Bus snooping/sniffing
Jump to navigation
Jump to search
Purpose and relevance to development work -- description coming soon
PCI / PCIe
Snooping Utilities:
- BTSpy [1] - Windows based snoop for BT8x8 based devices
- Dscaler's RegSpy [2] - Windows based; contains the ability to snoop the registers of PCI / PCIe interface chipsets ... also see this note
USB
Snooping Utilities:
- usbsnoop - a Windows based utility for sniffing/monitoring communications traffic for a USB device. Note: In case usbsnoop/SniffUSB doesn't work for you, here are a few time limited apps that should work under Vista:
- USB Monitor - 14-day trial period
- USBlyzer - fully functional evaluation version for 33 days
- SnoopyPro - Windows based snoop for USB device communications traffic
- usbsnoop/SniffUSB - Windows based snoop for USB device communications traffic
- usbmon - Linux kernel module which can snoop USB device communications traffic
- Wireshark - logs usbmon output, via libpcap
- USBMon - logs usbmon output
Log parsers, format etc
...
Snooping Procedures:
- Use a Snopping utility to get the log.
- Group URB transactions into a shorter log by using a parser
- Identify the URB transactions at the control endpoint. URB transactions look like those:
40 02 00 00 ba 00 03 00 >>> 20 11 00
Byte | Meaning |
1 | bit 7 = 1 - read / 0 - write
bit 6 = 1 - Vendor Class |
2 | URB Request |
3-4 | URB Value in big endian |
5-6 | URB Index in big endian |
7-8 | URB message size in big endian |
40 00 00 00 08 00 01 00 >>> 3d | USB OUT, Vendor class, Req = 0, Value = 0x0000, Index = 0x0008, Size = 0x0001, Message = 0x3d |
40 02 00 00 ba 00 03 00 >>> 20 11 00 | USB OUT, Vendor class, Req = 0x02, Value = 0x0000, Index = 0x00ba, Size = 0x0003, Message = "0x20, 0x11, 0x00" |
c0 00 00 00 15 00 01 00 <<< 00 | USB IN, Vendor class, Req = 0x00, Value = 0x0000, Index = 0x0015, Size = 0x0001, Message = "0x00" |
After getting the log, you should analyse and understand the meaning for your device.
In the case of em28xx, you can use the [em28xx log parser] to proccess the URBs and the driver dmesg dumps (in the compact format as shown above) and print them into a more human way:
em28xx_write_reg(dev, EM28XX_R08_GPIO, 0x3d); i2c_master_send(0xba>>1, { 20 11 00 }, 0x03); em28xx_read_reg(dev, EM28XX_R15_RGAIN); /* read 0x00 */
Command Playback Utilities:
- usb-robot - plays back USB Snoopy capture logs
- usbreplay - plays back usbsnoop capture logs
i2c
- i2c Tools: see here and here
- http://en.wikipedia.org/wiki/I2C#Development_Tools
- also see this thread
External Links
- Wikipedia's Bus sniffing article; note that the Cache coherency article is a probably a little less vague or more enlightening