User's guide

Step 1: introduction

  • There are 2 USB interfaces in tinySniffer, one is to connect USB peripheral, the other is to connect tinySniffer to USB Host (e.g. macOS, Windows or Linux computer).

  • There is 2.4GHz WiFi.

  • There are 2 modes:

    • Configure mode. Without USB peripheral connected and power on tinySniffer.
    • Capture mode. With USB peripheral connected.

  • There are 2 LEDs, and they are red and green respectively.

    • In configure mode (when there is no USB peripheral connected to tinySniffer and tinySniffer is connected to macOS, Windows or Linux computer), red LED lights. This is mainly to configure WiFi in tinySniffer and register tinySniffer with www.usb7.net account.
    • When WiFi is connected, green LED blinks.

Step 2: configure WiFi and register tinySniffer

  • Please login www.usb7.net with your Google account before proceed. If you do not have Google account, please create one.
  • Make sure there is no USB peripheral connected to tinySniffer, connect tinySniffer to macOS, Windows or Linux computer.
  • After 25 seconds and tinySniffer finishes booting and red LED lights, in computer browser and input tinySniffer IP address 172.16.10.1 to access tinySniffer.
  • Follow instructions in the browser and connect tinySniffer to WiFi. After 10 seconds, can see tinySniffer WiFi IP address and green LED blinks (this indicates WiFi is connected).
  • Click "Go to register" button to register tinySniffer with www.usb7.net account.

Step 3: connect USB peripheral to tinySniffer

  • Connect USB peripheral (e.g. keyboard or audio device) to tinySniffer
  • Re-connect tinySniffer to USB Host (e.g. macOS, Windows or Linux computer)
  • After 25 seconds, tinySniffer finishes booting and green LED blinks (this indicates WiFi is connected).
  • Note: please do NOT connect a USB peripheral with huge traffic like USB Flash Drive.

Step 4: login to www.usb7.net and access tinySniffer

  • Login to www.usb7.net, go to My Devices and access tinySniffer
    • Input login / password = sniff / tinySniffer
    • Please use command passwd to change password
tinySniffer login: sniff
Password:
  • sniff instructions
sniff@tinySniffer:~$ sniff -h
Usage: sniff [-h] [-i] [-u UPLOAD_FILENAME] [-s] [-r] [-R] [-F [FILTERS]]

tinySniffer starts usb capture when:
1) tinySniffer (with usb peripheral plugged) is connected to usb host (this powers on tinySniffer) (save to new file)
2) usb peripheral is unplugged and re-plugged to tinySniffer (save to new file)
3) run "sniffer.py -r" to restart usb capture and save to new file
4) run "sniffer.py -R" to emulate usb peripheral unplug / replug, restarts usb capture and save to new file

optional arguments:
  -h, --help            show this help message and exit
  -i, --info            show usb capture info
  -u UPLOAD_FILENAME, --upload UPLOAD_FILENAME
                        stop usb capture and upload captured file
  -s, --stop            stop usb capture
  -r, --restart         restart usb capture and save to new file
  -R, --RESTART         emulate usb peripheral unplug / replug, restart usb capture and save to new file
  -F [FILTERS], --FILTERS [FILTERS]
                        set capture filter, support multiple filters, separated by ","
                        must use together with -r or -R argument to restart usb capture
                        supported capture filters are:
                            URB_ISO_OUT, URB_ISO_IN, URB_BULK_OUT, URB_BULK_IN
                        examples:
                            sniff -F URB_ISO_OUT,URB_ISO_IN -r
                            sniff -F URB_BULK_OUT -R
                            sniff -F URB_ISO_OUT,URB_ISO_IN,URB_BULK_OUT,URB_BULK_IN -R
                            sniff -F -R   # this is to clear capture filters
  • Check USB peripheral connected
sniff@tinySniffer:~$ lsusb
Bus 003 Device 002: ID 0c76:1676 JMTek, LLC.
  • Check sniff information
sniff@tinySniffer:~$ sniff -i
capturing device:
  3-1
capturing file:
  /home/sniff/tinySniffer.pcap
capturing filters:
  • Check captured files
sniff@tinySniffer:~$ ls -l
total 1692
-rw-r--r-- 1 sniff sniff 978932 May  5 09:04 tinySniffer-1.pcap
-rw-r--r-- 1 sniff sniff  12288 May  5 09:04 tinySniffer-2.pcap
-rw-r--r-- 1 sniff sniff 741376 Mar  8 11:01 tinySniffer.pcap
  • Upload the captured USB packets
    • Please follow instructions in browser to save the uploaded file
sniff@tinySniffer:~$ sniff -u tinySniffer.pcap
Info: success bring down existing capture process
tinySniffer.pcap 100.00% 13.23 KB/13.23 KB
  • After uploading captured file, capture process is stopped and needs to be restarted
sniff@tinySniffer:~$ sniff -r
Info: no existing capture process
Info: target usb device: 3-1
Info: output file: /home/sniff/tinySniffer-3.pcap
Info: capture filters:
Daemon PID 18613
  • Remove captured files
sniff@tinySniffer:~$ rm tinySniffer-1.pcap
sniff@tinySniffer:~$ rm *

Step 5: use Wireshark to view captured USB packets

image.png

Step 6: use Wireshark display filter

usb.urb_type == URB_COMPLETE