USB Sniffing

Some projects are stranger than others. Today I embarked on reverse engineering a certain wireless device. In order to do so it became apparent that I would need to intercept my USB traffic and then be able to analyze it and likely send my own traffic over the USB. I ended up using a Beagle USB Protocol Analyzer and was very happy with it (it’s pretty inexpensive for what it does), given my specific requirements. I also ended up using the Wireshark’s USB analysis tool available here, although with more limited success.

But while looking for a tool appropriate to my task I did find a few other tools out there that were very interesting. Most notably was the USBSnoop project at Source Forge. With this product I was able to see a lot of information but found Wireshark to help me to visualize it and understand what was going on a bit better. However, this might only be because I’m more familiar with Wireshark…

I also experimented around with USBSnoop for Windows, but given the age of the product and apparent lack of support for Vista found it unusable for my project. However, for the Windows side of things I was able to use SniffUSB 2.0, which worked really well for my purpose.

In order to do anything worthwhile I absolutely had to unplug all peripherals other than the item I was analyzing. I would get random blips of information through the keyboard and mouse and therefore switched over to using a laptop for all of the work. In the end I found that for me, the perfect combination was just to use my trusty old laptop and Wireshark, far less complicated than I had originally thought.

Next up is FireWire (IEEE1394) testing. For that, lucky me, Apple has provided some tools to use for analysis with the FireWire Developers SDK. In addition to Apple’s tools, there is a product out there called FireInspector that I’d love to give a shot if I can get my grimy hands on one… Lecroy, the manufacturers, also happens to have a Fibre Channel protocol analyzer that I’m thinking would net me some really interesting information…

Comments are closed.