S dng Wireshark phn tch gi d liu trong h thng mng
Qun Tr Mng -Wireshark, hay cn gi l Ethereal, cng c ny c l khng
qu xa l vi phn ln ngi s dng chng ta, vn c xem l 1 trong nhng ng dng
phn tch d liu h thng mng, vi kh nng theo di, gim st cc gi tin theo
thi gian thc, hin th chnh xc bo co cho ngi dng qua giao din kh n
gin v thn thin. Trong bi vit di y, chng ti s gii thiu vi cc bn mt s
c im c bn cng nh cch dng, phn tch v kim tra h thng mng
bngWireshark.Cc bn c th tiWiresharkphin bn mi nht tiyhoc trc tip
titrang ch. Nu dngLinuxhoc cc h thngUNIXkhc th c th tm
thyWiresharktrong phnPackageRepositories. V d, viUbuntuthWiresharks
c trongUbuntu Software Center.Tuy nhin, cc bn cn lu rng khng nn t
tin s dng, v c cng ty, t chc hoc doanh nghip khng cho php dng
Wireshark trong h thng mng ca h.Capturing Packets:Sau khi ci t, cc
bn hy khi ng chng trnh v chn thnh phn trongInterface List bt u hot
ng. V d, nu mun gim st lu lng mng qua mng Wireless th chn card mng
Wifi tng ng. Nhn ntCapture Options hin th thm nhiu ty chn khc:
Ngay sau , chng ta s thy cc gi d liu bt u xut hin, Wireshark s
bt tng gi package ra v vo h thng mng. Nu ang gim st thng tin trn
Wireless trong ch Promiscuousth s nhn thy cc gi d liu khc trong ton
b h thng:
Nu mun tm ngng qu trnh ny th cc bn nhn ntStop pha trn:
Ti y, chng ta s thy c nhiu mu sc khc nhau, bao gm: xanh l cy,
xanh da tri v en. Wireshark da vo c ch ny gip ngi dng phn bit c cc
loi traffic khc nhau. ch mc nh, mu xanh l cy ltraffic TCP, xanh da
tri m ltraffic DNS, xanh da tri nht ltraffic UDPv mu en l giTCPang
c vn .
Bn cnh , bn c th tham kho phn hng dn v v d c bn caWiki
Wiresharktiy. M 1 file capture kh d dng, nhn ntOpenv tr ti file gc,
ngi dng cn c th t lu d liu capture trong Wireshark v s dng sau
:
Filtering Packets:Cch c bn nht p dng filter l nhp thng tin vo
Filter, sau nhnApplyhoc nhnEnter. V d, nu g dns th chng ta s ch nhn
thy cc gi d liuDNS. Ngay khi nhp t kha,Wiresharks t ng hon chnh
chui thng tin ny da vo gi tng ng.
Hoc nhn menuAnalyze > Display Filters to filter mi:
Nhn chut phi vo tng package v chnFollow TCP Stream:
Chng ta s thy ton b qung thi gian giao tip gia server v
client:
ng ca s ny li v filter s t ng c p dng, Wireshark tip tc hin th y
v chnh xc cc package c lin quan:
Inspecting Packets:Nhn v chn 1 package bt k kim tra cc phn thng
tin c th hn:
Hoc cng c th trc tip to filter ti y, nhn chut phi vo phn thng
tin chi tit v chnApply as Filter p dng:
Trn y l mt s thng tin c bn v cch s dng Wireshark kim tra, phn
tch d liu v cc gi tin trong h thng mng. Chc cc bn thnh cng!
Ref: quantrimang.com