Menu
From time to time, I need to dump USB traffic under Windows, mostly to support hardware under Linux, so my primary goal is to produce dump files for protocol analysis.
Serial port driver - Windows 10 Service. Serial Device Driver by Microsoft Corporation. This service also exists in Windows 7, 8, Vista and XP. Startup Type. Windows 10 version Home. The Serial port driver service is a kernel mode driver. If Serial port driver fails to load or initialize, Windows 10 start up proceeds.
For USB traffic, it seems that SniffUsb is the clear winner... It works under Windows XP (but not later) and has a much nicer GUI than earlier versions. It produces huge dump files, but everything is there.
However, my device is in fact a USB serial device, so I turned to Portmon which can sniff serial port traffic without the USB overhead.
Samuel Liew♦46.4k3535 gold badges120120 silver badges170170 bronze badges
dpavlindpavlin81222 gold badges77 silver badges1717 bronze badges
5 Answers
Personally, I'd use QEMU or KVM and instrument their USB passthrough code, and then use libusb to prototype the replacement driver in user space (this latter bit I've done before; writing USB device drivers in Python is fun!).
Peter Mortensen
14.2k1919 gold badges8888 silver badges114114 bronze badges
Charles DuffyCharles Duffy
187k2828 gold badges216216 silver badges271271 bronze badges
- Since people don't seem to realize it, Wireshark does monitor USB traffic and has a parser for it; but the catch is it only works under Linux. Wireshark on Windows will not do this.
- It may be possible to plug the USB device you want to monitor, along with a Linux machine (with Wireshark running) and your Windows machine and just use the USB device under Windows.
- Problem with the above? I don't know how the Linux machine or the Windows machine will detect each other.
14.2k1919 gold badges8888 silver badges114114 bronze badges
jamkomojamkomo
After five years waiting, now it's possible to sniff usb packets on windows
See http://desowin.org/usbpcap/tour.html for a quick tour. It works pretty well
albfanalbfan8,79711 gold badge3939 silver badges6565 bronze badges
USBSnoop works too - and is free.
Or, you could buy a USB to Ethernet converter and use whatever network sniffer you prefer to see the data.
Maxime5,71522 gold badges4040 silver badges4848 bronze badges
gbjbaanbgbjbaanb46.1k1010 gold badges9090 silver badges139139 bronze badges
Busdog, an open source project hosted on github, has worked well for me. It has a driver it installs to allow it to monitor USB communications. The config window allows you to reinstall or remove the device at any time.
You can select the USB device you want from an enumerated list. A nice feature is to have it automatically trace a new device that is plugged in:
Data communications to and from an SWR analyzer I was reverse engineering were captured flawlessly:
Kurt FitznerKurt Fitzner
protected by Community♦Jul 6 '14 at 17:09
Thank you for your interest in this question. Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).
Would you like to answer one of these unanswered questions instead?
Would you like to answer one of these unanswered questions instead?