We will compare them and analyze their use for our application. • The sniffers explained are • SniffUSB/USB Snoopy( Free ) • Snoopy Pro ( Free ) • USBSpy ( $49.00) USB software Sniffers

  3. SniffUSB Screenshot USB software Sniffers

  4. Sniff USB Log file • [0 ms] UsbSnoop compiled on Jan 18 2003 22:41:32 loading • [0 ms] UsbSnoop - DriverEntry(ba0b0c40) : Windows NT WDM version 1.32 • [28 ms] UsbSnoop - AddDevice(ba0b0f50) : DriverObject 849ac1e8, pdo 849f15b8 • [29 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (0x00000018) • [29 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (0x00000018) • [29 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS) • [29 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS) • [56709 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS) • [56709 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS) • [56714 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE) • [56714 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE) • [56714 ms] UsbSnoop - RemoveDevice(ba0b0e90) : fido=8465ed38 pdx=8465edf0 • [56714 ms] UsbSnoop - DriverUnload(ba0b0de0) : DriverObject 849ac1e8, IRQL=0 • [56714 ms] Driver unloaded! • MyThreadFunction : myMsgCount=15 myMaxSemaphoreCount=3 myMaxIrql=0, myAllocationFailed=0, mySemaphoreFailed=0 USB software Sniffers

  5. SnoopyPro • A free USB sniffing software. • It allows you to record each URB sent to and received from a USB device. • WARNING: Don't use it if you don't know what you're doing!!!! We're not responsible for anything that happens to you, your system, your devices, your marriage, etc. etc. • User must know the VID and PID of the USB Device . USB software Sniffers

  6. Screen shot USB software Sniffers

  7. Screenshot (contd.) USB software Sniffers

  8. Demerits: • SnoopyPro has a buffer size limitation making it unable to receive packets above a certain size. If it receives a large packet, it stops logging. • Doesn't have a pretty gui for log analysis, but exports every part of the packet into a textual log file. USB software Sniffers

  9. USBSpyA Software USB Sniffer(Commercial)

  10. USB software Sniffers

  11. USBSpy Features at a Glance • Interception of all I/O requests and events between a USD device and its host. • USBSpy doesn't create any additional filters, devices that could otherwise destroy the structure of drivers in your system. • Extended search and filtering options. • Triggers on packet types, device requests, completion statuses, errors, etc. • Automatic capture of hot-plugged devices. • Interception at system boot. • Export of traffic logs into XML. • Clear intuitive interface. USB software Sniffers

  12. Types of Requests Supported USBSpy, designed for recording and monitoring input/output requests of USB devices, supports the following types of requests: • URB (USB Request Block) • Hub and HID • PNP (Plug'n'Play) • Power • USB Internal ioctls • Remove events USB software Sniffers

  13. Merits: • Has almost the same data capture facilities as the more expensive ones like USBlyser, USB Monitor. • Very cheap. Only $49/single license. • Displays the raw data also. • Support for triggers available. • Facilitates Background capturing. USB software Sniffers

  14. Demerits: • No support for graph display • Only Text display available • No export of capture list content or any part of it to plain text, CSV, HTML formats. It only supports .dat and XML formats. • Support for multiple devices monitoring at a time. USB software Sniffers

  15. Conclusion A brief analysis of 3 software sniffers is presented. • SniffUSB seems to be less informative about the data exchanged. • Snoopy Pro is the best available free sniffer on the net. But it can sniff only URB packets. • USBSpy is almost similar to Snoopy Pro except for the fact that it can sniff more request types than the snoopy Pro which can do only URB packet sniffs. Any Queries ? USB software Sniffers

More Related