=== ch03.docx
[chap]3́@WiresharkTv

1͂ŐGꂽ悤ɁApPbg͂ɎgpPbgLv`c[ɂ͂܂܂Ȏނ܂A{łWiresharkグĂ܂B̏͂łWireshark̊Tv܂B

Wireshark̗j
Wiresharkɂ͒j܂BWireshark̓JUXVeBɂ~Y[wŃRs[^TCGXw񂾃WFhER[YiGerald CombsjKvɔĊĴn܂łBŏ̃o[ẂA1998NGPLiGNU Public LicensejɂEtherealƂOŌJ܂B
EtherealJĂ8NAR[Y͐VȃLA߂Ă܂ŋ΂߂ĂƂސE܂BcOȂސE̊ƂEthereal̏WĂ߁AR[Y͌_Etherealuhp邱ƂłȂȂĂ܂܂BɁAR[YEthereal̊J`[́A2006N΂WiresharkƂVȏWŃvWFNgĊJ܂B
Wireshark͌IȐƂAJɂ500l̐lĂ܂BEtherealƂÕvO͂JĂ܂B

Wireshark̗_
Wiresharkɂ́AX̃pPbg͂ɕ֗ȋ@\܂B1͂ŏqׂpPbgLv`c[̕]ڂɏ]Wireshark]Ă݂܂傤B

T|[gĂvgR
WiresharkIPDHCP̂悤ȈʓIȂ̂AAppleTalkBitTorrent̂悤ȓ̃[J[\tgEFAłgȂ̂܂ŁA{M_850ȏ̃vgRT|[gĂ܂BWireshark̓I[v\[XfƂĊJĂAWiresharkXVxɐVvgRǉĂ܂B

@őɂȂƂłAWiresharkT|[gĂȂvgRKvƂĂꍇAł̃vgRT|[gR[hWireshark̊J҂ɒ񋟂AĂ炤Ƃł܂i񂻂̃R[hF΂łjB

쐫
Wireshark͑̃pPbgLv`c[ƔrĂFȂC^tF[XĂA₷ReLXgj[ƃCAEgGUIx[X̃AvP[VłBvgRƂ̐F␶f[^̃OtBJȕ\ƂA쐫コ@\Ă܂Btcpdump̂悤ȓȃR}hCC^[tF[X̑փAvP[VƈႢAWireshark̓pPbg͂n߂悤ƂlɂƂĎg₷c[Ƃ܂B

RXg
Wireshark̓I[v\[XŁAGPLCZX̂Ɩœ肷邱Ƃł܂BlpApp킸ANłWireshark_E[hĔCӂ̖ړIŎgƂł܂B

@Wireshark͖łAԈĂ𕥂Ăl܂BeBayŃpPbgLv`c[ƁAWiresharḱuvtFbViƃCZXvA39.95hƂቿiŔ悤ƂĂl񂢂邱Ƃɋł傤B񂱂͒ԂłA{ɔȂAɓdbB킽P^bL[ŔɏoĂr[`̕ɂĘb܂傤iĖ󒍁FP^bL[͓̏BȂ̂ŁAur[`̕v݂͑܂jB

T|[g
\tgEFȂP͂̃T|[gɂČ܂ƂĂߌł͂܂BWireshark̂悤ȃt[ŌJĂ\tgEFAɌT|[gƂ͌܂BI[v\[X̃\tgEFÃT|[g[U݂ł邱Ƃ̂͂̂߂łBK^ȂƂɁAWireshark̃[UR~jeB́AI[v\[X̃vWFNg̒łɊłBWiresharkWeby[Wɂ́AIChLgAJ҂̂߂WikiAFAQAvȊJ҂QĂ郁[OXgɓo^邽߂̕@ƂNڂĂ܂BCACE TechnologiesSharkNetvO𗘗p΁ALT|[g󂯂邱Ƃł܂B

OS̃T|[g
WiresharkWindowsAMac OS XALinuxx[X̃vbgtH[ȂǁAݎvOŜׂĂT|[gĂ܂BT|[gĂOS̈ꗗ́AWiresharkWeby[WŌ邱Ƃł܂B

Wireshark̃CXg[
Wireshark̃CXg[͋قǊȒPłBACXg[OɈȉ̃VXev𖞂Ă邩ǂmFĂĂB

400MHzȏCPU
128MBRAM
75MBȏ̃fBXN̈
v~XLX[hT|[gĂNIC
WinPcapLv`hCo

WinPcapLv`hCóApcapƂpPbgLv`APIWindowsłłBPɃCXg[邾ŁÃhCoOSƂƂ肵Đ̃pPbgf[^Lv`AtB^KpANICv~XLX[hɐ؂ւ肵Ă܂B
WinPcaṕihttp://www.winpcap.orgjʂɃ_E[h邱Ƃł܂AʏWireshark̃pbP[WCXg[邱Ƃ߂܂BpbP[WɓĂWinPcapWiresharkł̓삪mFꂽo[WłB


Windowsł̃CXg[
WiresharkWindowsɃCXg[ŏ̈́AWiresharkWeby[Wihttp://www.wireshark.org/jAŐVłWireshark肷邱ƂłBWebTCǵu_E[hvւƐi݁A~[TCgIĂiĖ: {Ė󎞓_ł́AWebTCǵuDownload WiresharkvւƐi݁AgpĂOSɍvpbP[WIĂjBpbP[W_E[hAȉ̎菇ŃCXg[ĂB

1D.exet@C_uNbNA\ꂽEBhE[Next]NbN܂B
2DCZXǂ݁AӂȂ[I Agree]NbN܂B
3D}3-1̃EChEŃCXg[Wireshark̃R|[lgI܂Bł͉ύX[Next]NbN܂B

}3-1@CXg[R|[lgI

4D[Additional Tasks]EBhE[Next]NbN܂B
5DWireshark̃CXg[w肵A[Next]NbN܂B
6DWinPcapCXg[邩q˂_CAO\̂ŁA[Install WinPcap]`FbN{bNX}3-2̂悤Ƀ`FbNĂ邱ƂmFA[Install]NbNăCXg[Jn܂B

}3-2@WinPcaphCõCXg[I

7DWireshark̃CXg[̓rŁAWinPcap̃CXg[n܂܂BEBhE\̂[Next]NbNACZXǂł[I Agree]NbNĂB
8DWinPcapCXg[܂BI[Finish]NbN܂B
9DWireshark̃CXg[p܂BI[Next]{^NbN܂B
10DCXg[I̊mFEBhEŁA[Finish]{^NbN܂B


Linuxł̃CXg[
WiresharkLinuxɃCXg[ŏ̈́AK؂ȃCXg[pbP[W̃_E[hłBAׂĂLinuxfBXgr[VpbP[W񋟂Ă킯ł͂Ȃ̂ŁApbP[WȂƂċȂłB
ʏVXeɃ\tgEFACXg[ۂɂ́ArootKvƂȂ܂B\tgEFA\[XRpCēƎɃCXg[ꍇ́AʏrootȂŃCXg[\łB

RPMx[X̃VXe
Red Hat Enterprise Linux̂悤RPMx[X̃fBXgr[Vł́AWiresharkWebTCgK؂ȃCXg[pbP[W_E[hŁAR\[JÂ悤ɓ͂܂it@C̓_E[hpbP[Ŵ̂ɓKXςĂjBiĖ󒍁Fŋ߂FedoraCentOSȂǂ̃VXełwireshark-gnomepbP[WCXg[ĂBwiresharkpbP[W̓R}hCł̃pbP[WƂȂĂ܂B܂RPMt@C𒼐ڃCXg[̂ł͂ȂAyumg悢ł傤j:

rpm -ivh wireshark-0.99.3.i386.rpm

ˑpbP[WCXg[ĂȂꍇ́ACXg[ĂēxWiresharkCXg[ĂB

DEBx[X̃VXe
DebianUbuntû悤DEBx[X̃fBXgr[Vł́AVXẽ|WgWiresharkCXg[邱Ƃł܂BR\[JÂ悤ɓ͂܂:
apt-get install wireshark

\[X̃RpC
gĂLinuxfBXgr[VɃpbP[WǗ@\ȂꍇAWiresharkCXg[őP̕@̓\[X̃RpCłBȉ̎菇ɍsĂ܂:


1DWiresharkWebTCg\[XpbP[W_E[h܂B
2D̂悤ɓ͂ăA[JCuWJ܂it@C̓_E[hpbP[Ŵ̂ɓKXςĂjB
tar -jxvf wireshark-1.2.2.tar.bz2
3DVKɍ쐬ꂽfBNgɃt@CWJ܂̂ŁAcd܂B
4Droot[UŃR}h./configuresāAgĂLinuxfBXgr[VɓKrhs߂Ƀ\[X܂BftHgȊÕCXg[ݒꍇ́AŃIvVw肵܂Bˑ郉CuȂǂȂꍇ͋炭G[ł傤B肪Ȃ΁A}3-3̂悤ȐbZ[W\͂łB

}3-3@./configureR}hꍇ̕\

5D[make]R}h͂A\[XoCirh܂B
6D[make install]ōŏIIȃCXg[s܂B

Mac OS Xł̃CXg[
Mac OS X Snow LeopardWiresharkCXg[ɂ͎኱̒ӂKvłACXg[͓̂̂̂ł͂܂BȉɃCXg[̎菇܂iĖ󒍁FĖ󎞓_ōŐVł̃o[W1.8.0ł́ADMGpbP[W_E[hAPɃCXg[N邾ŃCXg[ł܂B{̎菇́AM_ōŐVłMac OS X Leopardp̃pbP[WCXg[菇̂悤łj:

1DWiresharkWebTCgDMGpbP[W_E[h܂B
2DWireshark.appApplicationstH_ɃRs[܂B
3DWireshark.appUtilitiestH_J܂B
4DFinder[Go]NbNA[Go To Folder]I܂B/usr/local/bin/Ɠ͂ăfBNgJ܂B
5DCommand LinetH_̒g/usr/local/bin/ɃRs[܂Bɂ̓pX[h̓͂KvłB
6DUtilitiestH_̒ChmodBPFtH_StartupItemstH_ɃRs[܂BsCXg[ɂ́AēxpX[h̓͂߂܂B


Wireshark̊{
Wireshark悭CXg[łA͎gĂ݂邾łBSł̃pPbgLv`c[NāApPbgācc\܂I
WiresharkNł͂܂ʔ܂Bʔ̂ɂ́Af[^WKv܂B

͂߂ẴpPbgLv`
WiresharkŃpPbg̃f[^͂ɂ́A܂pPbgLv`Ȃ΂Ȃ܂Bulbg[NɏQȂ̂ɂǂăpPbgLv`̂낤HvƋ^Ɏv܂B
܂Albg[Nɂ́AɂȂ炩̏Q܂B^̂Ȃlbg[Ñ[USɃ[𑗐MāAȂ̖ȂǂmFĂ݂ĂB
ɁApPbg͂́AQƂɂsȂȂ̂ł͂܂Bۂ̂ƂAlbg[NǗ҂̓guV[eBOAQ̂Ȃ̃lbg[N̉͂ɎԂĂ܂Blbg[ÑguV[eBOʓIɍs߂ɂ́Albg[NȏԂ̂Ƃ̏Ɣr邽߂̃x[XCKvȂ̂łBƂ΃pPbg͂DHCP̏Q悤ƂꍇAƓ삵ĂƂDHCPgtBbNǂ̂悤ɗĂ邩𗝉ĂKv܂B
܂AX̃lbg[Nُ̓߂ɂ́AȏԂmĂȂ΂ȂȂƂƂłBlbg[NȂƂɃx[XCmĂ΁AȂƂ̃gtBbNǂ̂悤Ȃ̂킩܂B
ł͂pPbgLv`Ă݂܂傤I

1DWiresharkN܂B
2Dj[[Capture]IA[Interfaces]NbN܂BpPbgLv`łNIC̈ꗗAIPAhXƂƂɃ_CAOɕ\܂B
3D}3-4Lv`NICI邩APɃEFJy[WInterface ListZNV̉ɂNICNbNŁA[Start]NbN܂BEBhEɃLv`f[^̕\Jn͂łB

}3-4@pPbgLv`NICI

iĖ󒍁FĖ󎞓_ōŐVł1.8.0ł́ANIC̓Lv`邽߁AOƂĂ1.6nȑOƂ̓C^tF[XقȂĂ܂B
1.8.0̐}3-4̉ʂ}3-4bɎ܂B

}3-4b@pPbgLv`NICIio[W1.8.0j
(Figure03-4.tiff)

ŃLv`NIC̍ɂ`FbN{bNXIiIjA[Start]NbN邱ƂőINIC̃pPbg̃Lv`Jn܂BEFJy[WLv`sꍇ́AStart̉ɂNICꗗLv`sNICNbNiIjŁAStartNbN܂Bj

4D҂ď[ȃpPbgLv`łACapturej[[Stop]NbN܂B

ȏ̎菇ŃpPbgLv`IƁAWireshark̃CEBhEɃf[^\܂Bʂ̃f[^Ɉ|邩܂񂪁AWireshark̃CEBhE̋@\Ă΁Aɕ悤ɂȂ܂B


Wireshark̃CEBhE
pPbg͒ɈԂ悭̂ÃCEBhEł傤Bɂ̓Lv`ꂽׂẴpPbgA킩₷`ŕ\Ă܂BقǃLv`pPbggāA}3-5̂悤Wireshark̃CEBhEĂ܂傤B

}3-5@ 3yC`̃CEBhE
Packet ListyCipPbg̈ꗗj
Packet DetailsyCipPbg̏ڍׁj
Packet BytesyCipPbg̃oCg\j

CEBhE3̃yC̕\݂͌ɘAgĂ܂BPacket ListyCiijŃpPbgNbNđI邱ƂŁAPacket DetailsyCiijɂ̃pPbg̏ڍׂ\܂BpPbgIPacket DetailsyCŃpPbg̊eNbNƁAPacket BytesyCiijŊYɑΉoCg񂪕\܂B

@}3-5ŁAPacket ListyCɂ̃vgR\Ă邱Ƃ܂BvgR̊KẅႢ́Aڂł͋ʂ܂BׂẴpPbgAlbg[N󂯎Ƃɕ\܂B

ȉɁAeyC̏ڍׂ܂B

Packet ListipPbg̈ꗗjyC
ĩyCɂ́ALv`t@Cɑ݂pPbg̈ꗗApPbgԍApPbgLv`ꂽΎApPbg̑MƈApPbg̃vgRApPbg̊TvƂƂɕ\܂B

@{ł̃gtBbNƂt́APacket ListyCɕ\Ă邷ׂẴpPbĝƂƎvĂBƂDNSgtBbNƌƂɂ́APacket ListyCɕ\Ă邷ׂĂDNSvgR̃pPbĝƂłB

Packet DetailsipPbg̏ڍׁjyC
ĩyCɂ́ÃpPbg̏ڍׂKw\ŕ\܂B̕\͍ŏ܂肽܂Ă܂AWJ邱Ƃœ̃pPbgɊւ邷ׂĂ̏邱Ƃł܂B

Packet BytesipPbg̃oCg\jyC
ĩyCɂ́A`O̐̃pPbg\Ă܂B΂Ӗsł傤B́Albg[NspPbg̐łÂ܂܂ł͉͂ɍłB

Wiresharkݒ
Wireshark͕KvɉĂ܂܂ȃJX^}CY\łBWireshark̐ݒʂ́ACEBhE[Edit][Preferences]NbNƕ\܂BPreferences_CAOɂ́AJX^}CY\ȃIvV}3-7̂悤Ɋ܂܂Ă܂B

}3-7@Preferences_CAOWiresharkJX^}CYłB

WiresharkPreferencesʂ́A6̎ȃZNVɕĂ܂iĖ󒍁FĖ󎞓_ōŐV1.8.0ł[Filter Expressions]ZNVǉA7ɂȂĂ܂jB

[User Interface]ZNV
Wireshark̃f[^\@ݒł܂Bł́AEBhȄꏊL邩ǂAyC̃CAEgAXN[o[̈ʒuAPacket ListyC̃J̃CAEgAf[^\ۂ̃tHgAEBhE̐FƂ̃IvVD݂ɉĕύXł܂B

[Capture]ZNV
ftHgNICAv~XLX[hftHgŎgp邩APacket ListyCA^CɍXV邩ƂApPbgLv`ɊւIvVݒł܂B

[Printing]ZNV
WiresharkŃf[^ۂ̂܂܂ȃIvVݒł܂B

[Name Resolution]ZNV
iMACAhXAgX|[gwȂǂ́jAhX킩₷OɉWireshark̋@\L邩ݒł܂B܂AɎs\ȖONGXg̍ő吔ݒł܂B

[Statistics]ZNV
Wireshark̓v@\ɊւIvVݒł܂B

[Protocols]ZNV
Wiresharkŉ͂\Ȃ܂܂ȃpPbg̃Lv`\Ɋ֘AIvVݒł܂BvgRׂ̂ĂɐݒIvV킯ł͂܂B̃IvV́A炩̗RȂύXȂق悢ł傤B

pPbg̐F
ǎ҂݂̂Ȃ񂪂킽Ɠނł΁AN₩ȉʂ₫ꂢȐFyłƎv܂BƁA}3-8̗̂悤ȁAFƂǂPacket ListyC͓Ił͂Ȃł傤i}̓mNłAӖ͂킩܂ˁjB̐F͓KɌ߂Ă悤ɂ܂Ał͂܂B


}3-8@WiresharkɂāAvgRƂɌ₷FĂ


epPbg̐Fɂ͈ӖAvgRɂĐFĂ܂BƂ΁ADNSgtBbN͐AHTTPgtBbN͗΂ƂłBFĂ邨ŁAPacket ListyCɕ\ĂepPbgProtocoltB[h11mFȂĂAvgRf邱Ƃł܂BȃLv`t@CƂɁA̐F̋@\̂ŉ͂啝ɃXs[hAbv邱Ƃłł傤B
F̃[́A}3-9[Coloring Rules]EBhEŊȒPɊmFł܂B̃EBhEJɂ́ACj[[View]IA[Coloring Rules]NbN܂B

}3-9@[Coloring Rules]EBhEŁApPbg̐F[ݒ肷

ŁA̐F[`Â̂ύX肷邱Ƃł܂BƂ΁AHTTPgtBbN̔wiFftHg̗΂烉x_[ɕς菇͈ȉ̂ƂłB

1DWiresharkNA[Coloring Rules]EBhE\܂i[View][Coloring Rules]IjB
2DF[̈ꗗHTTP̐F[NbNđI܂B
3D[Edit]{^NbN܂B}3-10̂悤[Edit Color Filter]_CAO\܂B

}3-10@[Edit Coloring Filter]_CAOŁAFƔwiFݒł

4D[Background Color]{^NbN܂B
5DIʂōD݂̐FIA[OK]{^NbN܂B
6D[OK]{^2񉟂Đݒe𔽉fACEBhEɖ߂܂Bݒ肵FfĂ͂łB

WiresharkgĂƁAvgR̃vgR葽ƂɋCÂł傤BFĂ邱Ƃłꂪ₷ȂĂ܂BƂDHCPT[oɏQNIPAhX̊蓖Ă܂ȂȂꍇADHCPvgRFɁi邢͑̂킩₷FɁjF邾ŁADHCPgtBbNȒPɌ邱ƂłApPbg͂܂B
Ǝ̃JX^tB^쐬邱ƂŁAF[g邱Ƃł܂B
WiresharkNAsƂŁApPbg͂̏܂B͂ł̓Lv`pPbgeNjbNɂĐ܂B
