Bus snooping/sniffing

From LinuxTVWiki
Jump to navigation Jump to search

Purpose and relevance to development work -- description coming soon

PCI / PCIe

Snooping Utilities:

USB

Snooping Utilities:

  • usbsnoop - a Windows based utility for sniffing/monitoring communications traffic for a USB device. Note: In case usbsnoop/SniffUSB doesn't work for you, here are a few time limited apps that should work under Vista:
  • SnoopyPro - Windows based snoop for USB device communications traffic
  • usbsnoop/SniffUSB - Windows based snoop for USB device communications traffic
  • usbmon - Linux kernel module which can snoop USB device communications traffic
    • Wireshark - logs usbmon output, via libpcap
    • USBMon - logs usbmon output

Log parsers, format etc

...

Snooping Procedures:

  • Use a Snopping utility to get the log.
  • Group URB transactions into a shorter log by using a parser
  • Identify the URB transactions at the control endpoint. URB transactions look like those:

40 02 00 00 ba 00 03 00 >>> 20 11 00

URB fields
Byte Meaning
1 bit 7 = 1 - read / 0 - write

bit 6 = 1 - Vendor Class

2 URB Request
3-4 URB Value in big endian
5-6 URB Index in big endian
7-8 URB message size in big endian


control URB examples
40 00 00 00 08 00 01 00 >>> 3d USB OUT, Vendor class, Req = 0, Value = 0x0000, Index = 0x0008, Size = 0x0001, Message = 0x3d
40 02 00 00 ba 00 03 00 >>> 20 11 00 USB OUT, Vendor class, Req = 0x02, Value = 0x0000, Index = 0x00ba, Size = 0x0003, Message = "0x20, 0x11, 0x00"
c0 00 00 00 15 00 01 00 <<< 00 USB IN, Vendor class, Req = 0x00, Value = 0x0000, Index = 0x0015, Size = 0x0001, Message = "0x00"


After getting the log, you should analyse and understand the meaning for your device.

For example, in the case of em28xx, you can use the [em28xx log parser] to proccess the URBs and the driver dmesg dumps (in the compact format as shown above) and print them into a more human way:

 em28xx_write_reg(dev, EM28XX_R08_GPIO, 0x3d);
 i2c_master_send(0xba>>1, { 20 11 00  }, 0x03);
 em28xx_read_reg(dev, EM28XX_R15_RGAIN);         /* read 0x00 */

Command Playback Utilities:

  • usb-robot - plays back USB Snoopy capture logs
  • usbreplay - plays back usbsnoop capture logs

i2c

External Links