views:

4558

answers:

3

From time to time I need to dump usb traffic under windows, mostly to support hardware under Linux, so my primary goal is to produce dump files for protocol analysis.

For USB traffic, it seems that SniffUsb is the clear winner... It works under XP and has much nicer GUI than earlier versions. It produce huge dump files, but everything is there.

However, my device is in fact usb serial device, so I turned to Portmon which can sniff serial port traffic without USB overhead.

A: 

Is there a question in here, or are you just posting what you have found?

If its the latter, this still looks like useful information...

pkaeding
+1  A: 

Personally, I'd use qemu or kvm and instrument their USB passthrough code, then use libusb to prototype the replacement driver in userspace (this latter bit I've done before; writing USB device drivers in Python is fun!).

Charles Duffy
Under Linux you'd use Wireshark, no ned to profile code or anything so complicated. However read to the end of the question.
gbjbaanb
When did Wireshark sniff usb? We're not talking about Ethernet here.I know the questioner is asking about USB serial, but since the topic asks about USB sniffing in general, folks who find this question will expect an answer suitable to the overall topic.
Charles Duffy
Thnaks, as a next step I will probably try to run it under qemu or kvm.
dpavlin
+2  A: 

USBSnoop works too - and is free.

Or, you could buy a USB to Ethernet converter and use whatever network sniffer you prefer to see the data.

gbjbaanb
If you look at URL of SniffUsb, it includes USBSnoop because it's based on it :-)
dpavlin
A network sniffer and a usb-ethernet converter is only going to sniff ethernet. Because it's not converting the raw usb, it won't let you see the individual usb packets which is what a tool like usbsnoop will provide.
Andrew Edgecombe