Support #938
Updated by Daniel Curtis over 6 years ago
This is a guide on sniffing USB data using Wireshark on Arch Linux.
h2. Prepare the Environment
* Make sure the system is up to date:
<pre>
sudo pacman -Syu
</pre>
h2. Setup usbmon
* Load the usbmon kernel module:
<pre>
sudo modprobe usbmon
</pre>
* Give regular users privileges to access the usbmon interfaces:
<pre>
sudo setfacl -m u:$USER:r /dev/usbmon*
sudo chmod +r /dev/usbmon*
</pre>
h2. Install Wireshark
* Install wireshark:
<pre>
sudo pacman -S wireshark-gtk
</pre>
* Add a regular user to the wireshark group:
<pre>
sudo usermod -aG wireshark $USER
</pre>
#* *NOTE*: Log out and log back in to make the new group membership take effect.
* Change the group ownership of the usbmon interfaces
<pre>
sudo chgrp wireshark /dev/usbmon*
</pre>
*NOTE*: Using the regular application launcher from the menu did not let me see the usbmon interfaces. To work around this, I opened up a terminal and launched wireshark from there:
<pre>
wireshark-gtk &
</pre>
h2. Resources
* https://wiki.wireshark.org/CaptureSetup/USB