WiresharkpUSBfoCXƃzXgƂ̊ԂōsĂʐMLv`

uWiresharklbg[NpPbgLv`̓c[vƂ悤ɎvĂƎv܂B{łprŎgĂ܂AȊO̗prłg邱Ƃ͈ӊOɒmĂ܂B
{eł́AuȊOv̗pr1ƂāAUSB|[g̒ʐMLv`܂BOS́AUbuntu 11.10 Desktopg܂B

Linux}VɐڑUSBfoCXƂ̊ԂōsʐMLv`
Wiresharkł́ALinuxJ[lusbmonLɂȂĂꍇɁAYJ[l삵ĂRs[^USB|[gɐڑꂽfoCXI/OɂĂLv`\łBusbmońAUbuntu̕WJ[lł͗LɂȂĂ܂ÃvbgtH[łLɂȂĂ΁Al̎菇ŃLv`\ɂȂ邱Ƃ܂B
ʐMLv`ΏۂƂȂUSBfoCXłA肪eՂUSBiUSB Mass Storage DevicejIĂ܂B

WiresharkCXg[
UbuntuɕʂWiresharkCXg[܂DŕKvƂ\tgEFA͏ł܂B

USBfoCXPCɑ
́COq̂ƂUSBƂ̊ԂI/OLv`ΏۂƂ܂B
lsusbR}hp邱ƂŁAfoCXF̏󋵂mFł܂B
M҂̊ł́Aȉ̂悤ȊɂȂ܂C{ Bus 001 ̉USBfoCXԂ牺`ɂȂ܂D

wakatono@packman:~$ lsusb
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 002: ID 0483:2016 SGS Thomson Microelectronics Fingerprint Reader
Bus 001 Device 011: ID 0718:0638 Imation Corp. 

foCX}ƂǂBusɐڑ̂HƂΉ́A炩ߒEcĂƂ悢ł傤B

WiresharkNCUSBC^tF[XI
rootWiresharkN܂Dxo邩܂񂪁i}warningjCCɂN܂傤D
NCEBhE̍ƁCLv`\ȃC^tF[XoX킩܂i}02_device_listjDΏۂƂȂfoCXڑĂoXLv`悤CΏۂ̃oXNbN܂D̏ꍇ́uUSB bus number 1vNbN܂D

Lv`ʂ̊mF
uWiresharkNLv`JnUSBւ̃f[^̃Rs[vCWiresharkł̃Lv`~CLv`f[^t@Cɏo܂D

UbuntuWiresharkŁCUSBfoCXƃzXg̊Ԃ̃R}hނ̓Lv`mFł܂Di}03_cap_linjDmFƂ킩̂łCt@CVXe̊Ǘf[^ƃR}ĥƂ͊mFł̂́CzXgƃfoCX̊ԂłƂ肳ꂽۂ̃Rs[f[^̓Lv`f[^ɂ͊܂܂܂D

LinuxŃLv`ɂ́H
USBLv`@\́CWireshark̋@\Ƃ́CWiresharkpĂ郉Culibpcap̋@\ɋĂ܂D܂ClibpcapUSBLv`̂߂̃pb`KvȂƂ܂D
̂߁Cȉ̏𖞑Kv܂D

(1) usbmonLɂȂLinuxJ[lp
(2) USBLv`̂߂̃pb`Kpꂽlibpcap
(3) (2)ŗpӂlibpcappWireshark

Ubuntu 11.10 Desktop ́CL(1)`(3)WJ[l{WpbP[WŖƂo邽ߗpĂ܂D

WindowsŔFUSBfoCX̓o͂j^

WindowsłWiresharkł́CUSBfoCXI/O𒼐ڃj^o܂D
CWindowsŔFUSBfoCXI/Oj^@͂܂D

EVirtualBoxWindows𓮍삳C]USBfoCXڑ
EVirtualBoxŐڑUSBfoCXڑĂUSB|[gCLinuxłUSBfoCXI/OLv`@gĎ擾

̏ꍇCVirtualBoxォ畨IUSBfoCXڑł悤ɂKv܂Dȍ~CUSBfoCXVirtualBoxF邽߂̕@ƁCĔFꂽUSBfoCXI/OLinuxŃLv`Ă݂܂傤D

́COq̂̂ƓlłD܂CVirtualBoxɃCXg[OŚCWindows XP SP3ƂĂ܂D
foCX́i܂jUSBƂ܂D

VirtualBoxCXg[
UbuntũpbP[W}l[WɔCăCXg[܂D

Linux̃O[vvboxuserɁCVirtualBox𓮍삳郆[Uǉ
ȂƁCUSB|[gɐڑꂽfoCXؔF邱Ƃł܂D/etc/group ҏWāCM҂̃[U wakatono CO[v vboxusers ɏĂ܂D

vboxusers:x:125:wakatono

OSUċN
LύX𔽉f܂D

܂CVirtualBoxォڑUSBfoCXڑ
ڑUSBfoCXڑĉD
CUSB}Ǝ}EgĂ܂̂ŁCÔUSBumountĂ܂Dȉ̗ႾƁC/dev/sdb1USBɂ̂ŁCumount /dev/sdb1Ă܂D

root@packman:~# mount
/dev/sda1 on / type ext4 (rw,errors=remount-ro,commit=600)
proc on /proc type proc (rw,noexec,nosuid,nodev)
sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
fusectl on /sys/fs/fuse/connections type fusectl (rw)
none on /sys/kernel/debug type debugfs (rw)
none on /sys/kernel/security type securityfs (rw)
udev on /dev type devtmpfs (rw,mode=0755)
devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
none on /run/shm type tmpfs (rw,nosuid,nodev)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
gvfs-fuse-daemon on /home/wakatono/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=wakatono)
/dev/sdb1 on /media/5017-E8DB type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks)

VirtualBoxNCYfoCXVirtualBoxォg悤ɂ
VirtualBoxNƁCOracle VM VirtualBox }l[WŊǗOS̊e񂪕\̂łC"USB"ICfoCXtB^쐬܂D}vbox_debfilɂāCUSBRlN^"+"킳ACRNbNāCK؂Ȑݒ{ĂĂi}04_vbox_filterjDfoCXڑĂ΁CfoCXɉ\܂̂ŁC`FbNĂĉi}05_vbox_filter2jD


WindowsWiresharkNCΏۂƂȂ|[gIăLv`s
Windows̋NsȊO͂قǂƓlłDقǋNWiresharkpꍇ́Ci}06_select_ifji}07_select_if2j̏ŃC^tF[XIĉDusbmon1 USB bus number 1USBfoCXڑĂoXɂȂ܂D
̌CVirtualBoxœ삵ĂWindowsFUSBɁC炩̃t@CCz}ṼfXNgbvɃRs[܂DM҂WindowsEULA.txtiC:\Windows\system32\EULA.txtjRs[܂i}08_select_filejD

Lv`
Wiresharkł̊mFʂ܂CEULA.txtɂ͓{ꂪ܂܂Ă邽߁C\ĂȂ܂CUSBɑf[^Ă邱Ƃ킩܂i}09_win_capjD

gpFvvCG^ȃhCoōsfoCXʐM̊Ď
ɂČ^Ȃ肵܂C炩̒ʐMsĂ邱Ƃ킩̂͑傫Ǝv܂DɁCz}VƂ͂WindowsUSBʐMǂ邱ƂoƂ̂́CKvƂȂvvCG^낤ƂłȂ낤Ƃǂ̂悤ȃf[^hCoƃfoCX̊ԂłƂ肳邩HƂ̂mFốCSƂ܂D
{ełUSBoX̃Lv`̎dCǂ̂悤ȃf[^̂HƂ̂͗Ꭶ܂C܂Ŗ{eŋ̂͗ł܂Dǂ̂悤ȃfoCXɂẮC{eɂȂFlłD

Ql
ECaptureSetup/USB - The Wireshark Wiki
@http://wiki.wireshark.org/CaptureSetup/USB
