SʓIɁA܂ΏۂƂȂEBhEO̕cĂ܂A͍폜Ał悢ł傤B
ḿnt^A@USB|[g̒ʐMLv`
m߁nA.1@Linux}VɂȂUSBfoCXƂ̒ʐMLv`
mn@A.1.1@WiresharkCXg[
mn@A.1.2@USBfoCXȂ
mn@A.1.3@WiresharkNAUSBC^[tFCXI
mn@A.1.4@Lv`ʂ̊mF
mn@A.1.5@LinuxŃLv`ɂ
m߁nA.2@WindowsŔFUSBfoCXI/Oj^
mn@A.2.1@VirtualBoxCXg[
mn@A.2.2@[U[ǉ
mn@A.2.3@zXgOSċN
mn@A.2.4@VirtualBoxŔFUSBfoCXȂ
mn@A.2.5@VirtualBoxNAYfoCXVirtualBoxォg悤ɂ
mn@A.2.6@WindowsWiresharkNAΏۂƂȂ|[gIăLv`s
mn@A.2.7@Lv`
m߁nA.3@܂Ƃ
m߁nA.4@Ql

mLn}A-1@rootł̋Nɑ΂x
mLn}A-2@Lv`\ȃC^[tFCXꗗ
mLn}A-3@USBfoCXƃzXg̊Ԃ̂Ƃ
mLn}A-4@USB̐ݒʁBu+vACRNbNătB^ݒ肷
mLn}A-5@USBfoCXǉꂽݒ
mLn}A-6@2߂̃R}h{^NbN
mLn}A-7@Lv`\ȃC^[tFCẌꗗ
mLn}A-8@Windowssystem32fBNgɂEULA.txt
mLn}A-9@WiresharkŃLv`ʐM

=== ch12_appA.txt
[chap]t^A@USB|[g̒ʐMLv`

[_Author_]{{ vmjNTTf[^

@t^A͓{ŃIWi̋LŁAWiresharkpUSBfoCXƃzXgԂ̒ʐMLv`@ɂĉ܂BuWiresharklbg[NpPbgLv`̓c[vł͂Ȃ̂łAWiresharkȊO̗prłg邱Ƃ͈ӊOɒmĂ܂B{eł́AuȊOv̗pr1ƂāAWiresharkɂUSB|[g̒ʐMLv`܂BOS́AUbuntu 11.10 Desktopg܂B

[sec]A.1@Linux}VɂȂUSBfoCXƂ̒ʐMLv`
@Wiresharkł́ALinuxJ[l[_Fc_]usbmon[_/Fc_]LɂȂĂꍇɁAYJ[l삵ĂRs[^USB|[gɂȂꂽfoCXI/ÕLv`\łB
@ł́A肪eՂUSBiUSB Mass Storage DevicejLv`ΏۂƂāA菇܂B

[subsec]A.1.1@WiresharkCXg[
@UbuntuɕʂWiresharkCXg[܂BŕKvȃ\tgEFAł܂B

[subsec]A.1.2@USBfoCXȂ
@܂[_Fc_]lsusb[_/Fc_]R}hsāAfoCX̔F󋵂mF܂B̊ł͈ȉ̂悤ɂȂ܂B{I[_Fc_]Bus 001[_/Fc_]̉USBfoCXԂ炳`ɂȂ܂B

[list--]wakatono@packman:~$ [_Fcb_]lsusb[_/Fcb_]
[list--]Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
[list--]Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 005 Device 002: ID 0483:2016 SGS Thomson Microelectronics Fingerprint Reader
[list--]Bus 001 Device 011: ID 0718:0638 Imation Corp. 

@USBfoCXȂƂǂBusɐڑ̂ɂẮA炩ߒׂĔcĂĂB

[subsec]A.1.3@WiresharkNAUSBC^[tFCXI
@rootWiresharkN܂Bx\邩܂񂪁i[_Fb_]}A-1[_/Fb_]figA-01_warning.pngjACɂN܂傤BWireshark̃EBhE̍̕ɕ\ĂmInterface Listn΁ALv`\ȃC^[tFCXoXȂǂ킩܂i[_Fb_]}A-2[_/Fb_]figA-02_device_list.pngjBLv`Ώۂ̃foCXڑĂoXNbNĂB̏ꍇ́uUSB bus number 1vłB

{_GRAPHIC_} figA-01_warning.png遙
[_CAPTION_F_]}A-1@rootł̋Nɑ΂x

{_GRAPHIC_} figA-02_device_list.png遙
[_CAPTION_F_]}A-2@Lv`\ȃC^[tFCXꗗ

[subsec]A.1.4@Lv`ʂ̊mF
@WiresharkNALv`̊JnAUSBւ̃f[^̃Rs[Jn܂BRs[AWiresharkł̃Lv`~ăLv`f[^t@Cɏo܂BLv`t@CJ΁AUSBfoCXƃzXg̊ԂI/OiR}hށjmFł܂i[_Fb_]}A-3[_/Fb_]figA-03_cap_lin.pngjBA擾̂̓t@CVXe̊Ǘf[^ƃR}ĥƂ݂̂łBzXgƃfoCX̊ԂłƂ肳ꂽۂ̃Rs[f[^́ALv`t@CɊ܂܂܂B

{_GRAPHIC_} figA-03_cap_lin.png遙
[_CAPTION_F_]}A-3@USBfoCXƃzXgԂ̂Ƃ

[subsec]A.1.5@LinuxŃLv`ɂ
@USBʐM̃Lv`@\́AWireshark̋@\Ƃ́AWiresharkpĂ郉Cu[_Fc_]libpcap[_/Fc_]̋@\łB܂A[_Fc_]libpcap[_/Fc_]̃o[WɂĂUSBLv`̂߂̃pb`KvȂƂ܂B̂߁ALinuxUSBfoCX̃Lv`sɂ́Aȉ̏𖞂Kv܂B

1.[_Fc_]usbmon[_/Fc_]LɂȂLinuxJ[lp
2.USBLv`̂߂̃pb`Kpꂽ[_Fc_]libpcap[_/Fc_]
3.L2ŏ[_Fc_]libpcap[_/Fc_]pWireshark

@Ubuntu 11.10 DesktoṕAL̏WJ[l{WpbP[WŖĂ܂B

[sec]A.2@WindowsŔFUSBfoCXI/Oj^
@WindowsłWiresharkł́AUSBfoCXI/O𒼐ڃj^邱Ƃł܂BAWindowsŔFUSBfoCXI/Oj^@͂܂B

VirtualBoxWindowsNAΏۂUSBfoCXȂ
VirtualBoxWindowsɂȂꂽUSBfoCXUSB|[gALinuxUSBfoCXI/OLv`̂Ɠ@Ŏ擾

@̏ꍇAVirtualBoxŕIUSBfoCXFł悤ɂKv܂Bȍ~ł́AUSBfoCXVirtualBoxŔFł悤ɂAFꂽoXI/OLinuxŃLv`@ɂĉ܂BɂĎ擾łɎ኱Ⴂ͂܂Az}VƂ͂WindowsUSBʐMǐՂ邱ƂłƂ̂͗LpłB
@gp͑O߂ƓłBVirtualBoxɃCXg[QXgOSWindows XP SP3AfoCX͍USBgp܂B

[subsec]A.2.1@VirtualBoxCXg[
@UbuntũpbP[W}l[WɔCăCXg[܂B

[subsec]A.2.2@[U[ǉ
@Linux̃O[vɁAVirtualBox𓮍삳郆[U[ǉ܂BsȂƁAUSB|[gɂȂꂽfoCXF邱Ƃł܂B[_Fc_]/etc/group[_/Fc_]ҏWāAO[vivboxusersjɃ[U[iwakatonojǉ܂B

[list--]vboxusers:x:125:wakatono

[subsec]A.2.3@zXgOSċN
@OSUċNāA[U[̕ύX𔽉f܂B

[subsec]A.2.4@VirtualBoxFUSBfoCXȂ
@USBfoCX𕨗IɂȂĂBAUSB}Ǝ}EgĂ܂̂ŁAÔUSB̃}EgĂ܂Bȉ̗ł́A[_Fc_]umount /dev/sdb1[_/Fc_]R}hsĂ܂i[_Fc_]/dev/sdb1[_/Fc_]USBjB

[list--]root@packman:~# [_Fcb_]mount[_/Fcb_]
[list--]/dev/sda1 on / type ext4 (rw,errors=remount-ro,commit=600)
[list--]proc on /proc type proc (rw,noexec,nosuid,nodev)
[list--]sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
[list--]fusectl on /sys/fs/fuse/connections type fusectl (rw)
[list--]none on /sys/kernel/debug type debugfs (rw)
[list--]none on /sys/kernel/security type securityfs (rw)
[list--]udev on /dev type devtmpfs (rw,mode=0755)
[list--]devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
[list--]tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
[list--]none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
[list--]none on /run/shm type tmpfs (rw,nosuid,nodev)
[list--]binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
[list--]gvfs-fuse-daemon on /home/wakatono/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=wakatono)
[list--]/dev/sdb1 on /media/5017-E8DB type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks)

[subsec]A.2.5@VirtualBoxNAYfoCXVirtualBoxォg悤ɂ
@VirtualBoxN܂BǗĂOS̊eOracle VM VirtualBox}l[Wɕ\̂ŁAuUSBvIăfoCXtB^쐬܂BUSB̐ݒʂŁAu+vACRNbNătB^ݒ肵Ăi[_Fb_]}A-4[_/Fb_]figA-04_vbox_filter.pngjBUSBȂĂ΁AfoCX\̂Ń`FbNĂi[_Fb_]}A-5[_/Fb_]figA-05_vbox_filter2.pngjB

{_GRAPHIC_} figA-04_vbox_filter.png遙
[_CAPTION_F_]}A-4@USB̐ݒʁBu+vACRNbNătB^ݒ肷

{_GRAPHIC_} figA-05_vbox_filter2.png遙
[_CAPTION_F_]}A-5@USBfoCXǉꂽݒ

[subsec]A.2.6@WindowsWiresharkNAΏۂƂȂ|[gIăLv`s
@WindowsNȊÓAO߂ƂقƂǓłBWireshark̃EBhEō2߂̃R}h{^NbNi[_Fb_]}A-6[_/Fb_]figA-06_select_if.pngjALv`\ȃC^[tFCXi[_Fb_]}A-7[_/Fb_]figA-07_select_if2.pngj\ALv`Ώۂ̃foCXꗗIĂBUSBfoCXڑĂoX́uusbmon1 USB bus number 1vłB
}07ɂāA{ƓlAACRł͂ȂAj[̑Jڂŏ܂?

{_GRAPHIC_} figA-06_select_if.png遙
[_CAPTION_F_]}A-6@2߂̃R}h{^NbN

{_GRAPHIC_} figA-07_select_if2.png遙
[_CAPTION_F_]}A-7@Lv`\ȃC^[tFCẌꗗ

@̌AVirtualBoxœĂWindowsUSBɃt@CRs[܂BWindowsEULA.txti[_Fc_]C:\Windows\system32\EULA.txt[_/Fc_]jUSBɃRs[Ă݂܂i[_Fb_]}A-8[_/Fb_]figA-08_select_file.pngjB

{_GRAPHIC_} figA-08_select_file.png遙
[_CAPTION_F_]}A-8@Windowssystem32fBNgɂEULA.txt
́At@CRs[Ƃȏ̈Ӗ͂Ȃ̂ŁA̐}͕svƎv܂Aǂł傤B

[subsec]A.2.7@Lv`
@[_Fb_]}A-9[_/Fb_]figA-09_win_cap.pngɁAWiresharkł̊mFʂ܂B[_Fc_]EULA.txt[_/Fc_]Ɋ܂܂Ă{iASCIIj́̕APacket BytesyCł܂\łĂ܂񂪁AMICROSOFTn܂镶y1zAUSBɑf[^擾łĂ邱Ƃ킩܂i}09_win_capjD
u{ꂪ܂܂Ă邽߁C\ĂȂvƂ\ƁA{ꕔ͌ĂȂ悤Ɍ̂ƁAEULAmȂlƉȂĎ擾łĂƔfĂ̂悭Ȃ̂ł͂ȂƂƂŁA{𒼂Ă݂܂B

{_GRAPHIC_} figA-09_win_cap.png遙
[_CAPTION_F_]}A-9@WiresharkŃLv`USBfoCXƂ̒ʐM

[sec]A.3@܂Ƃ
@{ełUSBoX𗬂̃Lv`@ɂĉAǂ̂悤ȃf[^擾ł̂Ƃ̂Ꭶ܂BAł̂͂܂ňɂ܂Bǂ̂悤ȃfoCX͓ǎҎłB

[sec]A.4@Ql
[term1]CaptureSetup/USB - The Wireshark Wiki
[term2]http://wiki.wireshark.org/CaptureSetup/USB

=== EOF
