USB Monitor

USB plays a crucial role in modern computing, enabling data transfer and interaction between various devices and applications. USB Monitor allows users to capture and inspect low-level USB interactions initiated by other applications on their PC. This capability is essential for tasks such as debugging USB device behavior, reverse-engineering vendor-specific USB protocols, and developing custom USB devices and drivers.

Capabilities

Required

org.jancy.io.usb
 Required for low-level IO operations on USB endpoints.

Basic Setup

  1. Ensure USBPcap is installed if you are on Windows, or that usbmon is enabled if you are on Linux.

Note

On Windows, USB Monitor requires the USBPcap capture driver. USBPcap is bundled with the full IO Ninja .msi installers, so if you installed IO Ninja this way, you are set. However, if you installed IO Ninja from a core .msi installer or a portable .7z package, you must install USBPcap from its official website manually.

On Linux, USB Monitor depends on usbmon, therefore you need to manually enable it to use the plugin.

  1. In IO Ninja, click the “New Session” dropdown and select a new “USB Monitor” session
_images/usb-monitor-new-session.png
  1. From the “Device:” dropdown menu, select the USB device you want to monitor.
_images/usb-monitor-getting-started-2.png
  1. Click the “Capture” button, to the right of the device selection dropdown.
_images/serial-mon-capture.png
  1. Analyze the log as USB traffic is intercepted.
_images/usb-monitor-getting-started-4.png
  1. Adjust settings as needed via the “Settings” button (see “Settings” section below for details)

Settings

_images/usb-monitor-settings.png
Setting Description Default
Device The USB device to be monitored.  
Kernel buffer size Specify the Pcap kernel buffer size (the amount of memory allocated in the kernel for storing captured packets before they are processed). 1MB
Read parallelism
(Windows-only)
 Maximum number of read requests to issue in parallel. Having more than one pending read at a time helps with increasing read throughput when incoming data arrives in rapid streams (after filling one user buffer, the kernel can immediately switch to the next one without any waiting). Increasing this number beyond 4 usually won’t yield any extra performance gains. 4
Read block size (B) The size of each individual read block submitted to the underlying transport. 4KB
RX buffer size (B) The full size of the incoming data (RX) buffer. Affects read throughput. 16KB
RX buffer full notifications Toggle warnings in log about the incoming data (RX) buffer getting full. off