From time to time, I need to dump USB traffic under Windows, mostly to support hardware under Linux, so my primary goal is to produce dump files for protocol analysis.
For USB traffic, it seems that SniffUsb is the clear winner... It works under Windows XP (but not later) and has a much nicer GUI than earlier versions. It produces huge dump files, but everything is there.
However, my device is in fact a USB serial device, so I turned to Portmon which can sniff serial port traffic without the USB overhead.
After five years waiting, now it's possible to sniff usb packets on windows
See http://desowin.org/usbpcap/tour.html for a quick tour. It works pretty well
Since people don't seem to realize it, Wireshark does monitor USB traffic and has a parser for it; but the catch is it only works under Linux. Wireshark on Windows will not do this.
It may be possible to plug the USB device you want to monitor, along with a Linux machine (with Wireshark running) and your Windows machine and just use the USB device under Windows.
Problem with the above? I don't know how the Linux machine or the Windows machine will detect each other.
Busdog, an open source project hosted on github, has worked well for me. It has a driver it installs to allow it to monitor USB communications. The config window allows you to reinstall or remove the device at any time.
You can select the USB device you want from an enumerated list. A nice feature is to have it automatically trace a new device that is plugged in:
Data communications to and from an SWR analyzer I was reverse engineering were captured flawlessly:
USBSnoop works too - and is free.
Or, you could buy a USB to Ethernet converter and use whatever network sniffer you prefer to see the data.
Personally, I'd use QEMU or KVM and instrument their USB passthrough code, and then use libusb to prototype the replacement driver in user space (this latter bit I've done before; writing USB device drivers in Python is fun!).
Microsoft Message Analyzer was able to capture USB traffic, with Device and Log File parser from MS: link
Update: as mentioned by #facetus, MS Message Analyzer has been retired on November 25 2019.
Related
How can I monitor all USB traffic on OSX? I downloaded the USB monitoring extensions from the Apple Dev website and ran USB Prober. Nothing shows up when I start the monitoring, and there is data being sent to and from the USB device while monitoring.
I found 2 similar topics on this site, but neither gave an answer aside from using libusb. I was hoping I wouldn't have to write my own monitor from scratch using libusb. Seeing as the questions were asked in 2010, I'm hoping tools have been developed since then to accomplish this on OSX.
It's possible in high sierra (and maybe older versions), you'll need Wireshark's nightly build (I am using V2.5.0rc0). After you install it, you'll need to bring up the USB "interface":
sudo ifconfig XHC20 up
And after that you can use wireshark to sniff all the traffic in the XHC20 interface. When you finish, remember to turn the interface down:
sudo ifconfig XHC20 down
Source: aud-ios.
USB Prober doesn't log all USB traffic. It only logs USB/HID driver messages (diagnostic/info messages posted by USB/HID drivers).
I've never tried libusb for this but I suspect that it can't capture all USB traffic ether (but I could be wrong).
If you're at all serious about monitoring USB traffic you should consider a hardware USB Protocol Analyzer like the Beagle 12 from Total Phase: http://www.totalphase.com/products/beagle_usb12/
Or the USB Explorer 200 from Ellisys: http://www.ellisys.com/products/usbex200/index.php
You might be interested in contributing to this kickstarted project:
http://www.kickstarter.com/projects/bushing/openvizsla-open-source-usb-protocol-analyzer?ref=card
usbtracer is included in USB Prober.app:
https://developer.apple.com/library/mac/qa/qa1370/_index.html
no HTML anchors there, so search for
"Where do I find the usbtracer tool and how can I use it?"
i don't know if it shows all traffic or not, but at least in my case it shows something, and USB Prober shows nothing
I need to set up USB communication between a Windows 7 host and a Linux device for data transfer. I was able to compile the Linux kernel on the device to include the Gadget Zero driver in the kernel (not as a loadable module - Linux version 3.0.15). My project has some requirements, which also explains why I chose Gadget Zero:
1) On the Windows 7 host, a kernel mode driver must be used to communicate over the USB connection for sending and receiving bulk data. (speed is not important, not a lot of data at once).
2) On the linux device, no requirements on USB side except send and receive data easily over USB link. The data received will eventually be "unmarshalled" to call functions in another kernel module (and those responses packaged and sent back to the host).
3) Multiple linux devices will be connected to the host, so need easy way to enumerate connected devices and communicate with them.
So due to the requirements, I decided against the Gadget Serial. I'm having serious issues sending and receiving data over the virtual COM port in kernel mode (KMDF) in Win 7 host. WinUSB does not seem to want to open my attached device (I'm using KMDF windows USB driver from template in VS2012) Also, the gadget serial driver on the linux side, I cannot find the functions where the data is received and sent. Plus, any received data on the linux device seems to be echoed back to the host for some reason. (and to test this, I wrote a simple user-mode app in Windows, which is a no-no for my project).
Gadget Zero, it appears much simpler on the linux side. I can plug the USB cable to the Win7 host, and I can get the device to appear in the device manager. However, again I am having problems with getting communication going over the link. Gadget Zero has 2 bulk endpoints, so this shouldn't be an issue. Surely, someone has made data communication possible between a Windows host and a linux device using Gadget Zero? With Gadget Zero, it should be easy to enumerate the connected linux devices and communicate with them.
The trick is to keep the Windows side communication in kernel mode. Can someone point me in the right direction perhaps with Gadget Zero, Windows 7 KMDF, and some sample source code? I have a hard time believing no one has done this before because my internet searches don't turn up much. (and mostly user-mode solutions with Gadget Serial).
Thanks!
So you're writing a Win32 driver in which you want to communicate with your linuxed usb? I haven't written much win32 kernel code, but I believe I've seen a huge section in the doc, saying something like "This is how you make usb drivers"... That'd be it. In other words, when in kernel mode you have access to the full kernel usb layer. You don't need an existing driver or whatnot.
On the linux side you can use the serial gadget, in a different run mode. Only the default run mode, registers it self as VCP. There exist a more basic mode:
modprobe g_serial use_acm=0
Give it your own vendor id and you'll be able to attach your very own custom win32 driver. The 'multiple linux devices' will be handled by Windows. (Multiple instances of your driver, will be initiated.)
The echo you're seeing btw, is most likely a terminal feature. (The terminal mode on uarts will echo.) You have to disable it, when connecting. And now that you're at it, you also have to disable the xon/xoff, esc chars etc. (Standard legacy rubbish.)
And another thing. I'm not sure the gadget zero actually sends the data onto the line. It's meant for testing the gadget framework. (I could be mistaken though.)
Anyway, you've prolly solved this issue years ago. I'd be nice to know what you came up with.
I have an Arduino application talking over USB to an application on Windows 8 using the MAVLINK protocol. The connection appears as COM3.
Is there a Windows application that can spy on this connection and display the traffic going in both directions? Raw bytes are fine, I don't need the protocol decoded.
You could log serial port activity using Portmon. (Edit: You need to first connect to the local computer via the Computer menu, and you must start capture on the port before a program opens it.)
You may not want to log USB traffic. Such a log would include a lot of extra information relating to the USB to serial adapter which is providing COM3. Portmon would only give you the bytes transferred over COM3, and the Mavlink protocol is entirely contained within that data stream. If you're sure you want to log all USB traffic to and from that device, then I recommend SnoopyPro. In Windows 7, you need to run it as administrator.
If you can use Windows XP in your environment, USB sniff should work for you. If you need something more powerful (and are willing to pay a fee for it) then USBLyzer might be a viable option.
The answer is SnoopyPro, and you can download it at:
SnoopyPro Sourceforge
This tool allows you to get USB information and also USB communication data. I used it in the past to know how a USB device worked in order to do its driver on Linux. I used this tool as a sniffer.
Basically, SnoopyPro allows you to intercept, display, record and analyze the USB protocol and all transferred data between any USB device connected to your PC and applications. It can be successfully used in application development, USB device driver or hardware development and offers the powerful platform for effective coding, testing and optimization.
I'd like to modify a USB driver to send and receive USB data over a network.
Take for example, an iMac and a PC. I have an iPod plugged in to my PC (in NY). I want my iMac (in LA) to recognize the iPod as plugged in to a local USB port and be able to communicate with the iPod.
Forget my qualifications, or lack thereof (I have background in web, iOS apps, I've toyed with Java and C).
Where can I get source code for a USB driver for Windows that I can modify? Mac OS?
Any tips or pointers towards accomplishing my goal would be appreciated as well.
It looks like folks are coming up with something close to what you want. If you do decide to roll your own, the USB driver source you asked for is libusb.
On the Mac OS X end, drivers are built up in a stack. What you want to do should be relatively simple (nothing is really simple in kernel land). You need to create a driver that can communicate over ethernet with the PC and looks like a USB device to the driver matching software. Then everything else will happen automatically.
The source code is available for Apple's USB stack. You should also read about the IOKit API and IOKit device driver guidelines and IOKit fundamentals.
Oh yes and you say you have toyed with Java and C. To write device drivers on OS X, you'll need to learn some C++.
I suggest you to go see USBIP project. This is available on Linux and Windows, but not clear for MAC. If you can get a VHCI-Controller driver installed for MAC, we can kick start USBIP for MAC.
Sounds quite like this product, a bit unsure if theirs works over wide-area networks though.
I have a general idea of how I'd go about it, but not any specifics. Basically, I'd use the platform's driver development kit to write a USB device emulator on the client machine. I'd then add a virtual device to that system called "Networked USB Host", or something similar that maintains an open port to listen for communication from the server and passes it on to your virtual USB device. IIRC, the Windows DDK comes with a USB simulation framework that might be able to help you with this.
On the server, you'd have to hook into the USB subsystem to send raw USB packets to the client machine. libpcap and wireshark have USB capturing facilities for that, but I'm not sure if this works with winpcap and the Windows version of wireshark as well.
EDIT: Look at this for cross-platform USB capture alternatives.
You can buy OSR USB learning kit: https://www.osronline.com/custom.cfm?name=index_fullframeset.cfm&pageURL=https://www.osronline.com/store/index.cfm
This is actually small USB device with known interface. Windows Driver Kit (WDK) contains sample KMDF driver for this device: http://www.microsoft.com/whdc/driver/wdk/
This is good starting point to learn Windows Drivers development, and USB drivers development specifically. However, it is still far away from your problem solution.
Can't you use some sort of Remote Desktop?
I'm looking for a very specific USB device for debugging systems that may use USB but not with a regular computer (proprietary hardware). I want a device that has a USB host controller and two USB device connections. The device to be debugged is connected to the USB host controller and one of the device connections is connected to another device with it's own host controller on it. The the other device connection is connected to a pc. The point being that all USB data travelling through the device (from the device connected to the host controller to the device connected to the first device connection) is reported to the pc.
I'll happily write software to do the logging (in fact I want to) but I can't seem to find a board like this anywhere. Can anyone help?
I have an Ellisys USB analyser, which isn't exactly what you describe internally, but does sit between a peripheral and a host and use a separate PC to collect the data.
(i.e. it has two 'B' and one 'A' connectors on it.)
Excellent product, and very helpful company.
Sniffing the USB shouldn't be too hard if you have the right hardware. And that is the tricky question. I haven't seen anything that describes the USB breakout box that you want. However I can say that this is in the realm of the following two magazines:
Nuts and Volts
Circuit Cellar
If they don't have a USB breakout box project in their archives, then at least they will have advertisements for small cheap single board computers that would have multiple USB ports that you can use for buffering the signals and reporting it back to your PC.
Alternatively is it possible to just wire your PC up to the middle of your two devices and write a custom drive that echos data back and forth while sniffing off a stream for you?
Sorry for the long delay in my reply -- I checked out one of our USB developer's toolchain, and he uses a Beagle USB Sniffer. He seems happy with it.
You're looking for a USB device with two upstream outputs. I think according to the USB spec, this is not possible. You will have two USB hosts trying to send messages and control the USB devices at the same time.
What if you were to look for a device which allowed you to view the data going through a hub via something other than a usb output?
If you're building something custom, take a look at this USB chip site. The chips are programmable via a windows application. Once you define how you want it to operate, it's saved on an EPROM on the dev board ($30-$50).
Sorry if this isn't helpful!