rpu_noob
Posts: 4
Joined: Mon Dec 05, 2016 10:00 am

Raspberry Pi Zero: USB sniffing

Mon Dec 05, 2016 10:07 am

Hello all,

I am interested in using the Raspberry Pi Zero as a sniffer for a PC-to-device USB connection. I am planning to set the USB OTG connection on the PZ to be a slave. Then, I am thinking of using usbmon/tcpdump to monitor the USB.
Q1: Is this feasible ?

As we need to transfer the sniffed data off PiZ, we are thinking of using Wi-Fi. I assume this is still possible even with the USB controller set as slave?

Thanks for any pointers.

aBUGSworstnightmare
Posts: 2317
Joined: Tue Jun 30, 2015 1:35 pm

Re: Raspberry Pi Zero: USB sniffing

Mon Dec 05, 2016 2:52 pm

rpu_noob wrote:Hello all,

I am interested in using the Raspberry Pi Zero as a sniffer for a PC-to-device USB connection. I am planning to set the USB OTG connection on the PZ to be a slave. Then, I am thinking of using usbmon/tcpdump to monitor the USB.
Q1: Is this feasible ?

As we need to transfer the sniffed data off PiZ, we are thinking of using Wi-Fi. I assume this is still possible even with the USB controller set as slave?

Thanks for any pointers.
There is only one USB on the Pi Zero which can be either OTG or host. Might be possible to add a WiFi module to the SPI interface for data transfer.
Do you need to transfer sniffed data immediately? Isn't is possible to capture it on uSD and alalyze later?

rpu_noob
Posts: 4
Joined: Mon Dec 05, 2016 10:00 am

Re: Raspberry Pi Zero: USB sniffing

Tue Dec 06, 2016 2:40 am

aBUGSworstnightmare wrote: There is only one USB on the Pi Zero which can be either OTG or host. Might be possible to add a WiFi module to the SPI interface for data transfer.
Like this? http://hackaday.com/2015/12/09/raspberr ... ough-sdio/
This looks VERY involved. :o
Or this looks easier: https://redbear.cc/content/blog/pi-zero-iot-hat/
aBUGSworstnightmare wrote: Do you need to transfer sniffed data immediately? Isn't is possible to capture it on uSD and alalyze later?
I don't need to transfer it immediately, but it will still need to be wirelessly transferred to the backend system on the cloud.

How about Pi Zero to Pi 3 (we have one) communications? Is it feasible without going through the USB?

My other option is to use this: http://uk.rs-online.com/web/p/interface ... s/7300142/, but it again looks like a a lot of work to get working on the Pi 3.

fruitoftheloom
Posts: 24553
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Raspberry Pi Zero: USB sniffing

Tue Dec 06, 2016 7:50 am

The Raspberry Pi GPIo has UART communication:

https://pinout.xyz/pinout/uart
Thinking outside the box is better than burying your head in the sand...

aBUGSworstnightmare
Posts: 2317
Joined: Tue Jun 30, 2015 1:35 pm

Re: Raspberry Pi Zero: USB sniffing

Tue Dec 06, 2016 12:44 pm

rpu_noob wrote:
aBUGSworstnightmare wrote: There is only one USB on the Pi Zero which can be either OTG or host. Might be possible to add a WiFi module to the SPI interface for data transfer.
Like this? http://hackaday.com/2015/12/09/raspberr ... ough-sdio/
This looks VERY involved. :o
Or this looks easier: https://redbear.cc/content/blog/pi-zero-iot-hat/
aBUGSworstnightmare wrote: Do you need to transfer sniffed data immediately? Isn't is possible to capture it on uSD and alalyze later?
I don't need to transfer it immediately, but it will still need to be wirelessly transferred to the backend system on the cloud.

How about Pi Zero to Pi 3 (we have one) communications? Is it feasible without going through the USB?

My other option is to use this: http://uk.rs-online.com/web/p/interface ... s/7300142/, but it again looks like a a lot of work to get working on the Pi 3.
Use a simple FTDI USB2UART breakout board (i.e. http://www.digikey.de/product-detail/en ... pmt=&pdv=c) and connect it to the RPI UART. But, don't know if data transfer will be fast enough.

We have no idea what you intend to do (which data you want to sniff) but for serious developments you should consider using i.e. http://www.totalphase.com/products/beagle-usb480/ which allows you displaying/analysing your data in real time up to 480Mbps. Need more --> pay more http://www.totalphase.com/products/beag ... -standard/

rpu_noob
Posts: 4
Joined: Mon Dec 05, 2016 10:00 am

Re: Raspberry Pi Zero: USB sniffing

Thu Dec 08, 2016 6:30 am

Hi.

Sorry for the late reply. Had to do a bunch of reading to investigate feasibility of the suggestions above.
fruitoftheloom wrote:The Raspberry Pi GPIo has UART communication:

https://pinout.xyz/pinout/uart
Which leads to the following suggestion, right?
aBUGSworstnightmare wrote: Use a simple FTDI USB2UART breakout board (i.e. http://www.digikey.de/product-detail/en ... pmt=&pdv=c) and connect it to the RPI UART. But, don't know if data transfer will be fast enough.

We have no idea what you intend to do (which data you want to sniff) but for serious developments you should consider using i.e. http://www.totalphase.com/products/beagle-usb480/ which allows you displaying/analysing your data in real time up to 480Mbps. Need more --> pay more http://www.totalphase.com/products/beag ... -standard/
Thanks for the suggestions.

We have considered the Total Phase Beagle USB sniffer, but concluded it was expensive for what we are trying to do.
What we intend to do is to use a USB hub to sniff data between a PC and a device. We think the data rates are going to be quite low but bursty (around 2-3kB per burst), so the Total Phase units will be overspec.
However, we have now found this http://www.farnell.com/datasheets/1641076.pdf, which I think will work like this:

Code: Select all

PC <---> USB hub <---> device
            |
            v
         USB-UART cable
            |
            v
         RPi 3

Any concerns about this design / architecture?

Thanks!

aBUGSworstnightmare
Posts: 2317
Joined: Tue Jun 30, 2015 1:35 pm

Re: Raspberry Pi Zero: USB sniffing

Thu Dec 08, 2016 11:10 am

Well, maybe some more reading is needed to figure out where 'the man in the middle' needs to be located for sniffing

abyss
Posts: 1
Joined: Tue May 15, 2018 3:10 pm

Re: Raspberry Pi Zero: USB sniffing

Tue May 15, 2018 3:20 pm

Were you able to build this USB sniffer?

I am looking to build something similar using FTDI and Raspberry pi wezo w.

PC <---> Man-in-middle <---> device
|
v
USB-UART cable
|
v
RPi 3

Dolitos
Posts: 1
Joined: Thu Jan 31, 2019 7:24 pm

Re: Raspberry Pi Zero: USB sniffing

Thu Jan 31, 2019 7:36 pm

Hi all,
any result of this case ?
I need to provide a similar soluction, sniffing USB from Pc to printer. But, i can not interfere with the communication between them.

BR.

emw
Posts: 52
Joined: Tue Apr 12, 2016 2:53 pm

Re: Raspberry Pi Zero: USB sniffing

Fri Feb 15, 2019 9:01 pm

I have had some limited success sniffing with usbProxy using a pi zero w and a MAX3421E SPI to USB bridge. It kinda works but the operation not the most reliable. you also might want to look at the FaceDancer project(s). You may want to look at hardware other than the pi for this.

Return to “Advanced users”