Installation of usbmon on Linux

Preface

usbmon is the official Linux kernel facility to collect IO traces on the USB bus. There’s no need to download and install it (it’s part of kernel) – but the usbmon kernel module is not enabled by default.

IO Ninja plugins USB Monitor and HID Monitor depend on usbmon on Linux; as such, you need to enable it for proper operation of these plugins (attempting to capture yields an error otherwise).

Installation

If you only need to use usbmon on rare occasions, it’s sufficient to only load it when needed.

$ sudo modprobe usbmon

That’s it, usbmon is now loaded and ready for use. You can verify it by running:

$ lsmod | grep usbmon

If you reboot, usbmon will not be automatically re-loaded, so you’ll need to run modprobe again next time you need it.

Loading usbmon at boot

If you want usbmon to load automatically, you need to add it to the modprobe database. Modify the /etc/modules file in your favorite editor by adding usbmon to the very bottom:

usbmon

This will make usbmon to load at boot automatically.

Permissions

By default, only root is able to access usbmon and capture USB packets. Otherwise, it would represent a major security threat – just imagine a non-privileged process being able to intercept all keystrokes on a USB keyboard!

However, it could be inconvenient to have to use sudo every time you start a USB debugging session. As a compromise, you can allow a group of privileged users to access usbmon without sudo. Let’s show how it’s done.

First, create a dedicated user group and add yourself (and maybe some other trusted users) to this group:

$ sudo addgroup usbmon
$ sudo usermod $USER -aG usbmon

Be sure to log out and log back in for the new group membership to be in effect.

Then add a udev rule for usbmon devices to give permissions to this newly added usbmon group. udev rule files are kept in this directory:

/etc/udev/rules.d/

Note

Names of files under /etc/udev/rules.d/ are normally prefixed by two decimal digits to explicitly specify the order in which rules are applied. In our case, there are no any particular requirements to the rule order – just make sure no other file overwrites permissions for usbmon.

Create a file called /etc/udev/rules.d/10-usbmon.rules with the following contents:

$ SUBSYSTEM=="usbmon", GROUP="usbmon", MODE="660"

In order to apply this newly added udev rule, either (a) reboot or (b) restart usbmon as such.

$ sudo rmmod usbmon
$ sudo modprobe usbmon

Now all members of the usbmon group can capture USB packets without the need for sudo.

See Also

For more details, please refer to the official kernel documentation page for usbmon: https://docs.kernel.org/usb/usbmon.html