tr1x_em - tutorials https://trix.is-a.dev Welcome,here you can find more about me, oh and I write too!! Zola en Mon, 29 Dec 2025 12:15:00 +0000 USB Capture in Linux Mon, 29 Dec 2025 12:15:00 +0000 tr1x_em https://trix.is-a.dev/tutorials/usb-capture/ https://trix.is-a.dev/tutorials/usb-capture/ <p>Today we will learn how to capture USB packets in Linux.</p> <p>Follow along the video and copy commands from here</p> <iframe class="youtube-embed" src="https://www.youtube-nocookie.com/embed/UcMSPA5Q57Y" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen> </iframe> <blockquote class="markdown-alert-note"> <p>All package name are for archlinux so for any other distro you might need to search google what it is</p> </blockquote> <h3 id="step-1">STEP 1</h3> <h4 id="install-wireshark-or-wireshark-qt">Install wireshark or wireshark-qt</h4> <p>Do it according to your distro, then</p> <p><strong>ONE TIME PROCESS</strong></p> <ul> <li>Add yourself to wireshark group - (<strong>IMPORTANT</strong>)</li> </ul> <pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> groupadd</span><span style="color: light-dark(#032F62, #9ECBFF);"> wireshark</span></span> <span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> usermod</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">a</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">G</span><span style="color: light-dark(#032F62, #9ECBFF);"> wireshark</span><span> $</span><span>USER</span></span></code></pre><h3 id="step-2">STEP 2</h3> <h4 id="install-usbmon">Install usbmon</h4> <p>Do it according to your distro, then</p> <p><strong>ONE TIME PROCESS</strong></p> <ul> <li>Add yourself to usbmon group - (<strong>IMPORTANT</strong>)</li> </ul> <pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> groupadd</span><span style="color: light-dark(#032F62, #9ECBFF);"> usbmon</span></span> <span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> usermod</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">a</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">G</span><span style="color: light-dark(#032F62, #9ECBFF);"> usbmon</span><span> $</span><span>USER</span></span></code></pre> <p>Then run this : (<strong>IMPORTANT</strong>)</p> <p>It would let u capture usb packets without root permissions</p> <pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="shellscript"><span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> tee</span><span style="color: light-dark(#032F62, #9ECBFF);"> /etc/udev/rules.d/99-usbmon.rules</span><span style="color: light-dark(#D73A49, #F97583);"> &lt;&lt;</span><span style="color: light-dark(#032F62, #9ECBFF);">&#39;</span><span style="color: light-dark(#032F62, #9ECBFF);">EOF</span><span style="color: light-dark(#032F62, #9ECBFF);">&#39;</span></span> <span class="giallo-l"><span style="color: light-dark(#032F62, #9ECBFF);">SUBSYSTEM==&quot;usbmon&quot;, GROUP=&quot;wireshark&quot;, MODE=&quot;0640&quot;</span></span> <span class="giallo-l"><span style="color: light-dark(#032F62, #9ECBFF);">EOF</span></span> <span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> udevadm</span><span style="color: light-dark(#032F62, #9ECBFF);"> control</span><span style="color: light-dark(#005CC5, #79B8FF);"> -</span><span style="color: light-dark(#005CC5, #79B8FF);">-reload-rules</span></span> <span class="giallo-l"><span style="color: light-dark(#6F42C1, #B392F0);">sudo</span><span style="color: light-dark(#032F62, #9ECBFF);"> udevadm</span><span style="color: light-dark(#032F62, #9ECBFF);"> trigger</span></span></code></pre> <blockquote class="markdown-alert-note"> <p>You might need to logout and login again</p> </blockquote> <h3 id="step-3">STEP 3</h3> <h4 id="load-usbmon-module">Load usbmon module</h4> <p>Run</p> <pre class="giallo" style="color-scheme: light dark; color: light-dark(#24292E, #E1E4E8); background-color: light-dark(#FFFFFF, #24292E);"><code data-lang="plain"><span class="giallo-l"><span>sudo modprobe usbmon</span></span></code></pre> <p>It would load the kernel module</p> <h2 id="step-4-6">STEP 4 - 6</h2> <ul> <li>Capture USB packets</li> <li>Do the thing thats told to you</li> <li>Name the file and send it.</li> </ul> <p>Voila, you have captured your USB packets 🫡</p>