Create usbmon capture

This article explains how to create usbmon captures with postmarketOS. One use case is capturing traffic between a USB attached modem inside the device (like the eg25-g in the PinePhone) to figure out modem related problems.

Kernel module
Load the  kernel module:

If it is not available for the kernel that your device uses, adjust your kernel config to enable, build the kernel on your PC and install it. Make a merge request to pmaports so it will be enabled for others in the future.

Find the USB bus
Use  to figure out the relevant USB Bus ID. In this example, it is the bus.

Find the interface
This guide uses  to capture the traffic. Find the relevant interface first, in the example.

Over SSH
A convenient setup is running wireshark on your PC and have it analyze the traffic in real time. Enable SSH and configure it so you can login with your PC's SSH key as  on your phone. Then run the following script on your PC to launch tcpdump over ssh, and pipe its output into wireshark. Once you run the command, you need to login via SSH first (e.g. type in the password of your SSH key). Afterwards the connection should be established, and whenever something happens on the USB, you should see related packages in wireshark.

Locally
Depending on what you want to test, you might need to do a local capture instead. For example, when debugging problems related to suspending (where the application processor goes to sleep and the SSH connection would be lost).

Run this on your phone to do a local capture:

Analyzing
To analyze the captured packages, view them in Wireshark.

Using WiresharkQMIDissector
If you have captured traffic of a modem speaking the Qualcomm MSM Interface (QMI) protocol (e.g. the eg25-g in the PinePhone), a dissector based on libqmi can be generated and used as follows:

QMI packets should show up as USB/QMI protocol now, and you can filter for "qmi" (e.g. with the display filter input).