The Virtual USB Analyzer is a free and open source tool for visualizing logs of USB packets, from hardware or software USB sniffer tools. As far as we know, it is the world’s first tool to provide a graphical visualization along with raw hex dumps and high-level protocol analysis.
The Virtual USB Analyzer is not itself a USB sniffer tool. It is just a user interface for visualizing logs. It currently supports three log formats, but it is designed to be easily extensible. With a few dozen lines of Python code, you can add support for your favorite log format.
- Unique graphical timeline view
- Side-by-side diff mode: visually compare two log files
- Pluggable log format modules: VMware, Ellisys, usbmon
- Pluggable protocol decoders: USB Chapter 9, Bluetooth, Storage, Cypress FX2
- Packet metrics and filtering tools
- Whole-bus analysis: analyze multiple devices concurrently
- Written in Python, with a GTK+ user interface
- Automatic “tail -f” mode: follow log files as they grow
- Loads large log files in the background. You can start browsing before the whole file is loaded into memory
- Automatic decompression of gzipped log files
To run the Virtual USB Analyzer, you must have Python and the PyGTK bindings. Additionally, to see the graphical timeline view, you will need gnome-canvas and its Python bindings.
If you have an Ubuntu 8.10 system, you don't need to install any additional packages to run the Virtual USB Analyzer.
Windows and Mac OS users: It should be possible to run the Virtual USB Analyzer on Windows or Mac OS systems if you have a port of PyGTK installed, however we've only tested vusb-analyzer on Linux. If you have patches or tips for running vusb-analyzer on other operating systems, we'd love to hear them.
To use the Virtual USB Analyzer, you first need to capture a log of some USB protocol traffic. This tutorial will show you how to use the logging built in to VMware's virtual USB stack. You'll need either VMware Workstation, VMware Fusion, or the free VMware Player, as well as a virtual machine and USB device you want to capture data from.
Note that you can capture the log file using any host operating system, and your virtual machine can be running any operating system that supports USB. However, you will probably want to analyze the resulting logs on a Linux machine- the vusb-analyzer tool may be difficult to run on Windows or Mac OS. See the system requirements.
You can find the detailed tutorial here.
M. Elizabeth ScottHypervisor