xay dung chuong trinh chan bat goi tin

7/22/2019 Xay Dung Chuong Trinh Chan Bat Goi Tin

1/81


2/81

LI M U Ngy nay, mng my tnh tr nn quen thuc vi mi ngi trong x

hi. Cng vi s pht trin ca cng ngh thng tin v nhu cu ca conngi, mng my tnh cng cng ngy cng m rng v tr thnh mt phnkhng th thiu ca i sng.Tuy nhin, cng vi s pht trin ca mng my tnh, rt nhiu vn liquan cng c t ra i vi ngi s dng nh li ng truyn, virus, stn cng ca hacker.... gp phn gii quyt nhng vn ny th vic kisot lng thng tin vo ra mang mt ngha kh quan trng. Chnh v vy

em la chn thc hin n tt nghip l Xy dng chng trnh kim sot lu lng thng tin trao i qua h thng mng nhm mc ch cung cpmt cng c hu ch cho vic kim sot v hc tp v mng my tnh.Trong thi gian thc tp em xin chn thnh cm n cc thy c gio trongkhoa Cng ngh thng tin trng i hc Hng Hi Vit Nam cng cc bntrong tp th lp CNT46-H v c bit thy Ng Quc Vinh gip em

trong qu trnh thc hin n ny.

Hi Phng thng 12 nm 2009Sinh vin:Trn Ngc Vit

Trn Ngc Vit CNT46 H2


3/81

Chng I. C s l thuyt mng my tnh

CHNG I. C S L THUYT MNG MY TNH

xy dng mt chng trnh qun l, thng k, kim sot lu lng thngtin, ta cn thc hin chn bt cc gi tin vo ra h thng mng cng nh phn tchcc gi tin thu c. (Packet Capture v Packet Analysis). Chng trnh nh vythng c gi l Sniffer (Packet Analyzer). xy dng c sniffer, ta cn cc hiu bit c bn v mng my tnh v cc giao thc lin quan. Trong phm vca ti s c thc hin trn h iu hnh Window v s dng b giao thTCP/IP Ethernet nn trong phn ny s trnh by nhng vn c bn nht ca

mng Ethernet.1 Tng Quan H Thng Mng TCP/IP Ethernet1.1 Khi nim mng my tnhT nhng nm 1960 xut hin cc mng ni cc my tnh v cc Terminal sdng chung ngun ti nguyn, gim chi ph khi mun thng tin trao i s liu vs dng trong cng tc vn phng mt cch tin li.Vi vic tng nhanh cc my tnh mini v cc my tnh c nhn lm tng yu cutruyn s liu gi cc my tnh, gia cc terminal, v gia cc terminal vi mytnh l mt trong nhng ng lc thc y s ra i v pht trin ngy cng mnhm cc mng my tnh.Qu trnh hnh thnh mng my tnh c th tm tt qua ccgiai on sau:Giai on cc terminal ni trc tip vi my tnh:y l giai on u tin ca mng my tnh, tn dng cng sut ca my tnh

ngi ta ghp ni cc terminal vo mt my tnh c gi l cc my tnh trungtm.Giai on cc b tin x l (Prontal) giai on 1 my tnh trung tm qun l truyn tin ti cc terminal, giai on 2my tnh trung tm qun l truyn tin ti cc b tp trung qua cc b ghp ni iukhin ng truyn. Ta c th thay th b ghp ni ng truyn bng cc my tnnini gi l prontal, chnh l b tin x l.

Giai on mng my tnh:

Trn Ngc Vit CNT46 H 3


4/81


Vo nhng nm 1970 ngi ta bt u xy dng mng truyn thng trong ccthnh phn chnh ca n l cc nt mng gi l b chuyn mch dng hngthng tin ti ch.

Cc mng c ni vi nhau bng ng truyn cn cc my tnh x l thng tinca ngi dng hoc cc trm cui c ni trc tip vo cc nt mng khi cth trao i thng tin qua mng. Cc nt mng thng l my tnh nn ng thing vai tr ca ngi s dng.Chc nng ca nt mng:

Qun l truyn tin, qun l mng

Nh vy cc my tnh ghp ni vi nhau hnh thnh mng my tnh, y ta thymng truyn thng cng ghp ni cc my tnh vi nhau nn khi nim mng matnh v mng truyn thng c th khng phn bit.Vic hnh thnh mng my tnh nhm t cc mc ch sau:

Tn dng v lm tng gi tr ca ti nguyn

Chinh phc khong cch

Tng cht lng v hiu qu khai thc v x l thng tin

Tng tin cy ca h thng nh kh nng thay th khi xy ra s c i v

mt my tnh no .

Nh vy: Mng my tnh l tp hp cc my tnh c ghp vi nhau bi ccng truyn vt l theo mt kin trc no .

1.2 Kin trc phn tng gim phc tp trong thit k v ci t mng, cc mng my tnh c chc thit k theo kiu phn tng (layering). Trong h thng thnh phn ca mnc t chc thnh mt cu trc a tng, mi tng c xy dng trn tng tr; mi tng s cung cp mt s dch v cho tng cao hn. S lng cc tng cnnh chc nng ca mi tng l tu thuc vo nh thit k. V d cu trc phn tnca mng SNA ca IBM, mng DECnet ca Digital, mng ARPANET. .. l c s

khc nhau. Nguyn tc cu trc ca mng phn tng l: mi h thng trong mt



5/81


mng u c cu trc phn tng (S lng tng, chc nng ca mi tng l nhnhau). Mc ch ca mi tng l cung cp mt s dch v nht nh cho tng cahn.

Tng i ca h thng A s hi thoi vi tng i ca h thng B, cc quy tc v quy dng trong hi thoi gi l giao thc mc IGia hai tng k nhau tn ti mt giao din (interface) xc nh cc thao tc nguynthu ca tng di cung cp ln tng trn.Trong thc t d liu khng truyn trc tip t tng i ca h thng ny sang tngca h thng khc ( tr tng thp nht trc tip s dng ng truyn vt l truyn cc xu bt (0.1) t h thng ny sang h thng khc ).D liu c truyn t

h thng gi (sender) sang h thng nhn (receiver) bng ng truyn vt l v cnh vy d liu li i ngc ln cc tng trn. Nh vy khi hai h thng lin kt vnhau, ch tng thp nht mi c lin kt vt l cn tng cao hn ch c lin klogic (lin kt o ) c a vo hnh thc ho cc hot ng ca mng thutin cho vic thit k v ci t cc phn mm truyn thng. Nh vy vichng trnh cho tng N, phi bit tng N+1 cn g v tng N -1 c th lm c g



6/81


Minh ha kin trc phn tng tng qut Nguyn tc xy dng kin trc phn tng nh sau:

n gin cn hn ch s lng cc tng.

To ranh gii cc tng sao cho cc tng tc v m t cc dch v l ti

thiu.

Chia cc tng sao cho cc chc nng khc nhau c tch bit vi nhau, v

cc tng s dng cc loi cng ngh khc nhau cng c tch bit.

Cc chc nng ging nhau c t vo cng mt tng.

Chn ranh gii cc tng theo kinh nghim c chng t l thnh cng.

Cc chc nng c nh v sao cho c th thit k li tng m nh hng t

nht n cc tng k n.

To ranh gii gia cc tng sao cho c th chun ha giao din tng ng.

To mt tng khi d liu c x l mt cch khc bit.

Cho php thay i chc nng hoc giao thc trong mt tng khng lm nh

hng n cc tng khc.

Mi tng ch c cc ranh gii (giao din) vi cc tng k trn v k di n.

C th chia mt tng thnh cc tng con khi cn thit.

To tng con cho php giao din vi cc tng k cn.

Cho php hy b cc tng con nu thy khng cn thit.

1.3 M hnh OSI1.3.1 Khi nimDo cc nh thit k t do la chn kin trc mng ring ca mnh. T dn

tnh trng khng tng thch gia cc mng v: Phng php truy nhp ngtruyn khc nhau, h giao thc khc nhau. ..s khng tng thch lm tr ngi



7/81


cho qu trnh tng tc gia ngi dng cc mng khc nhau. Nhu cu trao ithng tin cng ln th tr ngi cng khng th chp nhn c vi ngi sdng. Vi l do t chc chun ho quc t ISO thnh lp mt tiu ban nhm

xy dng mt khung chun v kin trc mng lm cn c cho cc nh thit k vch to cc sn phm mng. Kt qu l nm 1984 ISO a ra m hnh thamchiu cho vic kt ni cc h thng m ( Reference Model for Open System Inter -connection) hay gn hn l OSI Reference model. M hnh ny c dng lm c s kt ni cc h thng m.

M hnh OSI

1.3.2 Mc ch

M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tngcp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng dn, ng thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thngci t cc giao thc bao gm mt chui cc tng ni trn c gi l "chng giaothc" (protocol stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t hp ca c hai. Thng thng th ch c nhng tng thp hl c ci t trong phn cng, cn nhng tng khc c ci t trong phn mm



8/81


M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tntrng mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cctng cp, tc qui nh c t v phng php cc tng lin lc vi nhau. iu n

c ngha l cho d cc tng cp c son tho v thit k bi cc nh sn xuhoc cng ty, khc nhau nhng khi c lp rp li, chng s lm vic mt cchdung ha (vi gi thit l cc c t c thu o mt cch ng nThng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tt nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi lcn c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cgiao dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn

n, trong tnh nng ca nhiu tng c gp li lm mt.Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nngv hot ng ca cc chng giao thc d dng hn, t to iu kin cho vithit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thhnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v catng ngay di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trongm hnh OSI, thng c gi l mt "chng giao thc".

1.4 Phng thc hot ng mi tng m hnh trong tng ISO, c hai phng thc hot ng chnh c pdng l: phng thc hot ng c lin kt (connection-oriented) v khng clin kt (connectionless).Vi phng thc c lin kt, trc khi truyn d liu cn thit phi thit lp mlin kt logic gia cc thc th cng tng. Cn vi phng thc khng lin kt th

khng cn lp lin kt logic v mi n v d liu c truyn l c lp vi cn v d liu trc hoc sau n.1.4.1 C kt ni (Connection Oriented)Vi phng thc c kt ni, qu trnh truyn d liu phi tri qua ba giai on theth t thi gian.

Thit lp kt ni: hai thc th ng mc hai h thng thng lng v

nhau v tp cc tham s s c s dng trong giai on sau.



9/81


Truyn d liu: d liu c truyn vi cc c ch kim sot v qun l.

Hu b kt ni (logic): gii phng cc ti nguyn h thng cp pht cho

lin kt dng cho cc lin kt khc.

Tng ng vi ba giai on trao i, ba th tc c bn c s dng, chng hn vi tng N c: N-CONNECT ( thit lp lin kt ), N-DATA(Truyn d liu ), v N-DISCONNECT (Hu b kt ni). Ngoi ra cn mt s th tc ph c s dntu theo c im, chc nng ca mi tng. V d:

Th tc N-RESTART c s dng khi ng li h thng tng 3

Th tc T-EXPEDITED DATA cho vic truyn d liu nhanh tng 4

Th tc S-TOKEN GIVE chuyn iu khin tng 5. ..

Mi th tc trn s dng cc hm nguyn thu (Request, Indication, Response,Confirm) cu thnh cc hm c bn ca giao thc ISO.1.4.2 Khng kt ni (Connectionless)i vi phng thc khng kt ni th ch c duy nht mt giai on l: truynd liu.So snh hai phng thc hot ng trn chng ta thy rng phng thc hot nc kt ni cho php truyn d liu tin cy, do c c ch kim sot v qun lcht ch tng kt ni logic. Nhng mt khc n phc tp v kh ci t. Ngc l phng thc khng kt ni cho php cc PDU (Protocol Data Unit) c truyntheo nhiu ng khc nhau i n ch, thch nghi vi s thay i trng thi ca

mng, song li tr gi bi s kh khn gp phi khi tp hp cc PDU di chuyti ngi s dng.Hai tng k nhau c th khng nht thit phi s dng cng mt phng thc hong m c th dng hai phng thc khc nhau.1.5 B giao thc TCP/IPM hnh OSI l m hnh tham chiu c t chc ISO xy dng nhm to mtchun phc v vic ni kt cc h thng m. Tuy nhin, do nhiu l do khc nha

m OSI khng c s dng trong thc t m thay vo c s dng rng ri



10/81


nht l m hnh kin trc mng (b giao thc) TCP/IP. Hu nh tt c cc h ihnh hin ti u c ci t b giao thc TCP/IP. Trong phn ny s gii thiu slc v m hnh TCP/IP.

1.5.1 Khi nimB giao thc TCP/IP, ngn gn l TCP/IP (ting Anh: Internet protocol suite hoc IPsuite hoc TCP/IP protocol suite - b giao thc lin mng), l mt b cc giao thctruyn thng ci t chng giao thc m Internet v hu ht cc mng my tnhthng mi ang chy trn . B giao thc ny c t tn theo hai giao thcchnh ca n l TCP (Giao thc iu khin Giao vn) v IP (Giao thc Lin mng)Chng cng l hai giao thc u tin c nh ngha.

Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hcc tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn dliu, v cung cp cho cc giao thc tng cp trn mt dch v c nh ngha rrng da trn vic s dng cc dch v ca cc tng thp hn. V mt lgic, ctng trn gn vi ngi dng hn v lm vic vi d liu tru tng hn, chnda vo cc giao thc tng cp di bin i d liu thnh cc dng m cucng c th c truyn i mt cch vt l.1.5.2 Mc ch v ngun gcGiao tip thng tin tr thnh nhu cu khng th thiu trong tt c mi lnh vchot ng. Mng my tnh tnh ra i phn no p ng c nhu cu . Phmvi lc u ca cc mng b hn ch trong mt nhm lm vic, mt c quan, cngty... trong mt khu vc. Tuy nhin thc t ca ca nhng nhu cu cn trao i thngtin trong nhiu lnh vc khc nhau, v nhiu ch khc nhau, gia cc t chc,

cc c quan. ..l khng c gii hn. V vy nhu cu cn kt ni cc mng khc nhauca cc t chc khc nhau trao i thng tin l thc s cn thit. Nhng thkhng may l hu ht cc mng ca cc cng ty, cc c quan... u l cc thc thc lp, c thit lp phc v nhu cu trao i thng tin ca bn thn cc chc . Cc mng ny c th c xy dng t nhng k thut phn cng khcnhau ph hp vi nhng vn giao tip thng tin ca ring h. iu ny chnl mt cn tr cho vic xy dng mt mng chung, bi v s khng c mt k thu phn cng ring no p ng cho vic xy dng mt mng chung tho mn nhu



11/81


cu ngi s dng. Ngi s dng cn mt mng tc cao ni cc my, nhnhng mng nh vy khng th c m rng trn nhng khong cch ln. Nhucu v mt k thut mi m c th kt ni c nhiu mng vt l c cu trc kh

hn nhau l tht s cn thit. Nhn thc c iu , trong qu trnh pht trinmng ARPANET ca mnh, t chc ARPA ( Advanced Research Projects Agency) tp trung nghin cu nhm a ra mt k thut tho mn nhng yu cu trn. Kthut ARPA bao gm mt thit lp ca cc chun mng xc nh r nhng chi tica vic lm th no cc my tnh c th truyn thng vi nhau cng nh mt sthit lp cc quy c cho kt ni mng, lu thng v chn ng. K thut pht trin y v c a ra vi tn gi chnh xc l TCP/IP Iternet Protocol

Suit v thng c gi tt l TCP/IP. Dng TCT/IP ngi ta c th kt ni c tc cc mng bn trong cng ty ca h hoc c th kt ni gia cc mng ca ccng ty, cc t chc khc nhau vi nhau.B giao thc TCP/IP gm nhiu giao thc c phn lm 4 tng nh sau:

Cc tng trong b giao thc TCP/IP

1.5.3 c im L b giao thc chun m v sn c, v: n khng thuc s hu ca bt c

mt t chc no; cc c t th sn c v rng ri. V vy bt k ai cng cth xy dng phn mm truyn thng qua mng my tnh da trn n.



12/81


TCP/IP c lp vi phn cng mng vt l, iu ny cho php TCP/IP c th

c dng kt ni nhiu loi mng c kin trc vt l khc nhau nhEthernet, Tokenring, FDDI, X25, ATM...(Trong phm vi ti ta ch xt ti

Ethernet). TCP/IP dng a ch IP nh danh cc host trn mng to ra mt mng o

thng nht khi kt ni mng.

Cc giao thc lp cao c chun ho thch hp v sn c vi ngi dng.

1.6 So snh TCP/IP v OSI

Do nhiu nguyn nhn nh lch s, chi ph nn b giao thc TCP/IP c sdng rt lu trc khi m hnh OSI ra i. Cng do vy nn m hnh OSI khngc s dung rng ri trong thc t m l m hnh hc thut dng so snh vim hnh thc t l TCP/IP. Hai ci c lin quan t nhiu, song khng phi l honton ging nhau. im khc bit u tin d thy nht l s lng ca cc tng cTrong khi b giao thc TCP/IP c 4 (hoc 5 tng) th m hnh OSI c ti 7 tng vis khc bit l 2 tng mi: tng phin v tng trnh din. Nhiu so snh gp 2tng ny vo tng ng dng trong b giao thc TCP/IP. Hnh v sau y so snh cctng tng ng ln nhau gia OSI v TCP/IP:



13/81


Tng ng cc tng gia TCP/IP v OSI Trong khi m hnh OSI nhn mnh tin cy c cung cp trong dch v

chuyn d liu th i vi TCP/IP coi tin cy nm trong vn end to

end. Trong m hnh OSI tt c mi tng u c pht hin v kim tra li, tng

giao vn ch lm nhim v kim tra tin cy ca source to destination.Cn i vi b giao thc TCP/IP tng giao vn lm mi nhim v kim tra pht hin v sa li.

M hnh OSI c xy dng trc khi cc giao thc ca n c xy dng,

do vy n c tnh tng qut cao v c th c dng m t cc m hnhkhc. Ngc li, b giao thc TCP/IP ch l mt m hnh nhm v miu tnhng giao thc sn c trong thc t. V vy b giao thc TCP/IP c sdng rng ri trong thc t trong khi m hnh OSI li ph hp vi mc chhc tp v ging dy.

2 B giao thc TCP/IP Cc giao thc v khun dng d liu chnh2.1 Cu trc phn tng ca TCP/IP Nh ta ni phn trn, TCP/IP l m hnh m kt ni mng, Do vy, n cnc thit k theo kin trc phn tng tng t nh m hnh OSI. B giao thTCP/IP c thit k gm 4 tng c m t theo hnh di:



14/81


B giao thc TCP/IP2.2 ng gi d liu trong TCP/IP

B giao thc TCP/IP dng s ng gi d liu nhm tru tng ha cc giao thcv dch v, ni cch khc l cc giao thc tng cao hn s dng cc giao thc tng thp hn nhm t c mc ch ca mnh bng cch ng gi d liu ginnh v d trong hnh sau:

Nhng tng trn nh gn vi ngi s dng hn, nhng tng thp nht gn vthit b truyn thng hn. Trong mi tng l mt nhm nhiu giao thc, trong c

mt giao thc phc v tng trn ca n v mt giao thc s dng dch v c



15/81


tng di ca n (ngoi tr tng nh v tng y). Bng sau lit k mt s giathc ca cc tng:

Tng Giao Thc

ApplicationDNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC, NNTP,POP3, SIP, SMTP,SMPP, SNMP, SSH, Telnet, Echo, RTP,PNRP, rlogin, ENRP

Transport TCP, UDP, DCCP, SCTP, IL, RUDP, RSVPInternet IP (IPv4, IPv6), ICMP, IGMP, ICMPv6Link ARP, RARP, OSPF (IPv4/IPv6), IS-IS, NDP

Mt s giao thc trn cc tng ca TCP/IP2.3 S lc chc nng cc tng2.3.1 Tng ng dng (Application Layer)y l tng cao nht trong cu trc phn lp ca TCP/IP. Tng ny bao gm tt ccc chung trnh ng dng s dng cc dch v sn c thng qua mt chng giaothc TCP/IP. Cc chng trnh ng dng tng tc vi mt trong cc giao thc catng giao vn truyn hoc nhn d liu. Mi chng trnh ng dng la chmt kiu giao thc thch hp cho cng vic ca n. Chng trnh ng dng chuy

d liu theo mu m tng giao vn yu cu.2.3.2 Tng giao vn (Transport Layer) Nhim v trc tin ca tng giao vn l cung cp s giao tip thng tin gia cchng trnh ng dng. Mi s giao tip c gi l end-to-end. Tng giao vncng c th iu chnh lu lng lung thng tin. N cng cung cp mt s vnchuyn tin cy, m bo rng d liu n m khng b li. lm nh vy, phmm giao thc h tr bn nhn c th gi li cc thng bo xc nhn v vic th

d liu v bn gi c th truyn li cc gi tin b mt hoc b li. Phn mm giathc chia dng d liu ra thnh nhng n v d liu nh hn (thng c gi lcc Packets) v chuyn mi packet cng vi a ch ch ti tng tip theo tiptc qu trnh truyn dn.2.3.3 Tng Internet (Internet Layer)Tng mng x l giao tip thng tin t mt my ny ti mt my khc. N chpnhn mt yu cu gi mt gi t t tng giao vn cng vi mt nh danh cmy ch m gi tin s c gi ti. V d vi giao thc TCP hay UDP ca tng



16/81


giao vn, n s bc gi tin trong mt IP Datagram, in y vo trong phn headers dng gii thut chn ng quyt nh l giao pht gi tin trc tip hay l gn ti mt Router, v chuyn datagram ti giao din phi ghp mng thch hp cho

vic truyn dn.tng mng cng x l cc Datagram n, kim tra tnh hp l cchng, v s dng gii thut chn ng quyt nh l datagram s c x lcc b hay l s c chuyn i tip. i vi cc datagrams c a ch ch cc bth phn mm tng mng s xo phn header ca cc datagram , v chn trong scc giao thc tng giao vn mt giao thc thch hp x l packet.2.3.4 Tng lin kt (Link Layer)L tng thp nht ca b giao thc TCP/IP, chu trch nhim v vic chp nhn c

datagram ca tng trn (v d IP datagram) v vic truyn pht chng trn mtmng xc nh. Theo quan im hin nay m hnh TCP/IP khng cn bao gm ccc t vt l, ni cch khc tng lin kt cng khng cn bao gm vn v phcng hay vic truyn tn hiu vt l na.2.4 Cc giao thc chnh v khun dng d liu tng ngTrong phn ny ta s xem xt cc giao thc cng nh khun dng d liu chnh ca

b giao thc TCP/IP. d phn bit ta s xem xt i vi tng tng ca TCP/Itheo th t t di ln trn.2.4.1 Ethernet L giao thc nm trong tng lin kt hay l mt chun cng ngh dnh cho mngcc b (LAN) c quy nh trong IEEE 802.3. N l mt giao thc nm trong tnglin kt ca b giao thc TCP/IP hay tng ng l tng lin kt d liu trong mhnh OSI. Hin nay n ang c s dng rt rng ri so vi cc giao thc khc

nh FDDI, Token RingEthernet c dng gi nhng khi d liu gia imngun v im ch c xc nh da vo a ch MAC (Media Access Control).c im ca giao thc EthernetCu trc ca mt n v d liu trong giao thc Ethernet (gi l Ethernet frame) ccu trc nh sau: (n v tnh theo byte).

PRE SOF DA SA Length/Type Data Payload FCS7 1 6 6 2 46-1500 4

Ethernet frame



17/81


Header

o Preamble (PRE): Phn m u gm 7 byte v khng c tnh

vo kch thc ca Ethernet. Tt c cc byte trong phn m

u ny u c gi tr 10101010 v n c dng ng bng h gia ni nhn v gi frame.

o SOF (Start frame delimiter) gm 1 byte v khng c tnh

vo kch thc ca Ethernet. Byte ny c gi tr 101010111 vc s dng nh du bt u ca mt frame. i vinhng h thng Ethernet hin nay hot ng tc 100

Mbps hoc 1000Mbps khng cn cn ti PRE v SOF.

o DA (Destination Address) c di 6 byte l a ch ni MAC

ca Ethernet card ni n. ch hot ng bnh thngEthernet ch tip nhn nhng frame c a ch ni n trngvi a ch (duy nht) ca n hoc a ch ni n th hin mtthng ip qung b. Tuy nhin hu ht cc Ethernet card hin

nay u c th c t ch a hn tp (promiscuousmode) v khi n s nhn tt c cc frame xut hin trongmng LAN.

o SA (Source Addresss) c di 6 byte l a ch MAC ca card

ngun.

o Length/Type ( di/Loi) 2 byte ch ra di (i vi IEEE

802.3 MAC frame) v loi ca Ethernet frame ch giao thcca tng cao hn (i vi DIX Ethernet.(DEC- Intel Xerox) ph bin hn). V d nh vi DIX Ethernet frame c giaothc tng trn l IP th 2 byte ny s c gi tr l 0800h v ARPl 0806h.

Data Payload: Phn thng tin d liu c di t 46 ti 1500 byte.

Trailer (FCS - Frame Check Sequence): 32 bit sa li CRC.



18/81


Ethernet s dng phng thc truy nhp ng truyn CSMA/CD, do vy nhngframe li do xy ra xung t (collision) trn ng truyn l khng th trnh khi.Tuy nhin, nu nh t l nhng frame li vt qu mt mc no (v d nh 1%

tng s frame) c ngha l h thng mng c vn . Nhng Ethernet frame li bao gm:

Frame c ln nh hn 64 byte. (normal collision xy ra kh ph bin).

Frame c ln ln hn 1518 byte.

Frame c ln ph hp nhng c phn CRC b sai lch (late collision nu

c nhiu frame dng ny tc l h thng mng ang gp vn nghimtrng).

2.4.2 ARP (address resolution protocol)Giao thc phn gii a ch ARP l phng php tm a ch tng lin kt (hay ach vt l) khi bit a ch tng Internet (IP) hoc mt vi kiu a ch tng mngkhc. ARP c s dung khng ch chuyn i a ch i vi IP v Ethernet mn c ci t lm vic vi nhiu loi a ch ca cc tng cc loi mng khnhau. Tuy nhin, do s ph bin ca IPv4 v Ethernet nn ARP ch yu c dng chuyn i t a ch IP thnh a ch MAC. N cng c s dng i vi IPda trn cc cng ngh LAN khc Ethernet nh FDDI, Token Ring, IEEE 802.11hay ATM.Trong thc t, khi truyn thng vi my ch thay v truy vn a ch vt l ca mych, giao thc ARP s s dng b m ARP (ARP cache). B m lu tr cc ch IP gn nht c phn gii. Nu a ch MAC ca a ch IP ch c tmthy trong b m th a ch ny s c s dng truyn thng.Cu trc ca mt n v d liu giao thc ARP nh sau:

Bitoffset 0 7 8 15 16 32

0 Hardware type (HTYPE) Protocol type (PTYPE)32 Hardware length (HLEN) Protocol length(PLEN)

Operation(OPER)

64 Sender hardware address (SHA)

96 Sender hardware address (SHA) Sender protocol address (SPA)128 Sender protocol address (SPA) Target hardware address (THA)



19/81


160 Target hardware address (THA)192 Target protocol address (TPA)

Cu trc mt n v d liu ARP

Hardware type (HTYPE) Mi giao thc tng lin kt (link layer) s c

gn mt s phn bit (v d nh Ethernet l 1)..

Protocol type (PTYPE) Dng phn bit giao thc tng Internet, v d nh

vi IP l 0x0800.

Hardware length (HLEN) di tnh theo byte ca a ch vt l. i viEthernet gi tr ny l 6.

Protocol length (PLEN) di tnh theo byte ca a ch logic. i vi IP

gi tr ny l 4..

Operation Xc nh hnh ng m bn gi gi tin ang thc hin: 1 cho

request, 2 cho reply, 3 cho RARP request v 4 cho RARP reply.

Sender hardware address (SHA) a ch vt l ca trm gi.

Sender protocol address (SPA) a ch logic ca trm gi (v d nh a ch

IP).

Target hardware address (THA) a ch vt l ca trm ch. Trng ny

c trng i vi gi tin request.

Target protocol address (TPA) a ch logic ca trm ch.

2.4.3 RARP (reserve address resolution protocol)L giao thc ngc li so vi ARP, tm a ch logic khi bit a ch vt l. Cu trcca mt n v d liu ca giao thc RARP hon ton tng t nh ARP, ngoi trtrng Operation. i vi gi d liu ARP th Operation c gi tr 1 nu l request,

2 nu reply. i vi gi d liu RARP th Operation c gi tr 3 nu l request v 4nu l reply.



20/81


2.4.4 IP (internet protocol)Giao thc lin mng IP ht nhn ca b giao thc TCP/IP. Trong phm vi tichng ta ch xt ti IP phin bn 4 (IPv4). IP l mt giao thc hng d liu c

s dng trong mng chuyn mch gi (v d nh Ethernet). IP l mt giao thc hong theo phng thc khng lin kt (connectionless) v khng m bo truyn(khng c s trao i thng tin iu khin). Vai tr ca IP tng t nh vi tr cagiao thc tng mng (network layer) trong m hnh OSI vi cc chc nng nh sau:

Xc nh lc a ch Internet.

Di chuyn d liu gia tng giao vn v tng lin kt.

Dn ng cho cc n v d liu ti cc trm xa.

Thc hin vic ct v hp cc n v d liu.

Giao thc IP s b sung phn header vo trc segment c gi t tng giao vnxung v n v d liu ny trong b giao thc TCP/IP c gi l IP packet nhhnh sau:

n v d liu ca giao thc IP c cu trc nh sau:

Bit offset 03 47 815 1618 1931

0 VersionHeader length

DifferentiatedServices Total Length

32 Identification Flags Fragment Offset64 Time to Live Protocol Header Checksum96 Source Address128 Destination Address160 Options + Padding

160 /192+ Data (max 65535 bytes)

Cu trc n v d liu IP



21/81


Trong phn header bao gm cc thnh phn: Version: ch ra phin bn hin hnh ca IP c ci t (c gi tr l 4 i

vi IPv4).

Internet Header Length (IHL) Ch di phn u ca IP packet, tnh

theo n v t (word = 32 bit). di ti thiu l 5 t (20 byte).

Differentiated Services (DS): Trc y cn gi l Type of Services c t cc thams dch v, c dng c th nh sau:

Vi ngha cc bit c th:

Precedebce (3 bit): quyn u tin c th l 111 - Network Control, 110 -

Internetwork Control, 101 - CRITIC/ECP, 100 - Flash Override, 011 - Flash,010 - Immediate, 001 - Priority, 000 Routine.

D (Delay) (1 bit): ch tr yu cu D = 0 nu tr bnh thng, 1 nu

tr thp.

T (Throughput) (1 bit): ch thng lng yu cu T = 0 thng lng bnh

thng, 1 nu thng lng cao.

R (Reliability) (1bit) ch tin cy yu cu R = 0 tin cy bnh thng, 1

nu tin cy cao.

C (Cost) (1bit) ch hao ph C = 0 normal cost, 1 nu minimize cost.

Reserved (1bit) dnh.

Trn Ngc Vit CNT46 H

bit 0 2 3 5 5 6 7Precedenc

e

D T R C Reserve

d

21


22/81


Total Length trng 16 bit ch di ton b datagram bao gm c phn

header v phn data tnh theo byte v c gi tr ln nht l 65535 v gi trnh nht l 20 byte.

Identification (16 bit) nh danh duy nht cho 1 datagram khi n vn cn trn

lin mng.

Flags (3 bit) iu khin s phn mnh. Theo th t t bit cao xung bit thp

nh sau:

o Reserved: c gi tr 0.

o DF: 0 (May Fragment); 1 (Dont Fragment).

o MF: 0 (Last Fragment); 1 (More Fragment).

Fragment Offset ch v tr ca on (fragment) trong datagram tnh theo n

v 64 bit, c ngha mi on (tr on cui cng) phi cha mt vng d liuc di l bi s ca 64 bit.

Time To Live (TTL) (8 bit): quy nh thi gian tn ti (tnh bng giy) ca

datagram trong lin mng trnh tnh trng mt datagram b lp v hn trnlin mng. Thi gian ny c cho bi trm gi v c gim i (thngquy c l 1 n v) khi datagram i qua mi router ca lin mng.

Protocol (8 bit): ch ra giao thc tng trn k tip s nhn vng d liu

trm ch (hin ti thng l TCP hoc UDP c ci t trn IP).

Header Checksum (16 bit): m kim sot li 16 bit theo phng php CRS,

ch dnh cho phn header.

Source address (32 bit): a ch trm ngun.

Destination address (16 bit): a ch trm ch.

Options ( di thay i): khai bo cc la chn do ngi dng yu cu (tytheo tng chng trnh).



23/81


Padding ( di thay i): vng m c dng m bo cho phn header

lun kt thc mt mc 32 bits.

Data ( di thay i): vng d liu c di l bi s ca 8 bit v ti a l

65535 byte.

2.4.5 ICMP (internet control message protocol)Giao thc ICMP cung cp c ch thng bo li v cc tnh hung khng mongmun cng nh iu khin cc thng bo trong b giao thc TCP/IP. Giao thc nyc to ra thng bo cc li dn ng cho trm ngun. ICMP ph thuc vIP c th hot ng v l mt phn khng th thiu ca b giao thc TCP/IP, tunhin n khng phi giao thc dng truyn ti d liu nn thng c coi nmtrong tng Internet (Internet layer) m khng phi l tng giao vn (transport layer).Chc nng ca ICMP nh sau:

Cung cp thng bo phn hi v tr li kim tra tin cy ca kt ni gi

hai trm. iu ny c thit lp bi cu lnh PING (Packet internetgropher).

ch hng li lu lng cung cp vic dn ng hiu qu hn khi m

b dn ng qu ti d lu lng qua n qu ln.

Gi thng bo v thi gian qu khi datagram ca trm ngun vt qu

TTL v b loi b.

Gi qung co dn ng xc nh a ch ca cc b dn ng trn

on mng. Cung cp cc thng bo qu hn thi gian.

Xc nh subnet mask no c s dng trn on mng.

D liu ca gi ICMP s c ng gi bi giao thc IP v Ethernet nh trong hnhv sau:



24/81


n v d liu ca ICMP bao gm 2 phn: Header v Data. Phn Data trongWindow c ln l 32 v theo ngay sau phn Header. Header c bt u sau bitth 160 ca gi tin IP (tr khi phn IP Option c s dng) c cu trc nh sau:

Trong :Type (8 bit): Loi gi tin ICMP.

Code (8 bit): Chi tit v cc c im ca gi tin ICMP.

Checksum( 16 bit) M sa li CRC.

ID & Sequence (32 bit): C gi tr trong trng hp ICMP Echo Request v

Echo Reply.

2.4.6 TCP (Transmission Control Protocol)Giao thc iu khin truyn TCP l mt giao thc hot ng theo phng thc clin kt (connection oriented). Trong b giao thc TCP/IP, n l giao thc trunggian gia IP v mt ng dng pha trn, m bo d liu c trao i mt cch ticy v ng th t. Cc ng dng s gi cc dng gm cc byte 8 bit ti TCP gi qua mng. TCP s phn chia cc dng ny thnh cc on (segment) c kchthc thch hp (thng da theo kch thc ca n v truyn dn ti a MTU c

Trn Ngc Vit CNT46 H

bit 160 167168 175

176 183

184 191

160 Type Code Checksum192 ID Sequence

24


25/81


tng lin kt ca mng m my tnh ang nm trong . Sau TCP chuyn cc gitin thu c ti IP thc hin chuyn n qua lin mng ti modul TCP ti mytnh ch. Trong qu trnh ny, n s c c ch bt tay, iu khin truyn, nh s

th t v sa li vic truyn dn din ra ng n v chnh xc.n v d liu ca TCP c gi l segment (on d liu) bao gm 2 phnHeader v Data, c miu t di hnh sau:

Bit 0 3 4 9 10 15 16 310 Source Port Destination Port32 Sequence Number 64 Acknowledgement Number 96 Data Offset Reserved Flags Window128 Checksum Urgent Pointer 160 Options + Padding

160/192+ Data

Cu trc n v d liu TCPTrong :

Source port (16 bit): S hiu ca cng ca trm ngun

Destination port (16 bit): S hiu ca cng ca trm ch.

Sequence number (32 bit): Trng ny c 2 nhim v. Nu c SYN bt th

n l s hiu tun t khi u (ISN) v byte d liu u tin l ISN + 1. Nukhng c c SYN th y l s hiu byte u tin ca segment.

Acknowledgement number (32 bit): S hiu ca segment tip theo m trmngun ang ch nhn. Ngm bo nhn tt (cc) segment m trm ch gi cho trm ngun.

Data offset (4 bit): Qui nh di ca phn header (tnh theo n v t 32

bit). Phn header c di ti thiu l 5 t (160 bit) v ti a l 15 t (480 bit).

Reserved (6 bit): Dnh cho tng lai v c gi tr l 0.



26/81


Flags (hay Control bits): Bao gm 6 c t tri sang phi nh sau:

o URG: C cho trng Urgent pointer

o ACK: C cho trng Acknowledgement

o PSH: Hm Push

RST: Thit lp li ng truyn

SYN: ng b li s hiu tun t (sequene number).

o FIN: Khng cn d liu t trm ngun.

Window (16 bit): S byte trm ngun c th nhn bt u t gi tr ca

trng bo nhn (ACK).

Checksum: 16 bit kim tra cho c phn header v d liu.

Urgent pointer (16 bit): Tr ti s hiu tun t ca byte i theo sau d liu

khn, cho php bn nhn bit c di ca vng d liu khn. Vng ny

ch c hiu lc khi c URG c thit lp. Options ( di thay i): y l trng ty chn.

Padding ( di thay i): Phn chn thm vo header bo m phn

header lun kt thc mt mc 32 bit. Phn thm ny gm ton s 0.

TCP data ( di thay i): Cha d liu ca tng trn, c di ngm nh

l 536 byte. Gi tr ny c th iu chnh bng cch khai bo trong vngoptions.

2.4.7 UDP (User Datagram Protocol)y l mt giao thc khng lin kt c s dng thay th trn IP theo yu cuca cc ng dng. Khc vi TCP, UDP khng c cc chc nng thit lp v gii phng lin kt. N cng khng cung cp cc c ch bo nhn, khng sp xp tun

t cc n v d liu n v c th dn ti tnh trng d liu mt hoc trng mkhng h c thng bo li cho ngi gi. Tm li n cung cp cc dch v giao vn



27/81


khng tin cy nh trong TCP. Do t chc nng phc tp nn UDP c xu th hotng nhanh hn so vi TCP. N thng c dng cho cc ng dng khng i hi tin cy cao trong giao vn.

Cu trc ca mt n v d liu UDP nh sau:

Bit 0 - 15 16 310 Source Port Destination Port32 Length Checksum64 Data

Cu trc n v d liu UDPTrong :

Source port (16 bit): Trng ny xc nh cng ca trm gi v c ngha

nu mun nhn thng tin phn hi t ngi nhn. Nu khng dng n tht n bng 0.

Destination port (16 bit): Trng xc nh cng ca trm nhn thng tin, v

trng ny l cn thit.

Length (16 bit): Xc nh chiu di ca ton b datagram: phn header v d

liu. Chiu di ti thiu l 8 byte khi gi tin khng c d liu, ch c header.

Checksum (16 bit): Trng checksum 16 bit dng cho vic kim tra li ca

phn header v d liu.

2.4.8 HTTP (Hypertext Transfer Protocol)L mt giao thc tng ng dng da trn giao thc TCP ca tng giao vn trn cns 80 h tr Web. Trong giao thc ny mi i tng d liu (trang web, nh,audio...) c truyn trong nhng phin (HTTP session) ring bit. Phn d liuc a xung tng giao vn v c chuyn thnh cc TCP packet gi chotrm nhn. bt u mt phin, client thit lp kt ni ti server bng cch gi mt TC packet vi c SYN c bt ti cng 80. Server gi tr li packet vi c ACK



28/81


c bt. Cui cng, client gi packet vi c ACK v tip tc l request i tngmnh cn. V d nhGET /index.html HTTP/1.1Server s phn hi cho client vi m trng thi, v d nh 200 OK, 403

Forbbiden, 404 Not Found... Sau server s gi packet ng kt ni.2.4.9 DNS (Domain Name System)L mt giao thc cho php nh x gia tn min v a ch IP v lm vic trn giaothc UDP ca tng giao vn (hu ht trn cng 53). Cu trc d liu phn headeca DNS message nh sau:

Cu trc header ca gi tin DNS

Trong : ID: L mt trng 16 bits, cha m nhn dng, n c to ra bi mt

chng trnh thay cho truy vn. Gi tin hi p s da vo m nhn dngny hi p li. Chnh v vy m truy vn v hi p c th ph hp vinhau.

QR: L mt trng 1 bit. Bt ny s c thit lp l 0 nu l gi tin truy

vn, c thit lp l mt nu l gi tin hi p.

Opcode: L mt trng 4 bits, c thit lp l 0 cho c hiu truy vn, c

thit lp l 1 cho truy vn ngc, v c thit lp l 2 cho tnh trng truyvn.

AA: L trng 1 bit, nu gi tin hi p c thit lp l 1, sau n s i

n mt server c thm quyn gii quyt truy vn.

Trn Ngc Vit CNT46 H

bit 0 15 1617 20

21

22

23

24

25 27

29 31

ID Q Query A T R V B RcodeQuestion count Answer count

Authority count Additional count

28


29/81


TC: L trng 1 bit, trng ny s cho bit l gi tin c b ct khc ra do

kch thc gi tin vt qu bng thng cho php hay khng.

RD: L trng 1 bit, trng ny s cho bit l truy vn mun server tip tc

truy vn mt cch qui.

RA: Trng 1 bit ny s cho bit truy vn qui c c thc thi trn server

khng .

Z: L trng 1 bit. y l mt trng d tr, v c thit lp l 0.

Rcode: L trng 4 bits, gi tin hi p s c th nhn cc gi tr sau :

o 0: Cho bit l khng c li trong qu trnh truy vn.

1: Cho bit nh dng gi tin b li, server khng hiu c truy vn.

2: Server b trc trc, khng thc hin hi p c.

3: Tn b li. Ch c server c thm quyn mi c th thit lp gi tr ny.

o 4: Khng thi hnh. Server khng th thc hin chc nng ny .

o 5: Server t chi thc thi truy vn.

QDcount: S ln truy vn ca gi tin trong mt vn .

ANcount: S lng ti nguyn tham gia trong phn tr li.

NScount: Ch ra s lng ti nguyn c ghi li trong cc phn c thm

quyn ca gi tin.

ARcount: Ch ra s lng ti nguyn ghi li trong phn thm vo ca gi tin.



30/81

Chng II. K thut chn bt

CHNG II. K THUT CHN BT1 Tng Quan V Chn Bt Gi Tin (Sniffer)1.1 Cc khi nim lin quan

Packet l mt n v d liu c nh dng lu chuyn trn mng.

Network Traffic l lu lng thng tin vo/ra h thng mng. c th o

c, kim sot Network Traffic ta cn phi chn bt cc gi tin (Packetcapture).

Packet capture l hnh ng chn bt cc packet d liu c lu chuyn

trn mng. Packet capture gm c:

o Deep Packet Capture (DPC): l hnh ng chn bt ton b cc gi

tin trn mng (bao gm c phn header v payload). Cc gi tin chn bt c s c lu tr li trong b nh tm thi hoc lu di.

o Deep Packet Inspection (DPI): l qu trnh kim tra, nh gi tm

ra nguyn nhn ca nhng vn ca mng, xc nh nguy c an ton bo mt, chc chn mng hot ng chnh xc v k thut v lut php.

o DPC v DPI c kt hp vi nhau nhm qun l, nh gi, phn tch

s lun chuyn cc gi tin trn mng ng thi lu gi li nhngthng tin cho cc mc ch khc sau ny.

Trong thc t packet capture c th ghi li c header m khng cn lugi ton b phn ni dung payload. Nh vy, ta c th gim c yu cu bnh dng lu tr, trnh cc vn php lut trong khi vn c y nhng thng tin cn thit nht.

Packet Analyzer (Sniffer) l phn mm hoc phn cng my tnh c gn

vo trong 1 mng my tnh c th theo di thng tin lu chuyn (network traffic) trn 1 mng hay mt phn ca mng. Sniffer s c nhim v chn b



31/81


cc gi tin (packet), sau gii m, phn tch ni dung ca n nhm thchin cc mc ch khc nhau.

1.2 ng dng ca sniffer1.2.1 Kh nng

i vi mng LAN c dy th ph thuc vo cu trc ca mng (s dng

hub hay switch) ta c th chn bt ton b hay mt phn cc thng tin trnmng t mt nt duy nht nm trong mng. i vi hub ta c th chn bt tc cc gi tin truyn ti qua mng, nhng i vi switch cn phi c mt s phng thc c bit nh ARP snoofing.

i vi mng LAN khng dy th cc gi tin c chn bt trn cc knh

ring bit.

mt my c th chn bt thng tin trong mng ca n, network adapter

phi c t promiscuous mode.

1.2.2 Mc ch

Thng c 2 dng chnh: dng kim tra bo tr mng v dng kia dng xmnhp mng. Chng c s dng cho cc mc ch: Phn tch hiu nng lm vic hoc s c mng.

Nhn bit s xm nhp mng, r r thng tin, ... ly v thng tin lin quan ti

qu trnh xm nhp.

Qun l s dng mng.

Tp hp thng tin bo co v trng thi mng.

Sa li, bo tr cc hnh thi, giao thc mng.

Lc ly thng tin cn thit c lu chuyn trn mng, a v dng ph hp

con ngi c th c.

Chn bt cc thng tin nhy cm nh mt khu, username ca ngi dngkhc trn mng nhm xm nhp h thng ca h.



32/81


1.3 Cc chng trnh sniffer hin cHin nay c rt nhiu chng trnh min ph cng nh thng mi thc hin vichn bt v phn tch gi tin. Mt s chng trnh trong nh:

Tcpdump (http://www.tcpdump.org/) i vi Unix v Windump(http://www.winpcap.org/windump/default.htm) i vi Window.

Wireshark (http://www.wireshark.org/).

Etherpeek (http://www.aggroup.com/).

Triticom LANdecoder32

(http://www.triticom.com/TRITICOM/LANdecoder32/). Snort (http://en.wikipedia.org/wiki/Snort_(software)).

Kismet (http://en.wikipedia.org/wiki/Kismet_(software))dnh cho 802.11wireless LANs.

Cain & Anbel (http://www.oxid.it/)

2 Cch Thc Hot ng

2.1 Theo di Network TrafficTrong phm vi ca bo co thc tp tt nghip ch xt ti mi trng mng c dytrong WindowXP, hay chnh xc hn l trong phm vi chun Ethernet.Ethernet c xy dng da trn khi nim chia s. Tt c cc my trong mt mnni b u c chia s chung mt ng dy. iu ch ra rng tt c cc mtrong mng u c th nhn thy traffic trong ng dy .Do , phn cng Ethernet s c mt b lc (filter) b qua tt c nhng traffickhng phi dnh cho n (bng cch b qua tt c cc frame c a ch MAC khng ph hp). khc phc, sniffer phi c c ch tt filter trn, a phn cnEthernet vo ch hn tp (promiscuous mode)

http://www.tcpdump.org/http://www.winpcap.org/windump/default.htmhttp://www.wireshark.org/http://www.aggroup.com/http://www.triticom.com/TRITICOM/LANdecoder32/http://en.wikipedia.org/wiki/Snort_(software)http://en.wikipedia.org/wiki/Kismet_(software))http://www.oxid.it/http://www.winpcap.org/windump/default.htmhttp://www.wireshark.org/http://www.aggroup.com/http://www.triticom.com/TRITICOM/LANdecoder32/http://en.wikipedia.org/wiki/Snort_(software)http://en.wikipedia.org/wiki/Kismet_(software))http://www.oxid.it/http://www.tcpdump.org/


33/81


2.2 Phn tch Network TrafficKhi d liu c gi trn ng dy, n s c chia nh, ng gi thnh nhiu packet v c gi i mt cch ring bit. Sniffer l chng trnh s chn bt cc

packet ny.Sau khi tin hnh chn bt thnh cng cc gi tin, chng ta s c c cc packetmang thng tin. Tuy nhin, ly c thng tin cn thit phc v cho cc mcch khc nhau, chng ta phi thc hin vic phn tch cc gi tin (PacketAnalysis).Cc giao thc c th sniffing nh: Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP,hoc ICMPv4, telnet, rlogin, http, SMNP, NNTP, POP, FTP, IMAP...V d v phn tch mt gi tin:

Di y l 512 byte u tin d liu ca mt gi tin Ethernet di dngHex khi ta s dng trnh duyt duyt trang webhttp://web.archive.org/web/20050221103207/http://www.robertgraham.com/pubs/sniffing-faq.html

000 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 45 00 ...^......^.. .E.010 05 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 02 0A 00 [email protected] 01 C9 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 10 .. .P.u......}.P.

030 70 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32 py.'.. HTTP/1.1.2040 30 30 20 4F 4B 0D 0A 56 69 61 3A 20 31 2E 30 20 00.OK..Via:.1.0.050 53 54 52 49 44 45 52 0D 0A 50 72 6F 78 79 2D 43 STRIDER..Proxy-C060 6F 6E 6E 65 63 74 69 6F 6E 3A 20 4B 65 65 70 2D onnection:.Keep-070 41 6C 69 76 65 0D 0A 43 6F 6E 74 65 6E 74 2D 4C Alive..Content-L080 65 6E 67 74 68 3A 20 32 39 36 37 34 0D 0A 43 6F ength:.29674..Co090 6E 74 65 6E 74 2D 54 79 70 65 3A 20 74 65 78 74 ntent-Type:.text0A0 2F 68 74 6D 6C 0D 0A 53 65 72 76 65 72 3A 20 4D /html..Server:.M 0B0 69 63 72 6F 73 6F 66 74 2D 49 49 53 2F 34 2E 30 icrosoft-IIS/4.00C0 0D 0A 44 61 74 65 3A 20 53 75 6E 2C 20 32 35 20 ..Date:.Sun,.25.0D0 4A 75 6C 20 31 39 39 39 20 32 31 3A 34 35 3A 35 Jul.1999.21:45:50E0 31 20 47 4D 54 0D 0A 41 63 63 65 70 74 2D 52 61 1.GMT..Accept-Ra0F0 6E 67 65 73 3A 20 62 79 74 65 73 0D 0A 4C 61 73 nges:.bytes..Las100 74 2D 4D 6F 64 69 66 69 65 64 3A 20 4D 6F 6E 2C t-Modified:.Mon,110 20 31 39 20 4A 75 6C 20 31 39 39 39 20 30 37 3A .19.Jul.1999.07:120 33 39 3A 32 36 20 47 4D 54 0D 0A 45 54 61 67 3A 39:26.GMT..ETag:130 20 22 30 38 62 37 38 64 33 62 39 64 31 62 65 31 ."08b78d3b9d1be1140 3A 61 34 61 22 0D 0A 0D 0A 3C 74 69 74 6C 65 3E :a4a".... 150 53 6E 69 66 66 69 6E 67 20 28 6E 65 74 77 6F 72 Sniffing.(networ160 6B 20 77 69 72 65 74 61 70 2C 20 73 6E 69 66 66 k.wiretap,.sniff170 65 72 29 20 46 41 51 3C 2F 74 69 74 6C 65 3E 0D er).FAQ.180 0A 0D 0A 3C 68 31 3E 53 6E 69 66 66 69 6E 67 20 ...Sniffing.190 28 6E 65 74 77 6F 72 6B 20 77 69 72 65 74 61 70 (network.wiretap1A0 2C 20 73 6E 69 66 66 65 72 29 20 46 41 51 3C 2F ,.sniffer).FAQ....This.docu1C0 6D 65 6E 74 20 61 6E 73 77 65 72 73 20 71 75 65 ment.answers.que1D0 73 74 69 6F 6E 73 20 61 62 6F 75 74 20 74 61 70 stions.about.tap1E0 70 69 6E 67 20 69 6E 74 6F 20 0D 0A 63 6F 6D 70 ping.into...comp1F0 75 74 65 72 20 6E 65 74 77 6F 72 6B 73 20 61 6E uter.networks.an

V d phn tch Network Traffic

http://web.archive.org/web/20050221103207/http:/www.robertgraham.com/pubs/sniffing-faq.htmlhttp://web.archive.org/web/20050221103207/http:/www.robertgraham.com/pubs/sniffing-faq.htmlhttp://web.archive.org/web/20050221103207/http:/www.robertgraham.com/pubs/sniffing-faq.htmlhttp://web.archive.org/web/20050221103207/http:/www.robertgraham.com/pubs/sniffing-faq.html


34/81


Ta nhn thy trong packet trn cha 14-byte Ethernet header, 20-byte IP header,20-byte TCP header, HTTP header c du hiu kt thc l (0D 0A 0D 0A) v

cui cng l phn d liu. D liu thu c nh sau:Ethernet header: 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00IP header: 45 0005 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 020A 0001C9TCP header: 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 1070 79 8F 27 00 00HTTP header: 48 54 54 50 2F 31 2E 31 20 32.... ... 3A 61 34 61 22 0D 0A 0D 0A

Mt Protocol Analyzer s nhn vo nhng d liu trn v phn tch chng,trch xut thng tin v chuyn thnh cc trng thng tin c th d dng c bicon ngi, v d i vi packet trn sau khi thc hin phn tch thng tin ta sc:

ETHER: Destination address : 0000BA5EBA11ETHER: Source address : 00A0C9B05EBDETHER: Frame Length : 1514 (0x05EA)ETHER: Ethernet Type : 0x0800 (IP)IP: Version = 4 (0x4)IP: Header Length = 20 (0x14)IP: Service Type = 0 (0x0)IP: Precedence = RoutineIP: ...0.... = Normal DelayIP: ....0... = Normal ThroughputIP: .....0.. = Normal ReliabilityIP: Total Length = 1500 (0x5DC)IP: Identification = 7652 (0x1DE4)IP: Flags Summary = 2 (0x2)IP: .......0 = Last fragment in datagramIP: ......1. = Cannot fragment datagramIP: Fragment Offset = 0 (0x0) bytesIP: Time to Live = 127 (0x7F)IP: Protocol = TCP - Transmission ControlIP: Checksum = 0xC26DIP: Source Address = 10.0.0.2IP: Destination Address = 10.0.1.201TCP: Source Port = Hypertext Transfer ProtocolTCP: Destination Port = 0x0775TCP: Sequence Number = 97517760 (0x5D000C0)TCP: Acknowledgement Number = 78544373 (0x4AE7DF5)TCP: Data Offset = 20 (0x14)TCP: Reserved = 0 (0x0000)TCP: Flags = 0x10 : .A....TCP: ..0..... = No urgent dataTCP: ...1.... = Acknowledgement field significant



35/81


TCP: ....0... = No Push functionTCP: .....0.. = No ResetTCP: ......0. = No SynchronizeTCP: .......0 = No FinTCP: Window = 28793 (0x7079)TCP: Checksum = 0x8F27

TCP: Urgent Pointer = 0 (0x0)HTTP: Response (to client using port 1909)HTTP: Protocol Version = HTTP/1.1HTTP: Status Code = OK HTTP: Reason = OK

2.3 Cc thnh phn ca mt chng trnh snifferHardware

Phn cng tha mn cc tiu chun ca network adapter. Ngoi ra c th ccc tnh nng c bit b sung kim tra li CRC, li in th, li cp...Ch : c th chn bt cc gi tin vo/ra mt mng gin tip t mt nt mng thcard mng ca nt mng phi h tr ch a hn tp (promiscuous mode). Hht cc card mng hin nay u h tr ch ny. Tuy nhin, cc mng hin nayang dn chuyn sang s dng switch thay v broadcast gi tin nh hub, vy nn chn bt gi tin trong mt mng khng cn n gin nh trc y na.Capture driver

L phn quan trng nht. N c nhim v bt ly network traffic trn ngdy, lu tr d liu vo buffer v lc ly thng tin cn thit.Buffer

D liu sau khi c ly v s c lu tr tm thi ti buffer. Thng c phng php s dng buffer: ghi vo cho ti khi buffer y, hoc ghi theo phng php vng trn khi m d liu mi nht s thay th d liu c nht.Real-time analysis

Phn tch traffic v protocol, kim tra li khi capture packet.Decode

Gii m v hin th ni dung ca network traffic di dng ph hp tythuc vo yu cu.Packet editting/transmission

Mt vi chng trnh cho php chng ta t to cho mnh nhng packet va chng ln mng.



36/81


2.4 Phng chng snifferTrc tin, chc chn rng khng mt my ring bit no c th lng nghe hay ch bt ton b mng Internet. Th hai, c th lng nghe mt lin kt, cn phi tru

nhp c vo dy ni vt l ca lin kt (hay c th tham gia vo gia ngtruyn vt l ca cc gi tin). Vy nn trc ht phng chng sniffer l ngnchn khng sniffer c ci t hay chy trn bt k my no trong mng cngnh kim tra cn thn dy ni trong mng (i vi mng c dy). Ngoi ra phng chng sniffer ta cn:

2.4.1 Pht hin sniffer trong mng Mt s phng thc n gin nht pht hin chng trnh sniffer:

Phng thc Ping: gi mt gi tin ping ti a ch IP m khng phi l

Ethernet Adapter, gm nhng bc nh sau:

o Gi s my nghi ng c a ch IP 10.0.0.1 v MAC l 00-40-05-A4-

79-32

o Gi mt gi tin ICMP Echo Request (ping) c IP ca my nghi ng v a ch MAC thay i (v d 00-40-05-A4-79-31).

o Nu nh ta nhn c phn hi tc l my nghi ng b chc nng

Ethernet Filter, do n ang lng nghe trn ng dy.

Phng thc ARP

Tng t nh phng thc Ping nhng s dng gi tin ARP thay cho ICMP Phng thc DNS

Rt nhiu chng trnh sniffer s t ng chuyn i a ch IP thng quaDNS. Ta c th pht hin promiscuous mode ca mt my da vo DNStraffic m n to ra (yu cu cn phi thit t my nghi ng request ti DNSserver m ta c th kim sot, sau da vo traffic kim tra).

2.4.2 Ngn chn sniffer Chng sniffing d liu



37/81


o SSL Sercure Socket Layer

o SSH Sercure Shell

o VPNs Virtual Private Networks Ci t mng sniffing kh khn hn

o Kim tra ng dy v cc my trong mng.

o S dng Switch thay v Hub.

S dng Adapter khng h tr sniffing

Mt vi loi Adapter c khng h tr promiscuous mode.2.4.3 Mt s chng trnh pht hin sniffer

AntiSniff

http://www.l0pht.com/antisniff/ CPM (Check Promiscuous Mode)

ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/ Dnh cho UNIX.

o neped

http://www.apostols.org/projectz/neped/ o sentinel

http://www.packetfactory.net/Projects/sentinel/ o cpm (Check Promiscuous Mode)

ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/cpm/ 3 Cc Phng Php Xy Dng

xy dng chng trnh sniffer, chng ta c cc la chn chnh: Chn bt mc

ng dng, mc h iu hnh v mc network adapter.

http://www.l0pht.com/antisniff/ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/http://www.apostols.org/projectz/neped/http://www.packetfactory.net/Projects/sentinel/ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/cpm/http://www.l0pht.com/antisniff/ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/http://www.apostols.org/projectz/neped/http://www.packetfactory.net/Projects/sentinel/ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/cpm/


38/81


3.1 Raw Socket mc h iu hnhSocket l mt phng php thit lp kt ni truyn thng gia mt chng trnyu cu dch v ( client) v mt chng trnh cung cp dch v (server) trn mng

LAN, WAN hay Internet v i lc l gia nhng qu trnh ngay bn trong mytnh. Mi socket c th c xem nh mt im cui trong mt kt ni. Msocket trn my yu cu dch v c a ch mng c cp sn gi mt socketrn my cung cp dch v. Mt khi socket c thit lp ph hp, hai my tnhc th trao i dch v v d liu.Cc c tnh ca Socket bao gm:

Giao thc (TDP, UDP hay raw IP).

S hiu cng.

a ch IP.

Phn loi: C vi loi Socket thng dng nh: Datagram Socket hay cn gi l connectionless socket s dng UDP.

Stream Socket hay cn gi l connection oriented socket s dng TCP.

Raw Socket (hay l Raw IP Socket). Vi socket dng ny tng giao vn c

b qua v ng dng c th truy nhp trc tip vo d liu ca gi tin IP.

Tm li, s dng Socket ta c th chn bt v truy nhp cc thng tin t tnggiao vn tr ln (TCP v UDP) v c th truy nhp ti tng Internet ( IP) nu sdng raw socket. Tuy nhin hin nay trn h iu hnh window ch c th vinwinsock dnh cho Visual C++ v Socket trong .Net h tr raw socket. Th vinlp trnh mng ca Java khng cho php ngi pht trin c s dng ti rawsocket.Raw socket l mt socket cho php truy nhp trc tip ti header ca mt packet. Ni mt cch khc, raw socket l mt cch b qua ton b network stack v a packet ti thng tng ng dng. Raw socket c th thc hin mt trong

hai tc v:Packet Sniffing: nhn cc packet t raw socket.



39/81


Packet Injection: gi cc packet ti raw socket.Raw socket khng nm tng ngn ng lp trnh m l mt phn networkingAPI ca h iu hnh. S dng raw socket chng ta c th ly v header ca

packet khc vi socket thng thng ch ly v payload ca packet. Raw socketc s dng trong transport layer v network layer.Khi Window XP c pht hnh nm 2001, raw socket c ci t trong thvin Winsock, tuy nhin Microsoft tuyn b raw socket ch c hacket dngtrong vic thc hin TCP reset attacks. Do vy sau 3 nm sau trong bn hotfix,Mircrosoft hn ch h tr raw socket trong winsock cng nh khng h tr cho ng dng no s dng chng na.

3.2 Pcap mc network adapterPcap (packet capture) bao gm nhng giao din lp trnh ng dng (API) dng chn bt network traffic. i vi cc h thng thuc h Unix ta c th vin libpcapcn i vi Window ta c th vin c port t libpcap l winpcap. Pcap thng chai thnh phn c bn:

Driver: packet capture driver khng th c vit bng cc ngn ng bc cao

m thng vit bng C hoc assembly. Hai driver c s dng rng ri nhthin nay l driver thng mi nm trong PCAUSA v driver min ph nmtrong Windump package.

Interface: l giao din thc hin packet capture.

Libpcap v Winpcap c s dng t link layer tr ln. Chng cung cp c ch packet capture v packet filter, c th lu tr packet thu c vo file hay c file

... Ngoi ra chng cn cho php to cc custom packet v injection chng trnmng. Rt nhiu ng dng s dng libpcap hay winpcap vo cc mc ch khcnhau nh packet sniffer, network monitor, network tester hay network intrusiondetection system...Tuy nhin nhc im ca vic s dng cc th vin ny l chng ch c th sdng chn bt gi tin m khng th block mt a ch hay mt cng hay mt titrnh truy nhp mng nh socket.



40/81


API ca libpcap v winpcap c vit bng C hoc C++ nn c th xy dngng dng bng cc ngn ng khc nh .NET, Java ta cn c wrapper.

Danh sch cc wrapper s dng libpcap/winpcap vi ngn ng khc C/C++:

Net::Pcap, a Perl wrapper for pcap python-libpcap, a Python wrapper for pcap

pcapy, another Python wrapper for pcap

PacketFu, a Ruby wrapper for pcap

tclpcap, a Tcl wrapper for pcap

jpcap, a Java wrapper for pcap

jNetPcap, another Java wrapper for pcap

WinPcapNET, SharpPcap, Pcap.Net, .NET wrappers for WinPcap

pcap, Haskell bindings for pcap

mlpcap, Objective Caml bindings for pcap

pcap, Chicken Scheme wrapper for pcap



41/81


3.3 So snh Raw Socket v Pcap

Tng ng gia Socket v PcapRaw socket v pcap u c th c s dng vit chng trnh sniffer. Tuy nhinsocket ch c th lm vic t tng th 4 trong m hnh OSI tr ln (transport layer trong TCP/IP) v raw socket c th lm vic c vi tng th 3 trong m hnh OSItr ln (network layer trong TCP/IP) cn pcap c th lm vic vi tng th 2 tr lntrong m hnh OSI (link layer trong TCP/IP) (ngun). Ngoi ra raw socket trnwindow khng cn c Microsoft h tr cng nh tnh nng b gii hn nh:

D liu TCP khng th c gi qua raw socket.

UDP datagram vi a ch ngun khng hp l s khng th gi qua raw

socket.

Do vy, nu s dng Socket o c ton b lu lng thng tin vo/ra mt hthng hay mt trm th s dn ti kt qu c th khng chnh xc do n ch c thchn bt mt s loi packet nht nh (TCP v UDP) (IP nu nh s dng raw IPsocket). Cc giao thc vi cc gi d liu khc nh ARP, RARP, ICMP ta s khngth chn bt khi s dng socket. Nu s dng th vin pcap chn bt mnetwork adapter th ta s c th chn bt c ton b thng tin do mc chn bt y tng th 2 trong m hnh OSI (link layer trong TCP/IP). Tuy nhin, sai lchl rt nh do cc gi tin ngoi TCP v UDP c rt nh v khng thng xuyn.



42/81


S dng Raw Socket ta c th block mt ng dng, mt tin trnh s dng mn bng cch c th chn cng hay chn a ch IP ca n. Tuy nhin, khi s dng thvin pcap, ta khng th lm vic ny m ch c th chn bt v trch xut thng tin.

Kt lun: xy dng mt ng dng sniffer, ta hon ton c th s dng bt k mtrong hai phng php trn. Tuy nhin, ty vo nhiu yu t khc nhau m ta c thchn mt trong hai phng php hay kt hp c hai phng php.



43/81

Chng III. Phn tch, la chn v thit k gii thut

CHNG III. PHN TCH, LA CHN V THIT KGII THUT

1 Chi Tit Cc Phng Php1.1 Winsock S dng Winsock xy dng chng trnh sniffer ngha l chn bt mc h ihnh vi Raw Socket. Do ti thc hin trong phm vi h iu hnh Windows nnchng ta ch xt ti Winsock (ngoi ra cn c th c .NET Socket)..1.1.1 Khi nimL vit tt ca t Window Socket. L mt th vin socket, n c dng nh l

giao din gia TCP/IP v Windows. Winsock l mt th vin lin kt ng .DLLchy trn nn h iu hnh Windows. WINSOCK.DLL lin h vi TCP t giaotip ra ngoi mng Internet. Hnh di th hin cch lm vic ca Winsock:

S giao tip thng qua winsock Winsock thc s nh mt tng gia cc ng dng winsock v ngn xp TCP/IP. Ccng dng yu cu Winsock.dll cn lm nhng g, n bin dch cc cu lnh dchchuyn ti b giao thc TCP/IP v b giao thc TCP/IP chuyn chng ln mng.



44/81


Yu cu l Winsock.dll ang dng phi c phin bn ng vi phin bn caTCP/IP ang chy.1.1.2 Cc s kin ca Winsock

DatArribal: y l ni pht hin d liu n thng qua cng cc b. Connect: To lp mt kt ni ti trm khc.

SendProgesss: Phn ln c kt hp vi vic truyn file. Cho bit mun

lm g trong khi n vn x l vic gi thng tin d liu.

SendComplete: Sau khi gi d liu hon thnh cho bit xy ra chuyn g.

Close: Dng ng kt ni, ngt kt ni.

SendData: Bo cho Winsock iu khin vic gi d liu.

GetData: Bo cho Winsock iu khin nhn d liu thng ang c gi

thng qua RemotePort.

1.1.3 Loi Socket trong Winsock

Stream Socket : Cung cp lin lc 2 chiu, chui tun t v tin cy. Stream Sockethot ng ging nh cuc m thoi. Trong Winsock c k hiu l kiuSOCK_STREAM dng giao thc iu khin truyn thng mng TCP.Datagram Socket : H tr dng thng bo 2 chiu. Datagarm Socket hot ng nhvic gi th i gi th li v thiu tin cy. Trong Winsock c k hiu kiSOCK_DGRAM dng giao thc d liu ngi dng UDP.Sequential Packet Socket : Cung cp truyn thng 2 chiu, chui tun t, tin cy.Trong Winsock n c k hiu l kiu SOCK_SEQPACKET.Raw Socket : Cung cp truy cp c bn cc giao thc truyn thng, cho php truycp trc tip cc thng tin header ca packet tng thp (IP).1.1.4 Lm vic vi Socket trong Winsock

Khi to Socket :

Hmint socket (int domain, int type, int protocol)c gi khi to Sockettrong min v kiu xc nh. Nu giao thc khng c ch r h thng s mc



45/81


nh giao thc h tr loi socket ch nh. Cc socket nm gi s c tr vQu trnh truyn thng kt ni qua cc a ch. Hm intbind (int s, const struct sockaddr *name, int namelen)c gi kt hp ng dn hoc a ch

Internet ti Socket. S dng unlink () rm() hy mt socket. Kt ni cc Stream Socket:

i vi vic kt ni cc Socket, mt tin trnh thng hot ng nh Server mtin trnh khc l Client. Server kt hp Socket ca n ti ng dn hoc ach. Sau Server gi hmint listen (int s, int backlog)cho SOCK_STREAM. N xc nh c bao nhiu yu cu kt ni trong hng i .Mt Client khi to

kt ni ti Socket ca Server bng cch gi hmint connect (int s, struct sockaddr *name, int namelen)Server gi hmaccept() hon tt kt ni choSOCK_STREAM. Hmint accept (int s, struct sockaddr *addr, int *addrlen)trv mt socket mi ph hp vi s lin lc ring . Mt server c th c nhiukt ni SOCK_STREAM ch ng trong cng lc. Truyn ti v ng Stream Socket:

C mt s hm gi v nhn d liu t Socket SOCK_STREAM lread()v write().Cc hm send (int s, const char *msg, int len, int flags), revc (int s,const ch *buf, int len, int flags)ging viread()v write()nhng c thm mts c iu khin:Dng hmclose() ng Socket. Datagram Socket:

Mt Datagram Socket khng i hi phi thnh lp kt ni. Mi thng ip s

mang mt a ch ch. Nu a ch cc b ring bit l cn thit th vic gi hmbind() phi c gi trc khi truyn d liu. D liu c gi thng qua hm sendto()hoc sendmsg().Hm sendto c gi ging nh hm send()c givi a ch ch xc nh. nhn cc thng bo Datagram Socket ta gi hmrecvfrom()hoc recvmsg().Trong khi revc() yu cu mt vng m threcvfrom()yu cu ti 2 vng m cho d liu v cho a ch ngun. DatagramSocket cng c th dng hmconnect() kt ni socket ti mt socket ch

c xc nh trc. Khi cng vic hon tt th hm send()v recv()c dng



46/81


gi v nhn d liu. Hmaccept() v listend()khng c s dng viDatagram Socket.

1.2 .NET Socket

1.2.1 Khi nim.NET Socket tng t nh Winsock l mt th vin lp trnh socket cho windownhng hot ng trn nn .NET. Ni cch khc, .NET Socket l mt giao din lptrnh managed code ca Window Socket (Winsock), tc l n hot ng trn nnWinsock. Do vy, ta hu nh c th coi lp trnh vi .NET Socket ging nh lptrnh vi Winsock. Trong .NET Socket, chng ta c 3 loi Socket tng t nhWinsock l Stream Socket, Datagram Socket v Raw Socket. Hu ht cc lp dng lp trnh vi .NET Socket nm trong NamespaceSystem.Net.Sockets.

S giao tip thng qua .NET Socket1.2.2 Lm vic vi .NET Socket Nu lm vic vi cc tng cao, .NET Socket cung cp sn cc lpTcpListener ,TcpClient vUdpClient :



47/81


C ch lm vic ca .NET Socket lm vic vi tng thp hn, ta phi dng lp Socket

Khi to Socket

khi to 1 Socket ta s dng cu t:Socket (IPAddress, SocketType, ProtocolType);:

Kt ni Socket:

kt ni Socket, ta s dng hmConnect()vi tham s l a ch IP mun ktni ti. Truyn ti d liu thng qua Socket:

gi v nhn d liu thng qua .NET Socket, ta s dng hmSend()v Receive()vi cc tham s ph hp.

1.2.3 Demo

Demo thc hin bt gi tin IP s dng Socket

1.3 WinpcapS dng Winpcap xy dng sniffer c ngha l thc hin chn bt mc networkadapter.



48/81


1.3.1 Khi nimWinpcap l mt thu vin m ngun m dnh cho vic chn bt v phn tch gi tintrn nn h thng Win32.

Rt nhiu cc ng dng mng hin nay da trn Socket truy cp mng da vo hiu hnh do h iu hnh thc hin hu nh cc cng vic mc thp. Tuynhin, i khi ta cn truy cp vo d liu nguyn thy trn mng m khng quantm ti giao thc m n s dng. Khi Winpcap s l s la chn khi cho php tatruy cp trc tip cc gi tin ti mc ca network adapter (trong phm vi ti tach xt Ethernet). Winpcap c cc mc tiu chnh sau y:

Chn bt cc gi tin (raw packet), k c gi tin gi/nhn ca my ang chy

ng dng chn bt ln gi tin chia s thng qua n.

Lc gi tin theo nhng quy lut nh trc (giao thc, a ch...).

Gi raw packet qua mng.

Thng k v bo co cc thng tin lin quan.

Winpcap ging nh nhng b th vin chn bt gi tin khc nh libpcap,... gm c2 thnh phn:

Packet Capture Driver

Giao din lp trnh (nm trong Packet.dll).

Hot ng ca Winpcap c miu t trong hnh sau:



49/81


C ch hot ng ca Winpcap1.3.2 Lm vic vi Winpcap

Ly v danh sch cc device: ly v danh sch cc thit b mng ta s dng hm pcap_findalldevs_ex().Hmny s tr v mt danh sch cc thit b m sau ta c th m vi hm pcap_open().M mt thit b v chn bt cc gi tin: m mt thit b mng (thng l network adapter) bt u chn bt ta sdng hm pcap_open(). Sau khi thit b c m, vic chn bt c th c thhin vi hm pcap_dispatch()hoc pcap_loop().Hai hm ny tng t nhau,nhng im khc bit l pcap_dispatch()s dng li khi thi gian quy nh ht(timeout) trong khi pcap_loop()ch dng li khi n bt c gi tin (do vy nthng khng c s dng trong thc t do s block chng trnh). Ngoi ra tacng c th s dng hm pcap_next_ex()v kt qu tr v s l packet header v dliu).

Lc gi tin (filtering)



50/81


L mt tnh nng mnh v hu dng nht trong winpcap.N cung cp kh nng phn tch mng mt cch hiu qu v kt hp hon ho vi c ch chn bt cWinpcap. Nhng hm c s dng filter packet l pcap_compile()v

pcap_setfilter().Thng k:Ta c th thng k da vo thng tin ca cc packet chn bt c thu thpthng tin tnh trng mng. Tuy nhin, vi nhng ng dng khng i hi thng kchi tit ta c th yu cu network adapter lm cng vic thng k bng cch thitt n trong trng thi thng k ( statistical mode) bng cch s dng hm set_mode().

Demo s dng Winpcap v Jpcap 0.7 chn bt gi tin

2 Hng Thc Hin Chng Trnh

Trong phn ny chng ta s phn tch phng hng v gii thut thc hin chntrnh m khng quan tm ti cng ngh c th



51/81


chn bt v phn tch gi tin, chng trnh c ci t trn mt my c lp cth l my ch ca mng LAN (gateway). u tin, n s tin hnh bt cc gi tintruyn trn mng thng qua thit b card mng (network adapter). Sau chng

trnh tin hnh c ct ly phn header ca gi tin, tip theo n s phn tch tnhp cc header phn chung laays ra cc header xc nh. Khi tng hp xongchng trnh a thng tin ca tng header vo mt c s d liu (hoc file). Vyu cu ca ti, chng ta c th s khng cn lu li d liu ca cc gi tin mch cn header ca chng. Thng tin ca cc gi tin c thng k v hin th. Cc bc tng qut c thc hin theo s sau y:

M hnh tng qut x l ca chng trnh

2.1 Bt gi tin

Ca ng c th x l gi tin l card mng. Thng qua n cc gi tin truyn trntin thu c ra mn hnh vi c ch event (ngay lp tc khi chn bt v phn tchc gi tin) hay cng c th thc hin tng t mi mt khong thi gian (v d5s). T nhng thng tin thu c nhng bc trn ta c th thng k vo bo coty thuc vo yu cu ca ngi dng.2.2 Tch phn headerSau khi can thip c th chn bt c gi tin (d mc no) ta tin hnh tng byte ca gi tin v lu vo mt b m c t chc sn. Khi c ta s



52/81


ht c phn header ca gi tin. Ta c th bc tch ln lt tng phn header ca cgiao thc bt u t giao thc cp thp nht m chng trnh chn bt (IP headevi chng trnh s dng raw socket v Ethernet header vi chng trnh s dng

winpcap). Da vo header ca n v d liu tng di, ta hon ton c th bc tchv thu c header ca n v d liu giao thc tng trn.2.3 Phn tch, tng hp headerTa tin hnh phn tch cc giao thc, so snh header thu c tng hp thng tini vi nhng segment thuc cng mt gi tin b phn on.( c th nhn 1 header duy nht ca nhng segment c phn on ny) Ta cng c th dngmt b m th hai lu tr cc header duy nht ny. Qua qu trnh ny ta c ththu c cc thng tin nh:

Thi gian tn ti ca gi tin.

Tng s cc gi tin.

Tng s cc segment ca mt gi tin.

Tng di ca gi tin.

a ch ch n, a ch ngun.

2.4 a vo c s d liuCc thng tin ta xc nh c bc trn c th c a vo mt c s dliu tin cho vic hin th, thng k vo bo co. Cc thng tin c th gm

Phin bn.

Thi gian sng.

a ch ngun.

a ch ch.

Tng s cc segment.

S hiu cng ngun.



53/81


S hiu cng ch.

Giao thc truyn.

di header.

ln gi tin

Nhng thng tin ny khng nht thit phi c a vo mt c s d liu quan hhay mt file d liu trn a v c th lm tng phc tp khng cn thit chochng trnh. Chng ta c th ch cn ghi cc thng tin ny vo mt b m trong b nh my tnh.

2.5 Hin th, thng k v bo coTa c th hin th nhng thn tin thu c ra mn hnh vi c ch event (ngay lptc khi chn bt v phn tch c gi tin) hay cng c th thc hin tng t mimt khong thi gian (v d 5s). T nhng thng tin thu c nhng bc trn tac th thng k vo bo co ty thuc vo yu cu ca ngi dng.

3 La chn gii thut

T nhng so snh gia hai phng php chn bt gi tin (raw socket v pcap) vchi tit hai b th vin tng ng (winsock v winpcap) nhng mc trn, ta nhthy mt s c im sau khi la chn gii thut v cng ngh:

Kh nng: C hai phng php u c kh nng thc hin yu cu t ra c

ti l chn bt, phn tch cc gi tin. Tuy nhin, vi winpcap, do chn bt mc card mng nn ta c th chn bt cc gi tin thng qua mng, cn ivi winsock do chn bt mc h iu hnh, ta ch c th chn bt cc gitin c h iu hnh chp nhn (tc l ch c th chn bt cc gi tinthng qua my ang chy chng trnh v ch i vi mt s loi gi tin nhtnh c h iu hnh h tr.

Tc : Do winpcap chn bt mc network adapter nn c tc cao hn

so vi winsock. Ngoi ra .NET Socket do cn cn c thm CLR nn c th



54/81


hot ng chm hn. Tuy nhin vi cc my tnh hin nay tc sai khc lkhng ng k

linh hot : Winsock v .NET Socket ch c th chn bt gi tin t tng

giao thc IP tr ln v gi gn trong mt s hu hn cc loi gi tin m hiu hnh h tr, do n km link hot hn. Ngoi ra pht trin ng dngvi Winsock ta phi s dng Visual C++, vi .NET Socket ta phi sdng .NET trong khi i vi Winpcap ta c kh nhiu th vin c lin kttrong cc ngn ng khc nhau nh Java, .NET, Python, ...

H tr: Bn Winsock mi nht l Winsock 2.0 v rt t c ci tin cng

nh khng cn c Microsoft h tr nhiu (cn b rt bt mt vi chcnng) trong khi Winpcap vn ang c tip tc pht trin (mi nht lWinpcap 4.1 vo thng 1/2009) vi m ngun v documentation y .

phc tp ci t: S dng Winpcap pht trin c phc tp cao hn

do t c s h tr ca h iu hnh v phi ci thm th vin ngoi nhngtnh linh hot cng cao hn.

Nhng ng dng c: Hin nay hu ht cc ng dng chn bt gi tin u

s dng Winpcap, c bit l nhng chng trnh chn bt gi tin thng dngv ni ting nh Wireshark hay Packet Analyzer u s dng Winpcap.Winpcap gn nh tr thnh mt chun khng chnh thc i vi ccchng trnh chn bt gi tin trn Windows.

T nhng l do nu trn, s dng phng n chn bt mc thp c phn ph hhn i vi ti phn tch lu lng thng tin vo ra trong mt mng.. Do vy, emxin xut s dng Winpcap 4.0 kt hp vi Jpcap 0.7 (ti a ch(http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html)) thc hin xy dngchng trnh.

http://var/www/apps/conversion/tmp/scratch_5/(http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html)http://var/www/apps/conversion/tmp/scratch_5/(http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html)


55/81

Chng IV. Xy dng chng trnh

CHNG IV. XY DNG CHNG TRNH1 Cc Chc Nng ChnhChng trnh thc hin bt cc gi tin, sau tin hnh phn tch gi tin ly tng phn thng tin ca cc trng trong header ca mi gi tin bt c. Cc thng tinthu c s c lu li vo vng m, hoc cng c th lu li vo file sany nhng thng tin li c th ly ra hin th ln mn hnh hoc thng kCc gi tin thu c s c phn loi theo giao thc v tng s gi tin thu ccng nh tng lu lng vo/ra mng cng s lin tc c cp nht. Chng trncng c kh nng pht hin v cnh bo nhng li xy ra trn mng v

Chng trnh gm cc chc nng chnh sau y:

S phn cp chc nng



56/81


Meter (o lu lng bng thng)

o Traffic Meteter: o lu lng bng thng trn 1 n v thi gian v

hin th di dng th lin tc.Traffic Report: bo co lu lng thng tin di dng th bao gm:

Bo co lu lng trong 24 gi gn nht.

Bo co lu lng trong ngy.

Bo co tng lu lng trong tun, thng, nm hoc trong mt

khong thi gian bt k. Capture (bt gi tin)

o Start: Bt u qu trnh bt gi tin.

o Stop: Kt thc qu trnh bt gi tin.

o Restart: Khi ng li qu trnh bt gi tin.

oExit Thot khi chng trnh.

File (tp tin)

o Open: M file ly thng tin v cc trng ca cc gi tin cghi li t trc.

o Save: Ghi li thng tin cc trng ca gi tin va bt c vo mt

tp vi tn t t.

o Reload: M li file c m t phin lm vic trc .

View (giao din)

o Toolbar: Cho php bt/tt ch hin th thanh Toolbar.

o Face: Cho php thay i giao din ca chng trnh (giao din

window, metal...)



57/81


o Table Filter: Cho php hin th hay khng cc trng thng tin thu

c ln mn hnh.

Statistics (thng k)

o Cumulative: Thng k tch ly vi cc tiu ch nh: s lng cc gi

tin, ln cc loi gi tin, phn trm cc loi gi tin trn cc tngkhc nhau v hin th di dng th vng..

o Continous: Thng k lin tc t l gia cc loi gi tin trn mi tng

v hin th di dng th thi gian lin tc.

Bandwidth Management (qun l bng thng)

o Limit: Cho php qun l bng thng vo/ra mng ca h thng, cho

php thit t gii hn lu lng, cnh bo v kha mng nu nhvt qu lu lng cho php c quy nh t trc.

o Block: Kha mt a ch IP hay mt cng kt ni Internet ca h

thng. Help

o Thng tin v chng trnh v ngi thc hin.

o Tr gip s dng chng trnh.



58/81


2 Phn Tch Xy Dng Cc Chc Nng Chnh2.1 Hot ng tng qut

Lu hot ng tng qut



59/81


2.2 Chc nng o lu lng

2.2.1 o lu lng vo/ra trn my ci t chng trnhMt my tnh c th c nhiu thit b mng khc nhau cng thc hin vo/ra mng. o c lu lng trn mt my, chng ta phi o lu lng vo/ra trn tt ccc thit b, sau tng hp li v kim tra a ch, nu nh a ch ngun v chchnh xc th s hin th ra biu thi gian lin tc v ghi vo c s d liu.

2.2.2 Bo co thng tin lu lngLu lng vo ra trn my s c lu vo mt c s d liu ht sc n gin themi pht. Thng tin lu li s l lu lng vo, lu lng ra, s gi tin vo v sgi tin ra trong 1 gi. Nu nh khong thi gian ghi vo c s d liu (1 pht/ln)khng trng gi vi bt c bn ghi no trong c s d liu th s thm bn ghi mi,nu ngc li s cng thm thng tin mi o c c vo bn ghi c.C s d lic s dng l HyperSQL, c dung lng nh, c chy cng trong my o JVMca chng trnh chnh nn c tc rt nhanh.

Bng trong c s d liu



60/81


Hot ng ghi c s d liu

T c s d liu, ta c th to ra nhng bo co nh: Bo co lu lng theo tng gi, tng ngy, tng tun, tng thng v tng

nm.

Bo co lu lng trong mt khong thi gian bt k.

Hin th di dng th.

2.3 Bt gi tinChng trnh cn cho php la chn cc thit b mng khc nhau c ci ttrn my v thc hin chn bt cc gi tin vo ra trn cc thit b mng . Nhngthng tin m ngi dng cn khai bo trc mi phin chn bt bao gm:

Chn bt trn thit b no.

Chn bt vi s lng gi tin ti a l bao nhiu.

Chn bt trong thi gian ti a l bao nhiu chng trnh s t ng dng li.

(c th khai bo hoc khng).



61/81


Chn bt trong ch a hn tp (promiscuous mode) hay khng.

Cc thao tc chng ta c th thc hin vi chc nng ny bo gm:

Start: bt u thc hin bt gi tin vi nhng thit lp nh trn.

Stop: dng qu trnh bt gi tin.

Restart: bt u li t u bt gi tin vi nhng thit lp gi nguyn t phinlm vic trc .

thc hin chn bt cc gi tin trong mng LAN ta cn phi thit lp chngtrnh chn bt trong ch a hn tp (promiscuous mode) v lp t cc my trongmng theo nhng s thch hp nh nhng v d sau y:

V d s cchni cc mytrong mng 1

Trong s trn,my c ci t

chng trnhc ni vinhng my trongcng mng thngqua mt Hub. Do

vy, my ny hon ton c th chn bt c nhng gi tin vo/ra trn ton mng(bao gm c nhng gi tin vo/ra trn nhng my khc trn mng ni cng mtHub).



62/81


V d s cch ni cc my trong mng 2

Trong s ny, cc my trong mng c ni vi nhau bng switch. Tuy nhin,my ci t chng trnh s c ni vo switch thng qua mirror port v do vy ns nhn bit c tt c cc gi tin qua mng. Tuy nhin i vi cch ni ny yucu swtich phi c chc nng port mirroring.

V d s cch ni cc my trong mng 3

Trong s ny ta s dng mt Hub v mt Switch khng c chc nng portmirroring t hiu qu tng t 2 cch trn.

2.4 Cc thao tc vi FileSau khi bt c nhng gi tin, yu cu t ra l phi lu tr li nhng thng tin

ny phc v nhng mc tiu sau ny. Thng tin ny c lu tr li di dngfile. File ny phi l file tiu chun *.pcap c h tr bi tt c cc chng trnh



63/81


chn bt gi tin hin nay nh wireshark, network analyzer, tcpdump... ngha lchng trnh ca chng ta v nhng chng trnh trn hon ton c nh dng filetng thch (compatible). Nhng packet chn bt trn chng trnh ny hon tonc th m ra trn chng trnh khc v ngc li.

2.5 Giao din (View)Giao din chng trnh phi t c nhng yu cu nh sau:

Hin th c danh sch nhng gi tin chn bt c di dng bng.

Hin th thng tin ca mi gi tin i vi tng tng di dng cy.

Hin th thng tin ca mi gi tin di dng m hexa.

C th ty bin nhng ct thng tin trn bng danh sch gi tin. C chc nng sp xp bng i vi tng trng thng tin theo la chn ca

ngi dng.

C chc nng lc trn tng trng thng tin gip ngi dng c th tmkim c gi tin c c tnh cn thit v hin th c s khc nhau gia sgi tin thc s chn bt v s gi tin hin th.

C th d dng di chuyn gia cc gi tin ( gi tin u tin, cui cng trn dliu, gi tin c s th t chn bt bt k gi tin va la chn trc ,...).

Cho php ngi dng ty bin nhng thnh phn trn giao din (n/hin).

Cho php ngi dng la chn bng thng tin t ng cun xung gi tinmi nht hoc khng.

Cho php ngi dng la chn lookandfeel a thch vi nhiu lookandfeelkhc nhau.

Cho php ngi dng la chn s dng giao din ngn ng thch hp (tingAnh hoc ting Vit).

2.6 Thng k (Statistics)

2.6.1 Thng k tch ly (Cumulative)

Cho php thng k t l i vi cc gi tin theo tng tng t lc bt u chn bt( tng network, tng trasnport v tng application) theo cc tiu ch nh:

S lng cc gi tin cc loi trn mi tng v tng s.



64/81


T l phn trm gia cc gi tin trn mi tng.

Tng ln ca cc gi tin cc loi trn mi tng.

T l phn trm gia ln cc gi tin trn mi tng.

Nhng thng tin ny s c hin th di dng th vng (Ring Chart) c thd dng quan st v so snh.

2.6.2 Thng k lin tc (Continous)

Cho php thng k t l gia cc gi trn trn cc tng di dng th dng ngk v cp nht trn thi gian thc (TimeSeries Chart).

2.7 Qun l mng

2.7.1 Kha mng theo mt lut m ngi dng la chn

Cho php ngi dng kha mng theo mt lut m h la chn. Chng trnhkhng trc tip ng vai tr firewall m ch n gin kt ni vi cng cIPSercurity ca Windows thc hin chc nng ny, do vy n ch c tc dng vigi tin t tng transport tr ln (chnh xc hn l ch thc hin c i vi gi tinIP).

S mi lin h trong hot ng kha mng

Nhng thng tin ta cn c trong chc nng ny bao gm:

a ch ngun ( bao gm IP v SubnetMask).

a ch ch (bao gm IP v SubnetMask).



65/81


S hiu cng ngun (i vi TCP v UDP).

S hiu cng ch (i vi TCP v UDP).

2.7.2 Kha mng t ng

T ng kha truy cp mng theo nhng iu kin cho trc.

3 Gii Thiu Chng Trnh3.1 Khi ng chng trnh

Khi chng trnh khi ng, chc nng u tin hot ng l cng c Meter dng o lu lng thng tin vo ra trn 1 giy, hin th di dng th thi gian lintc v ghi li thng tin vo c s d liu.

Traffic Meter

Ngi dng c th ty n/hin, di chuyn Meter theo mun.

Cc thnh phn cn li ca chng trnh nu mun kch hot ta phi s dng ccMenu trong System Tray

System Tray Menu



66/81


3.2 Chc nng bo coBo co di dng th lu lng thng tin vo/ra, s lng gi tin vo/ra c lu trong c s d liu.

V d mt biu bo co hin th thng tin 24 gi gn nht

3.3 Chc nng bt gi tinChc nng chnh ca chng trnh l bt gi tin, do vy nn y l thnh phn quantrng nht ca chng trnh. Giao din c bn ca chc nng ny gm c cc hnh phn nh sau:

Menu: menu chnh ca chng trnh.

Menu chng trnh



67/81


Toolbar: cc cng c di dng nt bm trc quan. Cc nt bm ny u c nhngmenu tng ng trn thanh menu v c tc dng tng ng.

Thanh Toolbar

Packets Table: hin th danh sch cc gi tin chn bt c.di dng bng d liucng nh km theo b lc i vi cc trng thng tin trn bng.

Bng danh sch cc gi tinPacket Information Tree: hin th thng tin ca packet c la chn trn PacketsTable i vi tng tng.



68/81


Packet HexPane: hin th d liu ca packet c la chn di dnh m hexa



69/81


Statusbar: hin th trng thi ca chng trnh: s packet chn bt c v s packet c hin th trn bng (hai s lng ny l khc nhau nu nh ngi dngthc hin filter i vi mt ct thng tin bt k no ).

Khi bt u thc hin bt gi tin bng menu Capture trn menu hoc nt bm trntoolbar, ngi dng s c yu cu khai bo cc thng tin lin quan ti phin lmvic nh sau:

La chn thit b s chn bt trn danh sch.

La chn c chn bt trong ch a hn tp hay khng.



70/81


La chn s t ng dng bt gi tin sau mt khong thi gian nh trchay sau mt s lng gi tin nht nh.

Khi , chng trnh s tin hnh chn bt cc gi tin theo thi gian thc vi cc

tiu ch k trn. Cc gi tin s c hin th ra mn hnh di dng bng.(PacketsTable). Bng hin th l bng ng vi phn d liu (model) ca cc packet v phnhin th (view) hon ton ring bit, do vy ngi dng c th thc hin la chn bng s hin th thng tin g m khng h nh hng n d liu, ng thi gipchng trnh ch cn phn tch nhng thng tin cn thit m khng cn phn tchton b tt c cc trng thng tin, gp phn lm tng hiu nng.

Bng d liu cho php ngi dng la chn thng tin hin th

Bng d liu cho php ngi dng sp xp trn tt c cc trng thng tin hin th bng cch nhy p vo header ca trng thng tin trn bng.



71/81


V d sp xp theo gi tr tng dn ca trng Source IP

Bng d liu cho php ngi dng thc hin lc trn mt trng gi tr bt k hinth trn bng bng cch g vo filter nm ngay pha trn bng. Nhng packet nokhng tha mn gi tr filter s c giu i m khng nh hng g n d liuchng trnh.

V d Filter cho trng Destination IP vi gi tr 192.168. Ch nhng packet noc gi tr tng ng bt u bng 192.168 mi c hin th.

3.4 Cc thao tc vi fileChng trnh s dng nh dng chun *.pcap ca th vin libpcap nn hon tontng thch vi bt k chng trnh chn bt gi tin no khc s dng chun ny(wireshark, windump, tcpdump...) Chng trnh c th m cc file c lu li t



72/81


cc chng trnh khc k trn hay ghi li file m cc chng trnh c th m c.

Cc thao tc gm:

Open: m file ( yu cu l file dng chun *.pcap ca libpcap). Save: lu li file di nh dng chun *.pcap.

Save as: lu li file va m di tn khc v ui bt k.

Reload: m li file va m trong phin trc .

Close: ng li file hay hy b phin chn bt

3.5 Chc nng di chuyn trn bng d liu Nhy ti gi tin u tin c chn bt.

Nhy ti mt gi tin c s th t bt k.

Nhy ti gi tin cui cng c chn bt (l gi tin u tin v cui cngtrn d liu (model) v khc vi gi tin u tin/ cui cng c hin th trn bng (view)).

Nhy ti gi tin trc la chn (tng t previous/back trn trnhduyt).

3.6 Chc nng thng k

Menu thng k

Ngi dng c th la chn chc nng thng k thng qua menu hoc nt bm trnthanh toolbar.



73/81


3.6.1 Thng k tch ly (Cumulative Statistics)

Chc nng ny cho php ngi dng thng k li thng tin t lc bt u phinchn bt v lin tc cp nht cho n khi ngi dng la chn dng phin chn b

Ngi dng c th thng k theo tng tng bao gm: Thng tin tng qut.

Network Layer.

Transport Layer

Application Layer.

D liu c thng k theo cc tiu ch sau: Tng s lng cc packet mi loi.

T l phn trm cc packet mi loi.

Tc chn bt (bit/s v packet/s).

Tng ln ca packet theo mi loi.

D liu c lin tc cp nht trn biu dng vng v vi mi mt tiu ch s cmt biu tng ng. v d di y l biu thng k tch ly trn cng md liu i vi tng Application v theo hai tiu ch khc nhau l tng s lng packet v tng ln ca packet mi loi.

V d thng k theo tng s lng cc gi tin



74/81


V d thng k theo tng ln cc gi tin

3.6.2 Thng k lin tc (Continous Statistics)

Khng ging nh thng k tch ly, thng k lin tc cho php ngi dng nhn bit s thay i ca t l cc packet trong khong thi gian lin tc do n s dng th dng ng lin tc v c cp nht 1giy/ln. Thng tin c lu tr ti ti 120 giy.

V d thng k lin tc trn tng Transport



75/81


V d thng k lin tc trn tng Network

3.7 Ngn chn thng tinBng cch s dng tin ch ipseccmd nm trong b Windows Support Tools, ta cth dng chng trnh kt ni ti dch v IPSercurity ca Windows thc hinngn chn mt kt ni bt k.

Vi v d pha di, ta chn lut nh sau:

a ch ngun chnh l a ch ca chng ta.

a ch ch l bt k a ch no. Giao thc l TCP.

Cng ngun l bt k cng no.

Cng ch l cng c gi tr 80.

Nh vy sau khi lut ny c a vo dch v IPSercurity, Windows s t ngngn chn tt c cc gi tin tha mn lut trn, cng chnh l ngn chn hot ngtruy cp website.



76/81


V d ngn chn kt ni truy cp web

3.8 Mt s tnh nng ph Cho php ngi dng ty bin LookAndFeel theo mun vi gn 20

LookAndFeel khc nhau

V d vi Metal LookAndFeel



77/81


V d vi Office 2007 LookAndFeel Cho php ngi dng la chn ngn ng ca chng trnh (ting Anh v

ting Vit). Sau khi thay i th ton b cc on hi thoi, cc menu... cachng trnh u c chuyn sang ngn ng tng ng.

Giao din ting Vit

4 Nhc im v hng pht trin4.1 Nhc im

Chng trnh cn tn ti rt nhiu nhng nhc im cn phi khc phc, l:

Cha thc s qun l v chn bt c trong mng LAN. Nu mun chn bt cc gi tin trong mng LAN th cn phi lp t cc my trong mng theos thch hp s dng Hub hoc Switch c chc nng port mirroring kthp vi ch bt a hn tp (promiscuous mode).



78/81


Khng thc s kha kt ni mng m ch ng vai tr cu ni ngi dngs dng dch v IPSercurity ca Windows. Do vy chc nng kha ny cngkhng th hot ng trn cc h iu hnh khc ngoi Windows v chngtrnh cha thc s hon ton Cross-Platform.

S dng c s d liu HyperSQL vi ch b nh, do vy mi ln k

xay dung chuong trinh chan bat goi tin

Documents