This is a simple USB sniffer based on a Raspberry Pi RP2040. It supports Low Speed and Full Speed modes.
The firmware presents itself as a virtual COM-port (VCP), so no additional software is necessary and it is compatible with all operating systems.
Here are a couple of example capture logs for the enumeration and a regular data transfer.
The compiled binary is available here. Boot RP2040 into the BootROM mode and copy the UF2 file to the drive.
USB D+ and D- signals can be directly connected to the MCU pins. The default pin assignments are shown in the following table:
| RP2040 Pin | Function | USB Cable Color |
|---|---|---|
| GND | Ground | Black |
| GPIO 10 | D+ | Green |
| GPIO 11 | D- | White |
| GPIO 18 | Trigger | N/A |
The easiest way to connect the signals to the Raspberry Pi Pico board is to splice the USB cable. It does not have to be pretty. Below is a picture of a cable that took less than 10 minutes to make. Feel free to make it prettier.
Here are some pictures of a cleaner version based on the custom breakout board.
Trigger input is internally pulled up and the active level is low. When trigger is enabled in the settings, the capture would pause until the trigger pin is pulled low. Given the limited size of the capture buffer, trigger mechanism provides a way for the debugged target to mark the part of interest.
The following settings are supported:
- Capture speed (e) -- Low / Full
- Capture trigger (g) -- Enabled / Disabled
- Capture limit (l) -- 100/200/500/1000/2000/5000/10000 packets / Unlimited
- Time display format (t) -- Relative to the first packet / previous packet / SOF / bus reset
- Data display format (a) -- Full / Limit to 16 bytes / Limit to 64 bytes / Do not display data
- Fold empty frames (f) -- Enabled / Disabled
A frame is delimited by the SOF packet in the Full Speed mode or by a keep-alive signal in the Low Speed mode.
An empty frame is a frame that contains no packets other than IN/NAK and contains no packets with errors detected. Folding of the empty frames shortens the displayed information by combining consecutive empty frames into one entry, since they don't carry useful information, but happen very often in a typical USB transaction.
The following commands are supported:
- Print the help message (h)
- Display current buffer (b)
- Start capture (s)
- Stop capture (p)
Once capture is started and the trigger condition is met, the sniffer captures the specified number of packets. After the capture is done, the buffer is displayed using current settings.
The display settings may be adjusted without a new capture. Once the buffer is captured,
it is stored in the memory and can be displayed again using a b command.