Bi Vit V Ethereal

Bi Vit V Ethereal

Tc gi Nguyn Anh Ho

1/Gii thiu phn mm ethereal : y l phn mm phn tch cc gi ca mng . N c gng bt ly nhng gi tin v hin th phn d liu cng chi tit cng tt . Bn c th ngh thong ra nh l mt s o lng cc thit b xem iu g ang xy ra trn mng.Mt tnh cht quan trng hn na l ethereal c l l 1 trong nhng phn mm m(open source ) .

1.1/Vi tc dng ca phn mm Ethereal:

-Nh qun tr mng c th s dng phn mm ny cho vic gii quyt vn v mng (Network Troubleshoot ).

-Nhng chuyn gia v bo mt c th th cc vn bo mt thng qua sn phm ny.

-Chng ta c th sng phn ny thy c s thc thi ca cc protocol.

-C th dng hc cc giao thc mng bn trong .

1.2/Cc c im ca phn mm ny :

-C th chy trn mi trng UNIX hay l Windown

-Capture cc packet vi nhng thng tin cc k chi tit

-C th m ra v lu nhng d liu capture

-C th import v export nhng packet n v t nhiu chng trnh capture

-Lc cc gi packet trn nhiu tiu chun

-Tm cc gi trn nhiu tiu chun

-C th bi mu nhng gi da trn nhng tiu chun filter

- ... v nhiu yu t khc na

Sau y l mt v d:

2.Ci t phm mm Ethereal:

Chng ta c th vo Link ny download phn mm Ethereal v:

http://www.ethereal.com/download.html Sau khi ti v chng ta bt u ci t phn mm ny .Vic ci t phn mm ny rt d dng , khi chng ta khi ng chy ta vo capture , sau nhn vo start . Nhng lc ny my s xy ra trng hp nh sau :

Chng ta s thy thiu 1 phn mm capture cc packet li . Trong bi vit ny s s dng Winpcap . a ch download nh sau : http: // winpcap.polito.it/ . Sau khi load phn mm ny t Internet ta bt u ci vo my . Sau khi ci xong chng ta bt u s dng phn mm ny gim st nhng g chng ra cn.

2/.S dng phn mm Ethereal gim st cc port ca Switching 2950

Tng quan v l thuyt v port SPAN (Switched port Analyzer) chng ta c th tham kho cc chng sau . Ta xy dng hnh nh sau :

Bc 1: Cu hnh Switch 2950 nh sau:

show run

Building configuration...

Current configuration : 1535 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

enable password cisco

!

ip subnet-zero

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

no ip address

!

interface FastEthernet0/2

no ip address

!

interface FastEthernet0/3

no ip address

!

interface FastEthernet0/4

no ip address

duplex full

speed 100

!

interface FastEthernet0/5

no ip address

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

!

!

line con 0

line vty 0 4

password cisco

login

line vty 5 15

login

!

!

monitor session 1 source interface Fa0/2monitor session 1 destination interface Fa0/4end

Bc 2: ta bt start ca phn mm Ethereal ln . Lc ch c rt nhiu cho chng ta chn la nh sau :

Interface: ch ra interface ma ta mun capture gi packet li. Chng ta ch c th capture trn 1 interface duy nht trong mt thi imLink-layer header time: trong trng hp bnh thng chng ta thng khng ng n ch nng ny . Chng ta c th chn link-layer header cho ph hp vi ng truyn.Buffer size: c chc nng b m trong khi ang capture .y l kch thc ca Kernel buffer ci m s gi cc packet c capture cho n khi lu n v a cng . Nu nh bn b hu cc gi packet th bn hy ngh n vic gia tng ch s ny .Capture packet in promiscuous mode: box ny ch ra rng Ethereal c t interface ca mnh trong promiscuous mode khi ang capture.Nu khng ch ra chc nng ny ,Ethereal ch lm cng vic l capture packet n hay t my tnh ca bn i .Limit each packet to n byte : Nu bn khng quan tm tt c d liu ca cc gi tin th bn s s dng chc nng ny(default l 65535). yl bin php chng ta c th lm cho CPU phi hot ng nhiu hn , v gim c ti thiu dung lng ca buffer.Capture filter: Ethereal s dng ngn libpcap filter lc capture. Sau y l c php ca cu lnh:

[not] primitive [and | or [not] primitive . . . ]

Ta c th xt v d sau y cho vn r rng hn . i s ta nh vo

tcp port 23 and host 192.168.2.1 . Lc ny ta ch thy Ethereal ch lm 1 nhim v l capture cc traffic telnet t host 192.168.2.1

File : Chng ta phi ch ra ng dn sao lu cc d liu capture Use multiple file : thay v s dng 1 file ,Ethereal t ng chuyn qua 1 file mi , nu nh m iu kin kch hot y .

Stop capture : nh ngha dng khi tho mn cc iu kin la chn

Display Options frame :

-update list of packets in real time : Chn la ny cho php bn ch ra rng Ethereal c th update packet vo cc list trong thi gian thc . thng th chng ta ch thy c cc packet sau khi chng ta nhn stop qu trnh ca Ethereal

Name Resolution frame : Hin th chi tit hn hot ng ca cc layer

Sau khi ta chn nhng thng s ny . Nhn vo nt Ok Nh vy qu trnh gim st bt u. By gi ta ly my tnh bn (trn hnh trn ) ping vo my Laptop , ta s thy cc gi tin ICMP tng ln .Nh vy ta port gim st hot ng .

By gi ta ly my tnh bn vo trang web yahoo , tt c traffic t my tnh bn u a v port fa0/4 ca Switch 2950 , v vy phn mm Ethereal c th gim st c qu trnh ny . Hu ht cc traffic vo yahoo u thuc giao thc TCP ,ta thy TCP s tng dn ln . Cui cng sau khi nt stop ,chng ta quay li vi bng thng k cc gi packet. Ta click vo 1 dng bt k xem thng tin cc gi packet . Chng ta c th lc cc gi packet ny ra bng thanh cng c Filter v t mu cho n(c php lnh dng ip.addr==192.168.1.9>0 . pha di l ni dung thng tin ca gi packet m chng ta bt c bao gm dng file ,a ch ngun , ch ,ni dung thng tin bng hexa ,hay l dng string .Da vo nhng thng tin chng ta c th kim sot c nhng g ang chy trong mng ny .Cc bn c th tm hiu thm thng tin ti trang web www.ethereal.com download v phin bn study giude .