什么(软件)USB 嗅探器可用于 Windows?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2315597/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
What (software) usb sniffers are available for windows?
提问by frankster
Are there any software drivers for windows 7 (64-bit) that can report the data transferred between some application software and a usb device?
是否有任何适用于 Windows 7(64 位)的软件驱动程序可以报告某些应用程序软件和 USB 设备之间传输的数据?
I have tried snoopy (http://sourceforge.net/projects/usbsnoop/) but I can't get it working. Possibly I would need to go down the route of installing an earlier version of windows.
我试过史努比(http://sourceforge.net/projects/usbsnoop/),但我无法让它工作。可能我需要沿着安装早期版本的 Windows 的路线走下去。
Any other suggestions?
还有其他建议吗?
回答by kenny
Had decent luck with this tool many years ago. http://www.sysnucleus.com/
多年前使用此工具时运气不错。 http://www.sysnucleus.com/
回答by wgardiner
USBPCap + Wireshark is a great new open-source solution that I recommend.
USBPCap + Wireshark 是我推荐的一个很棒的新开源解决方案。
I've had good results with Event Tracing in Windows (ETW), as described at (link) (part 1) and in part 2 of that post. I remember the setup being somewhat involved though.
我在 Windows (ETW) 中使用事件跟踪取得了不错的结果,如 (链接)(第 1 部分)和该帖子的第 2 部分所述。我记得设置有点涉及。
USBlyzer and USBTrace are both good products but they come with a $200price tag. They both offer demo versions though and I've had good results with them. They're very easy to set up and use.
USBlyzer 和 USBTrace 都是不错的产品,但它们的价格为 200美元。他们都提供演示版本,我用他们取得了很好的结果。它们非常易于设置和使用。
For a list of other tools see: here
有关其他工具的列表,请参见:此处
回答by Scott Marchant
Here is a tutorial for installing and using a newer Windows 7 network monitor called Netmon.
这是安装和使用名为 Netmon 的较新的 Windows 7 网络监视器的教程。
http://blogs.msdn.com/b/usbcoreblog/archive/2009/12/04/etw-in-the-windows-7-usb-core-stack.aspx
http://blogs.msdn.com/b/usbcoreblog/archive/2009/12/04/etw-in-the-windows-7-usb-core-stack.aspx
I haven't tried it to see if it works. When I do, I will post an update saying whether it works with Windows 7 x64.
我还没试过看它是否有效。当我这样做时,我会发布一个更新,说明它是否适用于 Windows 7 x64。
EDIT:
编辑:
It worked on my Parallels Win7 x64 Virtual Machine.
它适用于我的 Parallels Win7 x64 虚拟机。
The biggest downside was the massive amount of packets it logged. To help with this, the following filter can extract only the packets with your USB VID (vendor id), where the vid is 0xABCD.
最大的缺点是它记录的大量数据包。为了解决这个问题,下面的过滤器只能提取带有您的 USB VID(供应商 ID)的数据包,其中 vid 是 0xABCD。
// Following searches frame for hex data of 0xAB 0xCD
ContainsBin(FrameData, hex, "AB CD")
Note:As in the tutorial, to log usb packets, use the following commands in a cmd prompt run as an administrator:
注意:在教程中,要记录 USB 数据包,请在以管理员身份运行的 cmd 提示符中使用以下命令:
Logman start Usbtrace -p Microsoft-Windows-USB-USBPORT -o usbtrace.etl -ets -nb 128 640 -bs 128
Logman update Usbtrace -p Microsoft-Windows-USB-USBHUB -ets
//Perform desired usb activities
Logman stop Usbtrace -ets
EDIT 2
编辑 2
UsbSnoop is another free option. I have confirmed that it works on my Win7 x64 machine.
UsbSnoop 是另一个免费选项。我已经确认它可以在我的 Win7 x64 机器上运行。
回答by djp
busdog: http://code.google.com/p/busdog/
busdog:http: //code.google.com/p/busdog/
You need to enable test signing for 64 bit however
但是,您需要为 64 位启用测试签名
回答by desowin
USBPcap: http://desowin.org/usbpcap/Works under XP, Vista, 7 and 8.
USBPcap:http://desowin.org/usbpcap/适用于 XP、Vista、7 和 8。
Still work in progress though so no end-user installer yet.
仍在进行中,因此还没有最终用户安装程序。
回答by johnny alpaca
回答by Sergey Podobry
Take a look at WDMSniffer by Compuware. It supports IRP, USB, 1394 (Firewire), SCSI, NDIS and TDI.
看看Compuware 的 WDMSniffer。它支持 IRP、USB、1394(火线)、SCSI、NDIS 和 TDI。
回答by lexdean
Windows web site has devon I think they call it.
我认为他们称之为 Windows 网站。
Is that what you want?
那是你要的吗?
