tr1x_em - tutorials
Welcome,here you can find more about me, oh and I write too!!
Zola
2025-12-29T12:15:00+00:00
https://trix.is-a.dev/tags/tutorials/atom.xml
USB Capture in Linux
2025-12-29T12:15:00+00:00
2025-12-29T12:15:00+00:00
tr1x_em
https://trix.is-a.dev/tutorials/usb-capture/
<p>Today we will learn how to capture USB packets in Linux.</p>
<p>Follow along the video and copy commands from here</p>
<iframe
class="youtube-embed"
src="https://www.youtube-nocookie.com/embed/UcMSPA5Q57Y"
allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share"
referrerpolicy="strict-origin-when-cross-origin" allowfullscreen>
</iframe>
<blockquote class="markdown-alert-note">
<p>All package name are for archlinux so for any other distro you
might need to search google what it is</p>
</blockquote>
<h3 id="step-1">STEP 1</h3>
<h4 id="install-wireshark-or-wireshark-qt">Install wireshark or wireshark-qt</h4>
<p>Do it according to your distro, then</p>
<p><strong>ONE TIME PROCESS</strong></p>
<ul>
<li>Add yourself to wireshark group - (<strong>IMPORTANT</strong>)</li>
</ul>
<pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> groupadd</span><span style="color: light-dark(#032F62, #9ECBFF);"> wireshark</span></span>
<span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> usermod</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">a</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">G</span><span style="color: light-dark(#032F62, #9ECBFF);"> wireshark</span><span> $</span><span>USER</span></span></code></pre><h3 id="step-2">STEP 2</h3>
<h4 id="install-usbmon">Install usbmon</h4>
<p>Do it according to your distro, then</p>
<p><strong>ONE TIME PROCESS</strong></p>
<ul>
<li>Add yourself to usbmon group - (<strong>IMPORTANT</strong>)</li>
</ul>
<pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> groupadd</span><span style="color: light-dark(#032F62, #9ECBFF);"> usbmon</span></span>
<span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> usermod</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">a</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">G</span><span style="color: light-dark(#032F62, #9ECBFF);"> usbmon</span><span> $</span><span>USER</span></span></code></pre>
<p>Then run this : (<strong>IMPORTANT</strong>)</p>
<p>It would let u capture usb packets without root permissions</p>
<pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> tee</span><span style="color: light-dark(#032F62, #9ECBFF);"> /etc/udev/rules.d/99-usbmon.rules</span><span style="color: light-dark(#D73A49, #F97583);"> <<</span><span style="color: light-dark(#032F62, #9ECBFF);">'</span><span style="color: light-dark(#032F62, #9ECBFF);">EOF</span><span style="color: light-dark(#032F62, #9ECBFF);">'</span></span>
<span class="giallo-l"><span style="color: light-dark(#032F62, #9ECBFF);">SUBSYSTEM=="usbmon", GROUP="wireshark", MODE="0640"</span></span>
<span class="giallo-l"><span style="color: light-dark(#032F62, #9ECBFF);">EOF</span></span>
<span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> udevadm</span><span style="color: light-dark(#032F62, #9ECBFF);"> control</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">-reload-rules</span></span>
<span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> udevadm</span><span style="color: light-dark(#032F62, #9ECBFF);"> trigger</span></span></code></pre>
<blockquote class="markdown-alert-note">
<p>You might need to logout and login again</p>
</blockquote>
<h3 id="step-3">STEP 3</h3>
<h4 id="load-usbmon-module">Load usbmon module</h4>
<p>Run</p>
<pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="plain"><span class="giallo-l"><span>sudo modprobe usbmon</span></span></code></pre>
<p>It would load the kernel module</p>
<h2 id="step-4-6">STEP 4 - 6</h2>
<ul>
<li>Capture USB packets</li>
<li>Do the thing thats told to you</li>
<li>Name the file and send it.</li>
</ul>
<p>Voila, you have captured your USB packets 🫡</p>