--- On Mon, 12/1/08, Chris Frey <[EMAIL PROTECTED]> wrote:
> From: Chris Frey <[EMAIL PROTECTED]>
> Subject: Re: [Barry-devel] Any progress with Storm/9530
> To: "Barry project development discussion" <barry-devel@lists.sourceforge.net>
> Date: Monday, December 1, 2008, 10:53 PM
> On Mon, Dec 01, 2008 at 04:14:34AM -0800, John Smith wrote:
> > I can pursue snooping a VMWare connection using linux
> as soon as time
> > permits. Any instructions or pointers to docs would
> be appreciated.
> > I'm in a bit of a time crunch for the next week or
> so.
>
> I've updated the doc/USB-capture.txt file in the Barry
> tree to document
> my kernel and syslog settings when making USB captures. It
> is in the latest
> CVS tree.
>
> Kernel log performance can be fairly important depending on
> the speed
> of your machine, since a lot of data is generated as USB
> traffic.
>
> This is the only document I have on USB captures, so just
> ask if you run
> into problems.
>
> As for actually logging traffic, ideally, you would have
> about 3 entries
> in your Address Book and 3 in your Calendar, and then run a
> single run
> of the Windows database backup, with just those databases
> selected.
> Then send me the raw USB log, and the data in the Address
> Book / Calendar
> entries, so I can search for them. You can send this data
> off list,
> for size and privacy reasons.
>
> The more you can limit the size of the USB capture log to
> one run, and
> limited data, the better. The sequence would be:
>
> # zap /var/log/kern.log (or wherever you are logging to)
> cp /var/log/kern.log /var/log/kern.log.backup
> cp /dev/null /var/log/kern.log
>
> # enable kernel logging
> echo Y > /sys/module/usbcore/parameters/usbfs_snoop
>
> # open Windows backup and perform one backup of those
> databases
>
> # close Windows backup
>
> # disable kernel logging and keep log
> echo N > /sys/module/usbcore/parameters/usbfs_snoop
> cp /var/log/kern.log ~/log-for-chris.log
>
> Thanks!
> - Chris
Thanks. I'll backup the storm, reload and minimize data as suggested.
A quick google search found a usb sniffer for vista
(http://www.pcausa.com/Utilities/UsbSnoop/). I'll play w/ this first and then
get a vmware sniff going when my schedule clears up.
I'll also try a pre-storm version of blackberry DM and see what happens. I
doubt it would know any "new" storm protocol.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Barry-devel mailing list
Barry-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/barry-devel
