关闭

USBPCAP工具介绍

8157人阅读 评论(0) 收藏 举报
分类:

转:http://www.freebuf.com/articles/system/96216.html

在开始前,我们先介绍一些USB的基础知识。USB有不同的规格,以下是使用USB的三种方式:

l USB UART
l USB HID
l USB Memory

UART或者Universal Asynchronous Receiver/Transmitter。这种方式下,设备只是简单的将USB用于接受和发射数据,除此之外就再没有其他通讯功能了。

HID是人性化的接口。这一类通讯适用于交互式,有这种功能的设备有:键盘,鼠标,游戏手柄和数字显示设备。

最后是USB Memory,或者说是数据存储。External HDD, thumb drive / flash drive,等都是这一类的。

其中使用的最广的不是USB HID 就是USB Memory了。

每一个USB设备(尤其是HID或者Memory)都有一个供应商IDVendor Id)和产品识别码(Product Id)。Vendor Id是用来标记哪个厂商生产了这个USB设备。Product Id用来标记不同的产品,他并不是一个特殊的数字,当然最好不同。如下图:

图片1.png

上图是连接在我电脑上的USB设备列表,通过lsusb查看命令。

例如说,我有一个无线鼠标Logitech。它是属于HID设备。这个设备正常的运行,并且通过lsusb这个命令查看所有usb设备,现在大家能找出哪一条是这个鼠标吗??没有错,就是第四个,就是下面这条:

Bus 003 Device 010: ID 046d:c52f LogitechIncUnifying Receiver

其中,ID 046d:c52f就是Vendor-Product Id对,Vendor Id的值是046d,并且Product Id的值是c52fBus 003 Device 010代表usb设备正常连接,这点需要记下来

转:http://www.51testing.com/html/85/132585-849172.html

经过上网上及wireshark 的帮助文档发现一个新的工具USBPCAP.EXE,可以获取USB设备的数据
  具体的经过如下
1、下载工具usbpcap.exe
   地址:http://desowin.org/usbpcap/thankyou.html?file=USBPcapSetup-1.0.0.5.exe
 
2、如何使用请参考
  地址:http://desowin.org/usbpcap/tour.html
  

USB Packet capture for Windows Tour

This short tour assumes you have installed the latest version of USBPcap and the patched version of Wireshark and rebooted your system. Each of the steps contains short description of what should happen and in some cases gives tips for troubleshooting.

If you feel the information provided there is not complete (it doesn't cover your case), please describe your problem on the USBPcap mailing list.

Step 1 - identify the Root Hub you want to monitor

The first step is to connect the device you want to sniff the traffic and identify the Root Hub this device is connected to. In order to do so, launch the USBPcapCMD.exe that is stored in the installation directory. You should be presented with something similiar to the picture below.

Troubleshooting step 1

If for any reason you can't see the list of connected devices make sure you have the USBPcap driver installed and you have restarted your computer after the installation. Please note that if running on 64-bit Windws it is required to run in Test Mode.

Step 2 - start the capture

So now you know which of the Root Hubs available in your system you want to monitor. Please disconnect the device from your computer - this will allow USBPcap to capture the USB descriptors needed for analysis in Wireshark. Now you can run the USBPcapCMD.exe again and enter your desired output file name. (A careful reader will notice that they can skip the restart part: all that required to get the descriptors in the capture file is to reconnect your device after capture has started.).

We will be capturing the Root Hub that showed the two Hubs connected to it and an composite USB device (it is actually DigiTech RP250).

Now it is time to use the device in order to get packets captured. In this example I have simply started the X-Edit software that controls the DigiTech RP250.

Step 3 - analyse the data

After you're done collecting data, press Ctrl+C and start Wireshark. Once started, open the pcap file you have created in Step 2. You should see the packets allongside with their description. The sample capture is available at the Google code:sample_2013_04_10.pcap

Step 4 - live capture

If you didn't like that in steps 2 and 3 you had to finish capturing before having a chance to look at the data, you can also do a live capture. In order to do so, you must have running the cmd.exe with elevated privileges (as Administrator). Then enter the following command:

USBPcapCMD.exe -d \\.\USBPcap2 -o - | "C:\Program Files\Wireshark\Wireshark.exe" -k -i -
This should result in live capture from standard input in Wireshark as shown below.

Step 5 - Contribute to the project :-)

Once you know how to use USBPcap you might want it to work better. There are numerous ways to help, for example:

  • Improving project website
  • Improving the documentation
  • Improving the filter driver
  • Improving the sample application
  • Improving installation process
  • Creating project artwork (icon, website banner, etc.)
  • Integrating the project more closely with Wireshark (dumpcap)
  • Donating money
If you can help please check the menu on the right for links for github page, donation fund and contact information.



2
0

查看评论
* 以上用户言论只代表其个人观点,不代表CSDN网站的观点或立场
    个人资料
    • 访问:1036742次
    • 积分:13880
    • 等级:
    • 排名:第975名
    • 原创:236篇
    • 转载:650篇
    • 译文:1篇
    • 评论:143条
    最新评论