Re: [Barry-devel] Any progress with Storm/9530

Mon, 01 Dec 2008 14:54:33 -0800 

On Mon, Dec 01, 2008 at 04:14:34AM -0800, John Smith wrote:
> I can pursue snooping a VMWare connection using linux as soon as time
> permits.  Any instructions or pointers to docs would be appreciated.
> I'm in a bit of a time crunch for the next week or so.

I've updated the doc/USB-capture.txt file in the Barry tree to document
my kernel and syslog settings when making USB captures.  It is in the latest
CVS tree.

Kernel log performance can be fairly important depending on the speed
of your machine, since a lot of data is generated as USB traffic.

This is the only document I have on USB captures, so just ask if you run
into problems.

As for actually logging traffic, ideally, you would have about 3 entries
in your Address Book and 3 in your Calendar, and then run a single run
of the Windows database backup, with just those databases selected.
Then send me the raw USB log, and the data in the Address Book / Calendar
entries, so I can search for them.  You can send this data off list,
for size and privacy reasons.

The more you can limit the size of the USB capture log to one run, and
limited data, the better.  The sequence would be:

        # zap /var/log/kern.log (or wherever you are logging to)
        cp /var/log/kern.log /var/log/kern.log.backup
        cp /dev/null /var/log/kern.log

        # enable kernel logging
        echo Y > /sys/module/usbcore/parameters/usbfs_snoop

        # open Windows backup and perform one backup of those databases

        # close Windows backup

        # disable kernel logging and keep log
        echo N > /sys/module/usbcore/parameters/usbfs_snoop
        cp /var/log/kern.log ~/log-for-chris.log

Thanks!
- Chris


-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel

Reply via email to