How to capture USB traffic with usbsnoop 1.8 for use with usbsnoop2libusb.pl 0) Make sure you are logged in as administrator 1) Get usbsnoop 1.8 from http://benoit.papillault.free.fr/usbsnoop/ and make sure you use XP -- I've heard problems with other windows versions. 2) Don't follow the instructions about copying DLLs to C:\WINNT\... -- version 1.8 does not need this. Just unzip the files to e.g. Desktop and click "SniffUSB". 3) Don't try to change the log file path -- if you do it will not work. Note that the UI has irritating bugs. 5) Plug in your device and make sure it gets added to the device list. 6) If an old log file exists, click "Delete" and make sure size shows "-1". 7) Choose the device from the list and click "Install" 8) Click "Replug". 9) Do something with the device and make sure the log file size grows. 10) Physically remove the device, choose the device from list and click "Uninstall" and "Replug". Repeat steps 5-10 as many times as it takes to produce a clean log file. A clean log file should contain only the necessary information and nothing extra. So make sure the log starts with a device replug (either physical or simulated with "Replug button") and ends when the desired action has been taken (e.g. first 2 seconds of video from webcam has been shown). How to repeat the traffic under linux using usbsnoop2libusb.pl 1) sudo apt-get install libusb-dev 2) git clone http://lindi.iki.fi/lindi/git/usbsnoop2libusb.git/ 3) perl usbsnoop2libusb/usbsnoop2libusb.pl < usbsnoop.log > driver.c 4) gcc driver.c -o driver -lusb 5) Now make sure "sudo ./driver" lists your device. If it doesn't you might need to add "none /proc/bus/usb usbdevfs auto 0 0" for 2.4.x or "none /proc/bus/usb usbfs auto 0 0" for 2.6.x to /etc/fstab. 6) Now run e.g. sudo ./driver 0x0402 0x5635 | tee driver.out to replay the captured traffic. Here 0x0402 and 0x5636 are vendor and product id listed in step 5. Capturing USB traffic under Linux (very cumbersome! only last resort) 1) Make sure kernel configuration has CONFIG_DEBUG_FS and CONFIG_USB_MON enabled. 2) (Optional) To get full URB data you need to change the following in mon_text.c and recompile the kernel #define DATA_MAX 7700 #define PRINTF_DFL 7830 3) mount -t debugfs none /sys/kernel/debug 4) "cat /sys/kernel/debug/usbmon/1t" to see USB traffic User space approach (Linux-only) If you want to capture USB traffic made by a user space program running on Linux you are most probably better off by using strace. The patch at http://iki.fi/lindi/strace-4.5.8-usbdevfs.diff lets you see full URB traffic.