USB Snoopy

What is it?

USB Snoopy is a little software tool for Windows 98, Windows Me, Windows 2000 and probably Windows XP to watch traffic on the USB bus. It can be used for a multitude of purposes, including debugging your own code, and eaves-dropping on devices' traffic.

On this page, you can find a first version - warning: it is largely unfinished. We are working on a much improved version, but due to the big demand out there for a tool like this (not everyone can afford one of those wonderful toys from CATC - a cheaper alternative might be available from Catalyst Enterprises (I have not tried this one, but it's supposed to be more powerful CATC, right, Joe? ;-)), we decided to put it up for public consumption.

How does it work?

USB Snoopy is currently made up of three pieces:

• A filter driver to watch the traffic, outputting debug messages to any debug logging facility (resident debugger, debug viewer)
• A debug viewer to catch the output
• A graphical interface to install and remove the filter

Where can I get it?

Get the current package (version 0.13), source and binaries, here (358KB)
Get the older package (version 0.12), source and binaries, here (341KB)
Get the very first package (version 0.1), source and binaries, here (342KB)

Hints

The format output by USB Snoopy is strongly based on the way Windows handles USB transfer requests. It tries to be somewhat smart about omitting data that is irrelevant. For example, if you read from a device, you only need to print the buffer's contents after the read returns. There are a number of things that can go wrong, or that might confuse you. Here are a few hints:

• Printing contents of a buffer might happen at wrong times. If the driver in question does not set the transfer flags (in/out) properly, USB Snoopy will print the buffer's contents even if it shouldn't. So, when you do a read on a device, but get two buffer contents (one in the "URB going down" section, the other in "URB coming back", disregard the first one, because it contains the buffer's contents before it get filled with device data.
• The Linked URB fields *should* always be NULL, as linked URBs don't seem to work reliably, according to one comment I received. If you have a driver which does use linked URBs successfully, please let me know!
• It is very handy to have a copy of the USB specs, available at http://www.usb.org/developers/docs.html, especially when you are decoding control messages by looking at the SetupPacket field contents.

Revision History

Version 0.13 (10/07/2001):

• Phew, almost 1.5 years since the last update... it is still nowhere where I'd like it to be in terms of proper handling of logging data, but the demand for Windows 2000 functionality was so big that I decided to do a quick hack to get the 98 code work on 2K... Windows XP should work as well, even though I haven't tested it.
• Revved the version number on the filter, the code is the same as it used to be on 9x.
• Improved the UI to allow safe simulated unplug/replugs.
• The UI is now self-sufficient. It contains the filter, and the filter can be unpacked from the executable and installed. All you need is SniffUSB.exe and some kind of a logger (like the included DebugView)

Version 0.12 (05/11/2000):

• Handles drivers that use MDLs (direct I/O) and drivers that use flat memory (buffered I/O) - thanks Henning!
• Added validation for the variable fields (number of endpoints, number of interfaces) - thank you Russ!
• Cleaned up the source a little

Version 0.1 (04/07/2000):

• Initial release

Todo (whenever I get some time...)

• Filter: Use a clean interface to ring 3, not debug prints. This will speed up things, and make capturing of even isochronous, streaming data like audio possible
• Filter: Add capturing of USB result codes
• UI: Add the displaying, filtering, and analyzing code
• UI: Add validation to the data (might come in handy for your (Windows) driver debugging - USBD is tolerant to a certain amount of wrong parameters, but who knows how long that is going to be the case?)

Links

• There's a spin-off project which originated from our USBSnoopy... it has some of the elements that I'd like to put into this source, and is hosted on SourceForge here. You might be interested to check it out - I haven't really played around with it yet.
• If you are using Linux USB and want to play back a log that you captured with USB Snoopy (Version 0.1), you might be interested in John's usb-robot, a nifty tool which takes a USB Snoopy log and plays back the captured data to a device.
• If you're looking into getting a commercial software-only solution to watch traffic on USB (and other buses), you might want to take a look at The Bus Hound. I don't have any experience with this tool, so I can't recommend it or complain about it, but it sure looks nice ;-)

Thanks

...go out to everyone who downloaded the package, tried it, lived through a number of crashes and got back with some comments or concrete suggestions/bugs. If you want me to add your name here, let me know. Also, big thanks to all those who waited patiently on me while I was busy doing all kinds of other things rather than updating this package.

Other stuff...

As always, no liability is assumed for anything. If the filter burns down your house, puts you out of business or out of your mind or anything else, we're not responsible. It's not meant for any illegal purpose. Sorry - had to say that (CYA).

A little diversion...

You might enjoy this... ... I do.

Who did this?

roland@wingmanteam.com did the UI, tom@wingmanteam.com did the filter. Drop us a note if you like it or hate it, or if you have any good ideas what could be done with it.

This page sucks. Heck, we're software people, not designers! :-)

and the counter is... broken for now :-)