wire shark

TM HIU CNG C BT GI TIN WIRESHARKMc tiu :Bi hng dn gip sinh vin c th: S dng cng c bt gi tin Wireshark. Nhc li cu trc gi tin mt s giao thc c bn trong mng my tnh

I. Wireshark I.1.Gii thiuWireshark l mt phn mm m ngun m dng bt v phn tch cc gi tin lu thng qua card mng ca my tnh. Phn mm ny c th s dng trn nhiu nn tng khc nhau nh Linux, windows, Mac OS X, Solaris Tn nguyn bn ca phn mm Wireshark l Ethereal, vo thng 5 nm 2006 d n c chuyn tn thnh Wireshark. Phn mm Wireshark gip : Ngi qun tr h thng phn tch v sa cha h thng. Ngi pht trin chng trnh xy dng cc ng dng. Sinh vin tm hiu hot ng ca cc giao thc mng. Cc tnh nng chnh ca Wireshark gm : Bt cc gi tin i qua mt card mng. Lit k mt cch chi tit cc gi tin bt c. Lu tr v m li cc thng tin bt c di dng file. Tin hnh lc cc gi tin bt c di nhiu tiu chun khc nhau. To ra cc biu thng k cc gi tin qua card mng. V nhiu cc tnh nng khc

BM MMT&VT Khoa CNTT Trng H KHTN TPHCM

Trang 1

I.2.Cch ci t1. Gi ci t c th c download ti http://www.wireshark.org. 2. Ci t t file va download v. Trn windows qu trnh ny din ra t ng v gm bc a. Ci t b th vin WinPcap l mt b th vin trn windows cung cp chc nng bt cc gi tin trn card mng. b. Ci t phn mm wireshark s hot ng da trn b th vin ny.

I.3.Cch bt gi tin thng qua mt card mngKhi ng chng trnh Wireshark. Lu rng wireshark khng bt ht cc gi tin ca my m ch bt cc gi tin thng qua mt card mng c chn, nn u tin l ta phi chn card mng mun lng nghe. Chn Menu Capture Interface hay phm tt l Ctr+I :

y lit k tt c cc card mng m my tnh c, ta chn mt card mng mun lng nghe v khi ng qu trnh Capture . Th ping 8.8.8.8 v ta nhn c kt qu bt gi tin nh sau :


Trang 2

Menu Lnh Danh sch cc gi tin Thng tin gi tin theo cu trc ca giao thc Thng tin gi tin dng byte Sau khi thu thp cc d liu cn, ta s dng qu trnh lng nghe ti mt card mng bng cch vo menu Capture Stop

I.4.Lc cc gi tin sau khi CaptureTrong qu trnh lm vic thc t thng c rt nhiu cc loi gi tin khc nhau thng qua card mng m ta kh c th kim sot ht c. Trong khi ta thng ch mun tin hnh thu thp d liu v phn tch mt s loi gi tin nht nh. Chnh v th Wireshark cung cp cho ngi dng kh nng lc cc gi tin theo cc tiu ch c th. Wireshark cung cp cho ngi dng 2 phng php lc gi tin vo 2 thi im khc nhau ca qu trnh bt gi tin. Tuy nhin, do 2 thi im lc gi tin l khcBM MMT&VT Khoa CNTT Trng H KHTN TPHCM

Trang 3

nhau v do 2 thnh phn khc nhau ng ra lc gi tin l WinPCap v chng trnh Wireshark nn ta s thy c s khc nhau trong ngn ng m t ca 2 chc nng ny. Sau y ta s i tm hiu c 2 phng php.

I.4.1. Lc gi tin ngay khi bt:Khi m hp thoi chn card mng, thay v bm Start bt u, ta tin nhn nt Options ty khi ng vic ty chn cho vic bt gi tin.

Hp thoi Capture Options s hin ra :


Trang 4

Hp thoi ny cho php ta ty chnh rt nhiu cc tnh nng trong qu trnh bt gi tin nh chc nng lc cc gi tin, chc nng hin th cc gi, chc nng lu tr cc gi tin v chc nng hn gi tt chng trnh. y chng ta quan tm n chc nng lc cc gi tin bt c. Vic lc cc gi tin bt c s c thc hin theo m t m ngi dng nh vo mc capture Filter. Cc gi tin s c lc theo tiu ch c m t v ch nhng gi tin tha cc tiu ch ny mi c lu li xem xt. Phng php m t cc gi tin : V vic bt cc gi tin phn ny c thc hin di s hi tr b th vin WinPcap, nn ngn ng m t y c s dng l ngn ng m t ca WinPcap. Bn c th tm thy nhiu v d http://wiki.wireshark.org/CaptureFilters . Sau y s trnh by mt cch khi qut phng php m t ny.BM MMT&VT Khoa CNTT Trng H KHTN TPHCM

Trang 5

Cu lnh m t l s kt hp ca nhiu cu lnh m t con v c ni vi nhau bng [and|or], ta c th ph nh cu lnh m t con bng cch t ch not trc n. [not] M T [and|or] [not] M T V d : +Lc cc gi tin Telnet (port 23) t my ch 10.0.0.5 tcp port 23 and host 10.0.0.5

Cc m t thnh phn l mt trong nhng m t sau : [src|dst] host L mt thnh phn cho php bn lc cc gi tin theo a ch IP hay theo tn ca ngun hay ch. Bn c th ch r a ch ngun hay ch bng cch t cc tham s ph u l src|dst . Nu trng ny khng c ch ra, v mc nh cc gi tin c a ch ngun hay ch ph hp iu kin s c nhn. ether [src|dst] host Thnh phn ny cho php bn filter trn a ch Ethernet ca ngun hay ch. Tng t nh thnh phn trn bn c th ch r loi a ch m bn quan tm bng tham s ph l [src|dst]. [src|dst] net [{mask }|{len }] Thnh phn ny cho php bn tin hnh lc cc gi tin theo a ch network ca mt gi tin. Bn c th thm cc thnh phn ph nh src|dst vo nhn mnh rng bn quan tm n a ch ngun hay ch. Nu khng thm trng ny vo th cc gi tin c a ch ngun hoc ch tha yu cu s c lu li. [tcp|udp] [src|dst] port


Trang 6

Cho php bn lc cc gi tin theo TCP v UDP port. Bn c th thm cc tham s src|dst v tcp|udp cho php bn nhn mnh rng quan tm n a ch port ngun hay ch, UDP hay TCP. Ch rng t tcp|udp phi xut hin trc src|dst. Nu cc tham s khng c s dng, gi tin s c la chn trn c 2 giao thc l TCP v UDP khi m a ch v port ca gi tin tha mn iu kin ra. less|greater Thnh phn ny cho php bn lc cc gi tin c chiu di nh hn, hay bng hoc ln hn mt di cho trc. ip|ether proto Thnh phn ny cho php bn lc cc gi tin mt s giao thc nht nh c tng Ethernet hay tng IP. ether|ip broadcast|multicast Cho php bn tin hnh lc cc gi tin c tng Ethernet hay IP vi broadcasts or multicasts. relop Cho php bn to ra mt iu kin lc gi tin phc tp bng cch nhn mnh bng cch ch ra mt byte hay mt khong bytes ca gi tin. Tham kho chi tit ti http://www.tcpdump.org/tcpdump_man.html.

I.4.2. Lc cc gi tin sau khi bt:Wireshark cung cp mt cch lc cc gi tin khc sau khi bt v lu tr n mt cch kh hiu qu v n gin hn. Ngn ng m t y c Wireshark xy dng mt cch n gin hn v th cho php bn c th to ra nhng iu kin lc gi tin chnh xc v hiu qu hn. Bn c th so snh gi tr ca cc trng ca mt gi tin thng qua cc biu thc mt cch trc quan. Bn c th tin hnh lc cc gi tin theo :BM MMT&VT Khoa CNTT Trng H KHTN TPHCM

Trang 7

VD :

Loi giao thc. S xut hin ca mt trng Gi tr ca mt trng V nhiu cc gi tr khc.

Ta tin hnh lc cc gi tin DNS t cc gi tin bt c bng cch nhp ch DNS vo trng Filter ca ca s hin th :

xy dng tt cc miu t lc gi tin bn nn tham kho chi tit ti http://wiki.wireshark.org/DisplayFilters . Sau y s trnh by mt cch s lc cch xy dng biu thc lc gi tin. Phng php m t cc gi tin : Mi trng trong khung thng tin ca Packet m Wireshark th hin u c th s dng trong Filter. V d : nu Filter l tcp th Wireshark s tin hnh lc cc gi tin c trng ny.


Trang 8

Mt bng danh sch y cc trng c th tin hnh lc c th hin Menu Internals Supported Protocals

Tin hnh so snh cc trng : Ta c th tin hnh so snh cc trng ca mt gi tin theo cc gi tr c th. Bn c th s dng t vit tt cho ting anh hay s dng cc php so snh ca ngn ng C th hin vic so snh. Bng cc php so snh c gi tr c lit k bn di:


Trang 9

English eq==

C Bngip.src==10.0.0.5

nh ngha v v d

Khc ne!= ip.src!=10.0.0.5

Ln hn gt> frame.len > 10

B hn lt< frame.len < 128

Ln hn hay bng ge>= frame.len ge 0x100

B hn hay bng le

wire shark

Documents