ḿnt^A@USB|[g̒ʐMLv`
m߁nA.1@Linux}VɂȂUSBfoCXƂ̒ʐMLv`
mn@A.1.1@WiresharkCXg[
mn@A.1.2@USBfoCXȂ
mn@A.1.3@WiresharkNAUSBC^tF[XI
mn@A.1.4@Lv`ʂ̊mF
mn@A.1.5@LinuxŃLv`ɂ
m߁nA.2@WindowsŔFUSBfoCXI/Oj^
mn@A.2.1@VirtualBoxCXg[
mn@A.2.2@[Uǉ
mn@A.2.3@OSċN遡ǂOSHQXgHzXgH
mn@A.2.4@VirtualBoxŔFUSBfoCXȂ
mn@A.2.5@VirtualBoxNAYfoCXVirtualBoxォg悤ɂ
mn@A.2.6@WindowsWiresharkNAΏۂƂȂ|[gIăLv`s
mn@A.2.7@Lv`
mn@A.2.8@gpFvvCG^ȃhCoōsfoCXʐM̊Ď
m߁nA.3@Ql

mLn}A-1@x
mLn}A-2@Lv`\ȃC^tF[Xꗗ
mLn}A-3@USBfoCXƃzXg̊Ԃ̂Ƃ
mLn}A-4@USB̐ݒʁBu+vACRNbNătB^ݒ肷
mLn}A-5@USBfoCXǉꂽݒ
mLn}A-6@2߂̃R}h{^NbN
mLn}A-7@Lv`\ȃC^tF[X
mLn}A-8@Windowssystem32fBNgɂEULA.txt
mLn}A-9@WiresharkŃLv`ʐM

=== ch12_appA.txt
[chap]t^A@USB|[g̒ʐMLv`

[_Author_]{{ vmjNTTf[^

@t^A͓{ŃIWi̋LłBWiresharkpUSBfoCXƃzXgƂ̊ԂōsĂʐMLv`@ɂĉ܂BuWiresharklbg[NpPbgLv`̓c[vƎvĂقƂǂł傤B{łprŎgĂ܂AWiresharkȊO̗prłg邱Ƃ͈ӊOɒmĂ܂B{eł́AuȊOv̗pr1ƂāAWiresharkɂUSB|[g̒ʐMLv`܂BOS́AUbuntu 11.10 Desktopg܂B

[sec]A.1@Linux}VɂȂUSBfoCXƂ̒ʐMLv`
@Wiresharkł́ALinuxJ[l[_Fc_]usbmon[_/Fc_]LɂȂĂꍇɁAYJ[l삵ĂRs[^USB|[gɂȂꂽfoCXI/OLv`\łB[_Fc_]usbmon[_/Fc_]́AUbuntu̕WJ[lł͗LɂȂĂ܂ÃvbgtH[łLɂȂĂ΁Al̎菇ŃLv`\ɂȂ邱Ƃ܂BHH
@Lv`ΏۂƂȂUSBfoCX́A肪eՂUSBiUSB Mass Storage Devicejg܂B

[subsec]A.1.1@WiresharkCXg[
@UbuntuɕʂWiresharkCXg[܂BŕKvȃ\tgEFAł܂B

[subsec]A.1.2@USBfoCXȂ
@USBƂ̊ԂI/OLv`܂B܂[_Fc_]lsusb[_/Fc_]R}hsāAfoCX̔F󋵂mF܂B̊ł͈ȉłA{I[_Fc_]Bus 001[_/Fc_]̉USBfoCXԂ炳`ɂȂ܂B

[list--]wakatono@packman:~$ [_Fcb_]lsusb[_/Fcb_]
[list--]Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
[list--]Bus 002 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
[list--]Bus 005 Device 002: ID 0483:2016 SGS Thomson Microelectronics Fingerprint Reader
[list--]Bus 001 Device 011: ID 0718:0638 Imation Corp. 

@USBfoCXȂƂǂBusɐڑ̂A炩ߒׂĔcĂĂB

[subsec]A.1.3@WiresharkNAUSBC^tF[XI
@rootWiresharkN܂Bx\邩܂񂪁i[_Fb_]}A-1[_/Fb_]figA-01_warning.pngjACɂN܂傤BWireshark̃EBhE̍̕ɕ\ĂmInterface Listn΁ALv`\ȃC^tF[XoXȂǂ킩܂i[_Fb_]}A-2[_/Fb_]figA-02_device_list.pngjBLv`Ώۂ̃foCXڑĂoXNbN܂B̏ꍇ́uUSB bus number 1vłB

{_GRAPHIC_} figA-01_warning.png遙
[_CAPTION_F_]}A-1@x

{_GRAPHIC_} figA-02_device_list.png遙
[_CAPTION_F_]}A-2@Lv`\ȃC^tF[Xꗗ

[subsec]A.1.4@Lv`ʂ̊mF
@WiresharkNALv`JnAUSBւ̃f[^̃Rs[AWiresharkł̃Lv`~ăLv`f[^t@Cɏo܂BLv`t@CJ΁AUSBfoCXƃzXg̊ԂI/OiR}hށjmFł܂i[_Fb_]}A-3[_/Fb_]figA-03_cap_lin.pngjBAĂ̂ƂAt@CVXe̊Ǘf[^ƃR}ĥƂ͊mFł̂́AzXgƃfoCX̊ԂłƂ肳ꂽۂ̃Rs[f[^̓Lv`t@Cɂ͊܂܂܂B

{_GRAPHIC_} figA-03_cap_lin.png遙
[_CAPTION_F_]}A-3@USBfoCXƃzXg̊Ԃ̂Ƃ

[subsec]A.1.5@LinuxŃLv`ɂ
@USBʐM̃Lv`@\́AWireshark̋@\Ƃ́AWiresharkpĂ郉Cu[_Fc_]libpcap[_/Fc_]̋@\łB܂A[_Fc_]libpcap[_/Fc_]̃o[WɂĂUSBLv`̂߂̃pb`KvȂƂ܂B̂߁Aȉ̏𖞂Kv܂B

1.[_Fc_]usbmon[_/Fc_]LɂȂLinuxJ[lp
2.USBLv`̂߂̃pb`Kpꂽ[_Fc_]libpcap[_/Fc_]
3.L2ŗpӂ[_Fc_]libpcap[_/Fc_]pWireshark

@Ubuntu 11.10 DesktoṕAL̏WJ[l{WpbP[WŖĂ܂B

[sec]A.2@WindowsŔFUSBfoCXI/Oj^
@WindowsłWiresharkł́AUSBfoCXI/O𒼐ڃj^邱Ƃ͂ł܂BAWindowsŔFUSBfoCXI/Oj^@͂܂B

VirtualBoxWindowsNAΏۂUSBfoCXȂ
VirtualBoxWindowsɂȂꂽUSBfoCXUSB|[gALinuxUSBfoCXI/OLv`̂Ɠ@Ŏ擾

@̏ꍇAVirtualBoxŕIUSBfoCXFł悤ɂKv܂Bȍ~ł́AUSBfoCXVirtualBoxŔFł悤ɂAFꂽoXI/OLinuxŃLv`Ă݂܂傤B
@gp͑O߂ƓłBVirtualBoxɃCXg[QXgOSWindows XP SP3AfoCX͍USBgp܂B

[subsec]A.2.1@VirtualBoxCXg[
@UbuntũpbP[W}l[WɔCăCXg[܂B

[subsec]A.2.2@[Uǉ
@Linux̃O[vɁAVirtualBox𓮍삳郆[Uǉ܂BȂƁAUSB|[gɂȂꂽfoCXF邱Ƃł܂B[_Fc_]/etc/group[_/Fc_]ҏWāAO[vivboxusersjɃ[Uiwakatonojǉ܂B

[list--]vboxusers:x:125:wakatono

[subsec]A.2.3@OSċN遡ǂOSHQXgHzXgH
@OSUċNāA[U̕ύX𔽉f܂B

[subsec]A.2.4@VirtualBoxŔFUSBfoCXȂ
@USBfoCXȂĂBAUSB}Ǝ}EgĂ܂̂ŁAÔUSB̃}EgĂ܂Bȉ̗ł́A[_Fc_]umount /dev/sdb1[_/Fc_]R}hsĂ܂i[_Fc_]/dev/sdb1[_/Fc_]USBjB

[list--]root@packman:~# [_Fcb_]mount[_/Fcb_]
[list--]/dev/sda1 on / type ext4 (rw,errors=remount-ro,commit=600)
[list--]proc on /proc type proc (rw,noexec,nosuid,nodev)
[list--]sysfs on /sys type sysfs (rw,noexec,nosuid,nodev)
[list--]fusectl on /sys/fs/fuse/connections type fusectl (rw)
[list--]none on /sys/kernel/debug type debugfs (rw)
[list--]none on /sys/kernel/security type securityfs (rw)
[list--]udev on /dev type devtmpfs (rw,mode=0755)
[list--]devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620)
[list--]tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755)
[list--]none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880)
[list--]none on /run/shm type tmpfs (rw,nosuid,nodev)
[list--]binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc (rw,noexec,nosuid,nodev)
[list--]gvfs-fuse-daemon on /home/wakatono/.gvfs type fuse.gvfs-fuse-daemon (rw,nosuid,nodev,user=wakatono)
[list--]/dev/sdb1 on /media/5017-E8DB type vfat (rw,nosuid,nodev,uid=1000,gid=1000,shortname=mixed,dmask=0077,utf8=1,showexec,flush,uhelper=udisks)

[subsec]A.2.5@VirtualBoxNAYfoCXVirtualBoxォg悤ɂ
@VirtualBoxN܂BǗĂOS̊eOracle VM VirtualBox}l[Wɕ\̂ŁAuUSBvIăfoCXtB^쐬܂BUSB̐ݒʂŁAu+vACRNbNătB^ݒ肵Ăi[_Fb_]}A-4[_/Fb_]figA-04_vbox_filter.pngjBUSBȂĂ΁AfoCX\̂Ń`FbNĂi[_Fb_]}A-5[_/Fb_]figA-05_vbox_filter2.pngjB

{_GRAPHIC_} figA-04_vbox_filter.png遙
[_CAPTION_F_]}A-4@USB̐ݒʁBu+vACRNbNătB^ݒ肷

{_GRAPHIC_} figA-05_vbox_filter2.png遙
[_CAPTION_F_]}A-5@USBfoCXǉꂽݒ

[subsec]A.2.6@WindowsWiresharkNAΏۂƂȂ|[gIăLv`s
@WindowsNȊÓAO߂ƂقƂǓłBWireshark̃EBhEō2߂̃R}h{^NbNi[_Fb_]}A-6[_/Fb_]figA-06_select_if.pngjALv`\ȃC^tF[Xi[_Fb_]}A-7[_/Fb_]figA-07_select_if2.pngj\ALv`Ώۂ̃foCXꗗIĂBUSBfoCXڑĂoX́uusbmon1 USB bus number 1vłB

{_GRAPHIC_} figA-06_select_if.png遙
[_CAPTION_F_]}A-6@2߂̃R}h{^NbN

{_GRAPHIC_} figA-07_select_if2.png遙
[_CAPTION_F_]}A-7@Lv`\ȃC^tF[X

@̌AVirtualBoxœĂWindowsUSBɃt@CRs[܂BWindowsEULA.txti[_Fc_]C:\Windows\system32\EULA.txt[_/Fc_]jUSBɃRs[Ă݂܂i[_Fb_]}A-8[_/Fb_]figA-08_select_file.pngjB

{_GRAPHIC_} figA-08_select_file.png遙
[_CAPTION_F_]}A-8@Windowssystem32fBNgɂEULA.txt

[subsec]A.2.7@Lv`
@[_Fb_]}A-9[_/Fb_]figA-09_win_cap.pngɁAWiresharkł̊mFʂ܂B[_Fc_]EULA.txt[_/Fc_]ɂ͓{ꂪ܂܂Ă̂ŕ\Ȃ܂AUSBɑf[^擾łĂ邱Ƃ킩܂B

{_GRAPHIC_} figA-09_win_cap.png遙
[_CAPTION_F_]}A-9@WiresharkŃLv`ʐM

[subsec]A.2.8@gpFvvCG^ȃhCoōsfoCXʐM̊Ď
@ɂČ茩Ȃ肷͂܂A炩̒ʐMsĂ邱Ƃ͊mFł܂Bz}VƂ͂WindowsUSBʐMǐՂ邱ƂłƂ̂͗LpłBvvCG^ł낤ƂȂ낤ƁAKvƂȂǂ̂悤ȃf[^hCoƃfoCX̊ԂłƂ肳邩mFł̂łB
@{ełUSBoX𗬂̃Lv`@ɂĉAǂ̂悤ȃf[^擾ł̂Ƃ̂Ꭶ܂BAł̂͂܂ňɂ܂Bǂ̂悤ȃfoCX͓ǎҎłB

[sec]A.3@Ql
[term1]CaptureSetup/USB - The Wireshark Wiki
[term2]http://wiki.wireshark.org/CaptureSetup/USB

=== EOF
