Presentation is loading. Please wait.

Presentation is loading. Please wait.

EE 587 Advanced Embedded Systems

Published byMay Charlene Miller Modified over 6 years ago

Similar presentations

Presentation on theme: "EE 587 Advanced Embedded Systems"— Presentation transcript:

1 EE 587 Advanced Embedded Systems
USB software sniffers EE 587 Advanced Embedded Systems Prof. James E. Lumpp Presented by Sri Harsha Yenuganti Wednesday, February 14, 2018 USB software Sniffers

2 What are we going to see today?
Today we are going to see some of the free software USB sniffers available . We will compare them and analyze their use for our application. The sniffers explained are SniffUSB/USB Snoopy( Free ) Snoopy Pro ( Free ) USBSpy ( $49.00) Wednesday, February 14, 2018 USB software Sniffers

3 SniffUSB Screenshot Wednesday, February 14, 2018 USB software Sniffers

4 Sniff USB Log file [0 ms] UsbSnoop compiled on Jan :41:32 loading [0 ms] UsbSnoop - DriverEntry(ba0b0c40) : Windows NT WDM version 1.32 [28 ms] UsbSnoop - AddDevice(ba0b0f50) : DriverObject 849ac1e8, pdo 849f15b8 [29 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (0x ) [29 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (0x ) [29 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS) [29 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_QUERY_RESOURCE_REQUIREMENTS) [56709 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS) [56709 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_QUERY_DEVICE_RELATIONS) [56714 ms] UsbSnoop - DispatchAny(ba0ae610) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE) [56714 ms] UsbSnoop - MyDispatchPNP(ba0b0ee0) : IRP_MJ_PNP (IRP_MN_REMOVE_DEVICE) [56714 ms] UsbSnoop - RemoveDevice(ba0b0e90) : fido=8465ed38 pdx=8465edf0 [56714 ms] UsbSnoop - DriverUnload(ba0b0de0) : DriverObject 849ac1e8, IRQL=0 [56714 ms] Driver unloaded! MyThreadFunction : myMsgCount=15 myMaxSemaphoreCount=3 myMaxIrql=0, myAllocationFailed=0, mySemaphoreFailed=0 Wednesday, February 14, 2018 USB software Sniffers

5 SnoopyPro A free USB sniffing software.
It allows you to record each URB sent to and received from a USB device. WARNING: Don't use it if you don't know what you're doing!!!! We're not responsible for anything that happens to you, your system, your devices, your marriage, etc. etc. User must know the VID and PID of the USB Device . Wednesday, February 14, 2018 USB software Sniffers

6 Screen shot Wednesday, February 14, 2018 USB software Sniffers

7 Screenshot (contd.) Wednesday, February 14, 2018 USB software Sniffers

8 Demerits: SnoopyPro has a buffer size limitation making it unable to receive packets above a certain size. If it receives a large packet, it stops logging. Doesn't have a pretty gui for log analysis, but exports every part of the packet into a textual log file. Wednesday, February 14, 2018 USB software Sniffers

9 USBSpy A Software USB Sniffer(Commercial)

10 Wednesday, February 14, 2018 USB software Sniffers

11 USBSpy Features at a Glance
Interception of all I/O requests and events between a USD device and its host. USBSpy doesn't create any additional filters, devices that could otherwise destroy the structure of drivers in your system. Extended search and filtering options. Triggers on packet types, device requests, completion statuses, errors, etc. Automatic capture of hot-plugged devices. Interception at system boot. Export of traffic logs into XML. Clear intuitive interface. Wednesday, February 14, 2018 USB software Sniffers

12 Types of Requests Supported
USBSpy, designed for recording and monitoring input/output requests of USB devices, supports the following types of requests: URB (USB Request Block) Hub and HID PNP (Plug'n'Play) Power USB Internal ioctls Remove events Wednesday, February 14, 2018 USB software Sniffers

13 Merits: Has almost the same data capture facilities as the more expensive ones like USBlyser, USB Monitor. Very cheap. Only $49/single license. Displays the raw data also. Support for triggers available. Facilitates Background capturing. Wednesday, February 14, 2018 USB software Sniffers

14 Demerits: No support for graph display Only Text display available
No export of capture list content or any part of it to plain text, CSV, HTML formats. It only supports .dat and XML formats. Support for multiple devices monitoring at a time. Wednesday, February 14, 2018 USB software Sniffers

15 Conclusion A brief analysis of 3 software sniffers is presented.
SniffUSB seems to be less informative about the data exchanged. Snoopy Pro is the best available free sniffer on the net. But it can sniff only URB packets. USBSpy is almost similar to Snoopy Pro except for the fact that it can sniff more request types than the snoopy Pro which can do only URB packet sniffs. Any Queries ? Wednesday, February 14, 2018 USB software Sniffers

Download ppt "EE 587 Advanced Embedded Systems"

Similar presentations

For Missouri Commission PLEXOS Q&A for Missouri Commission.

For Missouri Commission PLEXOS Q&A for Missouri Commission.
What's new?. ETS4 for Experts - New ETS4 Functions - improved Workflows - improvements in relation to ETS3.

What's new?. ETS4 for Experts - New ETS4 Functions - improved Workflows - improvements in relation to ETS3.
Man in the Middle Attack

Man in the Middle Attack
HWg-PDMS: New software Poseidon & Damocles Monitoring System 1 Included on every HWg DVD since September 2009.

HWg-PDMS: New software Poseidon & Damocles Monitoring System 1 Included on every HWg DVD since September 2009.
Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.

Discovering Computers Fundamentals, Third Edition CGS 1000 Introduction to Computers and Technology Fall 2006.
KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Welcome to Unit 3 IT278 Network Administration Course Name – IT278 Network Administration Instructor.
2.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 2: Installing Windows Server.

2.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 2: Installing Windows Server.
Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.

Packet Capture Using Ethereal. Definition for Sniffer: A program and/or device that monitors data traveling over a network. Sniffers can be used both.
Tutorial 8 Sharing, Integrating and Analyzing Data

Tutorial 8 Sharing, Integrating and Analyzing Data
Network Analyzer CS4500 Spring 2004 Hong Jiang Ryan Pratt Raul Chiari By Palantir:

Network Analyzer CS4500 Spring 2004 Hong Jiang Ryan Pratt Raul Chiari By Palantir:
CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2013.

CAP6135: Malware and Software Vulnerability Analysis Network Traffic Monitoring Using Wireshark Cliff Zou Spring 2013.
Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 

Simple Comparison By Akhyari Nasir. Intro  Network monitoring and measurement have become more and more important in a modern complicated network. 
Bar|Scan ® Asset Inventory System The leader in asset and inventory management.

Bar|Scan ® Asset Inventory System The leader in asset and inventory management.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Confidential property of Belkin International. Unlawful to copy or reproduce in any manner without the express written consent of Belkin International.

Confidential property of Belkin International. Unlawful to copy or reproduce in any manner without the express written consent of Belkin International.
Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.

Check Disk. Disk Defragmenter Using Disk Defragmenter Effectively Run Disk Defragmenter when the computer will receive the least usage. Educate users.
HiVision SNMP Software.

HiVision SNMP Software.
Windows Server 2008 Chapter 6 Last Update 2012.05.23 1.0.0.

Windows Server 2008 Chapter 6 Last Update
Microsoft Access Ervin Ha.

Microsoft Access Ervin Ha.
Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Nikto LUCA ALEXANDRA ADELA. Nikto  Web server assessment tool  Written by Chris Solo and David Lodge  Released on December 27, 2001  Stable release:

Similar presentations

Ads by Google