USBfoCX|zXgԂ̒ʐM̃Lv`

uWiresharklbg[NpPbgLv`̓c[vƂ悤ɎvĂƎv܂B{łprŎgĂ܂AȊO̗prłg邱Ƃ͈ӊOɒmĂ܂B
{eł́AuȊOv̗pr1ƂāAUSB|[g̒ʐMLv`܂BOS́AUbuntu 11.10 Desktopg܂B

Linux}VɐڑUSBfoCXƂ̊ԂōsʐMLv`
Wiresharkł́ALinuxJ[lusbmonLɂȂĂꍇɁAYJ[l삵ĂRs[^USB|[gɐڑꂽfoCXI/OɂĂLv`\łBusbmońAUbuntu̕WJ[lł͗LɂȂĂ܂ÃvbgtH[łLɂȂĂ΁Al̎菇ŃLv`\ɂȂ邱Ƃ܂B
̃vbgtH[łʘ_Ƃĉ\Ƃł悢ł傤Bł΁Aul̎菇ŃLv`\ɂȂƎv܂BvƂ̕悤Ɏv܂B
ʐM̃Lv`ΏۂƂȂUSBfoCXłA肪eՂUSBiUSB Mass Storage DevicejIĂ܂B

WiresharkCXg[
UbuntuɕʂWiresharkCXg[܂BŕKvƂ\tgEFA͏ł܂B

USBfoCXPCɑ
́AOq̂ƂUSBƂ̊ԂI/OLv`ΏۂƂ܂B
lsusbR}hp邱ƂŁAfoCXF̏󋵂mFł܂B
M҂̊ł́Aȉ̂悤ȊɂȂ܂B{IBus 001̉USBfoCXԂ牺`ɂȂ܂B

wakatono@packman:~$ lsusb
vvgwakatono͎c܂܂ł悢?
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 002: ID 0483:2016 SGS Thomson Microelectronics Fingerprint Reader
Bus 001 Device 011: ID 0718:0638 Imation Corp. 

foCX}ƂǂBusɐڑ̂HƂΉ́A炩ߒEcĂƂ悢ł傤B

WiresharkNAUSBC^tF[XI
rootWiresharkN܂Bxo邩܂񂪁i}warningjACɂN܂傤B
NAEBhE̍ƁALv`\ȃC^tF[XoX킩܂i}02_device_listjBΏۂƂȂfoCXڑĂoXLv`悤AΏۂ̃oXNbN܂B̏ꍇ́uUSB bus number 1vNbN܂B

Lv`ʂ̊mF
uWiresharkNLv`JnUSBւ̃f[^̃Rs[vAWiresharkł̃Lv`~ALv`f[^t@Cɏo܂B

UbuntuWiresharkŁAUSBfoCXƃzXg̊Ԃ̃R}hނ̓Lv`mFł܂Bi}03_cap_linjBmFƂ킩̂łAt@CVXe̊Ǘf[^ƃR}ĥƂ͊mFł̂́AzXgƃfoCX̊ԂłƂ肳ꂽۂ̃Rs[f[^̓Lv`f[^ɂ͊܂܂܂B

LinuxŃLv`ɂ́H
USBLv`@\́AWireshark̋@\Ƃ́AWiresharkpĂ郉Culibpcap̋@\ɋĂ܂B܂AlibpcapUSBLv`̂߂̃pb`KvȂƂ܂B
̂߁Aȉ̏𖞑Kv܂B

(1) usbmonLɂȂLinuxJ[lp
(2) USBLv`̂߂̃pb`Kpꂽlibpcap
(3) (2)ŗpӂlibpcappWireshark

Ubuntu 11.10 Desktop ́AL(1)`(3)WJ[l{WpbP[WŖƂo邽ߗpĂ܂B

WindowsŔFUSBfoCX̓o͂j^

WindowsłWiresharkł́AUSBfoCXI/O𒼐ڃj^o܂B
AWindowsŔFUSBfoCXI/Oj^@͂܂B

EVirtualBoxWindows𓮍삳A]USBfoCXڑ
EVirtualBoxŐڑUSBfoCXڑĂUSB|[gALinuxłUSBfoCXI/OLv`@gĎ擾

̏ꍇAVirtualBoxォ畨IUSBfoCXڑł悤ɂKv܂Bȍ~AUSBfoCXVirtualBoxF邽߂̕@ƁAĔFꂽUSBfoCXI/OLinuxŃLv`Ă݂܂傤B

́AOq̂̂ƓlłB܂AVirtualBoxɃCXg[OŚAWindows XP SP3ƂĂ܂B
foCX́i܂jUSBƂ܂B

VirtualBoxCXg[
UbuntũpbP[W}l[WɔCăCXg[܂B

Linux̃O[vvboxuserɁAVirtualBox𓮍삳郆[Uǉ
ȂƁAUSB|[gɐڑꂽfoCXؔF邱Ƃł܂B/etc/group ҏWāAM҂̃[U wakatono AO[v vboxusers ɏĂ܂B

vboxusers:x:125:wakatono

OSUċN
LύX𔽉f܂B

܂AVirtualBoxォڑUSBfoCXڑ
ڑUSBfoCXڑĉB
AUSB}Ǝ}EgĂ܂̂ŁAÔUSBumountĂ܂Bȉ̗ႾƁA/dev/sdb1USBɂ̂ŁAumount /dev/sdb1Ă܂B

root@packman:~# mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro,commit=600)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/wakatono/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=wakatono)
/dev/sdb1 on /media/5017-E8DB type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks)

VirtualBoxNAYfoCXVirtualBoxォg悤ɂ
VirtualBoxNƁAOracle VM VirtualBox }l[WŊǗOS̊e񂪕\̂łA"USB"IAfoCXtB^쐬܂B}vbox_debfilɂāAUSBRlN^"+"킳ACRNbNāAK؂Ȑݒ{ĂĂi}04_vbox_filterjBfoCXڑĂ΁AfoCXɉ\܂̂ŁA`FbNĂĉi}05_vbox_filter2jB


WindowsWiresharkNAΏۂƂȂ|[gIăLv`s
Windows̋NsȊO͂قǂƓlłBقǋNWiresharkpꍇ́Ai}06_select_ifji}07_select_if2j̏ŃC^tF[XIĉBusbmon1 USB bus number 1USBfoCXڑĂoXɂȂ܂B
̌AVirtualBoxœ삵ĂWindowsFUSBɁA炩̃t@CAz}ṼfXNgbvɃRs[܂BM҂WindowsEULA.txtiC:\Windows\system32\EULA.txtjRs[܂i}08_select_filejB

Lv`
Wiresharkł̊mFʂ܂AEULA.txtɂ͓{ꂪ܂܂Ă邽߁A\ĂȂ܂AUSBɑf[^Ă邱Ƃ킩܂i}09_win_capjB

gpFvvCG^ȃhCoōsfoCXʐM̊Ď
ɂČ^Ȃ肵܂A炩̒ʐMsĂ邱Ƃ킩̂͑傫Ǝv܂BɁAz}VƂ͂WindowsUSBʐMǂ邱ƂoƂ̂́AKvƂȂvvCG^낤ƂłȂ낤Ƃǂ̂悤ȃf[^hCoƃfoCX̊ԂłƂ肳邩HƂ̂mFốASƂ܂B
{ełUSBoX̃Lv`̎dAǂ̂悤ȃf[^̂HƂ̂͗Ꭶ܂A܂Ŗ{eŋ̂͗ł܂Bǂ̂悤ȃfoCXɂẮA{eɂȂFlłB

Ql
ECaptureSetup/USB - The Wireshark Wiki
@http://wiki.wireshark.org/CaptureSetup/USB
