S dng Wireshark phn tch gi d liu trong h thng mng

Qun Tr Mng -Wireshark, hay cn gi l Ethereal, cng c ny c l khng qu xa l vi phn ln ngi s dng chng ta, vn c xem l 1 trong nhng ng dng phn tch d liu h thng mng, vi kh nng theo di, gim st cc gi tin theo thi gian thc, hin th chnh xc bo co cho ngi dng qua giao din kh n gin v thn thin. Trong bi vit di y, chng ti s gii thiu vi cc bn mt s c im c bn cng nh cch dng, phn tch v kim tra h thng mng bngWireshark.Cc bn c th tiWiresharkphin bn mi nht tiyhoc trc tip titrang ch. Nu dngLinuxhoc cc h thngUNIXkhc th c th tm thyWiresharktrong phnPackageRepositories. V d, viUbuntuthWiresharks c trongUbuntu Software Center.Tuy nhin, cc bn cn lu rng khng nn t tin s dng, v c cng ty, t chc hoc doanh nghip khng cho php dng Wireshark trong h thng mng ca h.Capturing Packets:Sau khi ci t, cc bn hy khi ng chng trnh v chn thnh phn trongInterface List bt u hot ng. V d, nu mun gim st lu lng mng qua mng Wireless th chn card mng Wifi tng ng. Nhn ntCapture Options hin th thm nhiu ty chn khc:

Ngay sau , chng ta s thy cc gi d liu bt u xut hin, Wireshark s bt tng gi package ra v vo h thng mng. Nu ang gim st thng tin trn Wireless trong ch Promiscuousth s nhn thy cc gi d liu khc trong ton b h thng:

Nu mun tm ngng qu trnh ny th cc bn nhn ntStop pha trn:

Ti y, chng ta s thy c nhiu mu sc khc nhau, bao gm: xanh l cy, xanh da tri v en. Wireshark da vo c ch ny gip ngi dng phn bit c cc loi traffic khc nhau. ch mc nh, mu xanh l cy ltraffic TCP, xanh da tri m ltraffic DNS, xanh da tri nht ltraffic UDPv mu en l giTCPang c vn .

Bn cnh , bn c th tham kho phn hng dn v v d c bn caWiki Wiresharktiy. M 1 file capture kh d dng, nhn ntOpenv tr ti file gc, ngi dng cn c th t lu d liu capture trong Wireshark v s dng sau :

Filtering Packets:Cch c bn nht p dng filter l nhp thng tin vo Filter, sau nhnApplyhoc nhnEnter. V d, nu g dns th chng ta s ch nhn thy cc gi d liuDNS. Ngay khi nhp t kha,Wiresharks t ng hon chnh chui thng tin ny da vo gi tng ng.

Hoc nhn menuAnalyze > Display Filters to filter mi:

Nhn chut phi vo tng package v chnFollow TCP Stream:

Chng ta s thy ton b qung thi gian giao tip gia server v client:

ng ca s ny li v filter s t ng c p dng, Wireshark tip tc hin th y v chnh xc cc package c lin quan:

Inspecting Packets:Nhn v chn 1 package bt k kim tra cc phn thng tin c th hn:

Hoc cng c th trc tip to filter ti y, nhn chut phi vo phn thng tin chi tit v chnApply as Filter p dng:

Trn y l mt s thng tin c bn v cch s dng Wireshark kim tra, phn tch d liu v cc gi tin trong h thng mng. Chc cc bn thnh cng!

Ref: quantrimang.com