From Fedora Project Wiki

No edit summary
No edit summary
Line 1: Line 1:
'''usbmon''' is a mechanism for catching information on the USB bus. This is useful for displaying USB traffic for problem solving or reverse engineering USB-protocols. The existing [http://lxr.free-electrons.com/source/Documentation/usb/usbmon.txt usbmon documentation] is very good.
'''usbmon''' is a kernel level interface to USB-packets. Displaying to USB-traffic can useful for problem solving or reverse engineering undocumented protocols.  


== Kernel module ==
== Kernel module ==
Line 60: Line 60:
- Run your tests with the USB device
- Run your tests with the USB device
- stop capturing the usbmon output
- stop capturing the usbmon output
== External Links ==
The existing [http://lxr.free-electrons.com/source/Documentation/usb/usbmon.txt usbmon documentation] is very good.

Revision as of 17:47, 4 December 2020

usbmon is a kernel level interface to USB-packets. Displaying to USB-traffic can useful for problem solving or reverse engineering undocumented protocols.

Kernel module

USB module can be compiled into kernel statically, or it can be module that can be loaded into kernel. Fedora should have it statically part of the kernel.

# grep USB_MON /boot/config-5.9.*
/boot/config-5.9.11-100.fc32.x86_64:CONFIG_USB_MON=y
/boot/config-5.9.8-100.fc32.x86_64:CONFIG_USB_MON=y
/boot/config-5.9.9-100.fc32.x86_64:CONFIG_USB_MON=y

shows that it was selected to be part of monolitic kernel, rather than module (CONFIG_USB_MON=m). Hence it does not need, or can be loaded into running kernel.

If it was compiled as module, it can be loaded into kernel:

# modprobe usbmon
# lsmod | grep usbmon

should list it as module.

If directory /sys/kernel/debug/usb/usbmon/ has files in it, kernel support should be ready.

# ls /sys/kernel/debug/usb/usbmon/
0s  0u  1s  1t  1u  2s  2t  2u
# ls -l /dev/usbmon*
crw-r----- 1 root usbmon 244, 0 Dec  4 19:25 /dev/usbmon0
crw-r----- 1 root usbmon 244, 1 Dec  4 19:25 /dev/usbmon1
crw-r----- 1 root usbmon 244, 2 Dec  4 19:25 /dev/usbmon2


User access rights

In Fedora, debugging users should belong to usbmon group, and additionally wireshark group in order to have access to debugging device files.

# usermod -a -G usbmon tuju
# id tuju
uid=1001(tuju) gid=1001(tuju) 
groups=1001(tuju),10(wheel),18(dialout),135(mock),498(wireshark),497(usbmon),494(vboxusers),48(apache)

[root@wasa ~]# id tuju uid=1001(tuju) gid=1001(tuju) groups=1001(tuju),10(wheel),18(dialout),135(mock),498(wireshark),497(usbmon),494(vboxusers),48(apache)


Capturing USB packets

First, identify which bus number of the device you want to trace. You can find this via lsusb. e.g.

Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

gives bus number 2.

To start capturing output do

# cat /sys/kernel/debug/usb/usbmon/2u > /tmp/usbmon_out

replacing 2u with your bus number (i.e. Bus003 -> 3u, Bus008 -> 8u).

This will continue to write to the file until it is terminated. The capture steps now look like

- start capturing the usbmon output to a file - Run your tests with the USB device - stop capturing the usbmon output

External Links

The existing usbmon documentation is very good.