Wireshark Labs

  • Published on
    21-Apr-2015

  • View
    169

  • Download
    2

Embed Size (px)

Transcript

TI LIU TH NGHIM MN HC

K THUT TRUYN S LIU(Phin bn cp nht ngy 3/12/2009. Ti liu phc v mn hc. Lu hnh ni b)

Bin son: PGS-TS Trn Xun Nam B mn Thng tin, Khoa V tuyn in t Hc vin K thut Qun s

H NI 2007

MC LCGII THIU ............................................................................................................................ 1 1.1 Mc ch................................................................................................................ 1 1.2 Ci t Wireshark.................................................................................................. 3 1.3 Khi ng Wireshark ............................................................................................ 3 1.4 Chy th Wireshark .............................................................................................. 5 1.5 Ni dung th nghim cn bo co.......................................................................... 8 GIAO THC TCP .................................................................................................................. 9 2.1 Mc ch................................................................................................................ 9 2.2 Phng php.......................................................................................................... 9 2.3 Chun b bi th nghim ........................................................................................ 9 2.4 2.5 Ni dung th nghim............................................................................................ 11 Ni dung kt qu th nghim cn np ................................................................. 22

GIAO THC IP .................................................................................................................... 24 Ti liu tham kho ............................................................................................................... 34 The Transmission Control Protocol.................................................................................. 35 Abstract ............................................................................................................................ 35 A1.1. Introduction ............................................................................................................ 35 A1.2. Connection Establishment and Termination .......................................................... 40 A1.2.1 Three-Way Handshake ..................................................................................... 41 A1.2.2 Data Transfer.................................................................................................... 42 A1.2.3 Connection Termination................................................................................... 42 A1.3. Sliding Window and Flow Control ........................................................................ 43 A1.4. Congestion Control................................................................................................. 44 A1.4.1 Slow Start ......................................................................................................... 44 A1.4.2 Congestion Avoidance ..................................................................................... 45 A1.4.3 Fast Retransmit................................................................................................. 46 A1.4.4 Fast Recovery ................................................................................................... 46 A1.5. Conclusions ............................................................................................................ 46 Abbreviations ............................................................................................................... 47 References .................................................................................................................... 48 IP Fragment............................................................................................................................ 49 A2.1 Introduction ................................................................................................................. 49 A2.2 IP Fragmentation and Reassembly .............................................................................. 49 A2.3 Issues with IP Fragmentation .................................................................................. 51

Bi 1: Gii thiu

Trang 1

Bi 1

GII THIU

1.1

Mc ch

Mc ch ca tp bi th nghim phn tch giao thc mng ny l gip cho hc vin nm vng qu trnh trao i d liu din ra gia cc giao thc thuc cc lp mng tng ng ca b giao thc TCP/IP s dng trong Internet. Cc bi th nghim phn tch giao thc mng s gip cho sinh vin trc tip thc hin thit lp cu hnh, thu kt d liu v phn tch kt qu, quan st chui cc bn tin trao i gia hai thc th (entities) giao thc, o su vo chi tit ca hot ng giao thc, v iu khin cc giao thc thc hin mt s hot ng nht nh ri quan st cc hot ng v hiu qu ca chng. Cc ni dung ny c th c thc hin theo hai phng php: m phng hoc phn tch mi trng mng thc. Trong phm vi bi th nghim ny chng ta s s dng phng php th hai nh s dng gi phn mm phn tch giao thc mng Wireshark. y l gi phn mm m m c s dng ph bin nhiu trng i hc v cc vin nghin cu trn th gii.1

Hc vin s chy mt s ng dng mng trong cc tnh hung khc nhau s dng my tnh trng hoc nh. Quan st cc giao thc mng s dng my tnh ca mnh hc vin c th trc tip tng tc v trao i bn tin vi cc thc th giao thc trn Internet. V vy, hc vin v my tnh s ng vai tr l mt phn tch hp ca cc bi th nghim thc ny. Thng qua bi th nghim hc vin s nm bt c kin thc nh qu trnh hc i i vi hnh. Cng c c bn quan st cc bn tin trao i gia cc thc th giao thc ang chp hnh c gi l packet sniffer. Mt chng trnh packet sniffer bt bn tin ang c pht/thu t/bi my tnh ca hc vin; n cng cho php lu gi v/hoc hin th ni dung ca cc trng giao thc ca cc bn tin bt c. Bn thn packet sniffer l mt chngNi dung cc bi th nghim trong ti liu ny c bin son li t ti liu do J.F.Kurose and Keith W. Ross bin son. xem ton b cc bi th nghim chi tit bng ting Anh, xin truy nhp a ch sau y: http://gaia.cs.umass.edu/ethereal-labs/(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s1

Bi 1: Gii thiu

Trang 2

trnh th ng vi ngha l n ch quan st cc bn tin ang c pht v thu bi cc ng dng v giao thc ang chy trn my tnh ch khng t pht i cc gi tin. Mt cch tng t, cc bn tin cng khng bao gi c nh a ch n packet sniffer mt cch r rng (trc tip). Thay bng, mt packet sniffer nhn mt bn sao ca cc packet c pht/thu t/bi ng dng hay cc giao chc chy ang trn my tnh. Hnh 1.1 ch ra cu trc ca mt packet sniffer. bn phi ca Hnh 1.1 l cc giao thc (trong trng hp ny l cc giao thc Internet) v cc ng dng (v d nh trnh duyt web hay mt ftp client) thng chy trn my tnh. Packet sniffer c m t bn trong hnh ch nht t nt l mt phn chng trnh c ci t vo my tnh, v gm hai phn. Phn th vin bt gi tin (packet capture library) thu cc bn sao ca cc frame ca lp lin kt (link layer) c pht i hoc thu t my tnh. Theo l thuyt bi ging th cc bn tin trao i bi cc giao thc lp pha trn nh HTTP, FTP, TCP, UDP, DNS, hay IP u c ng gi vo cc frame ca lp lin kt c pht i qua mi trng vt l nh cp trong mng Ethernet chng hn. s Hnh 1.1, mi trng gi thit l Ethernet, v v vy, cc giao thc lp trn c ng gi vo trong mt Ethernet frame. Vic bt tt c cc frame ca lp lin kt cho php thu c tt c cc bn tin pht/thu t/bi tt c cc giao thc v ng dng ang chy trn my tnh.

Hnh 1.1: Cu trc packet sniffer Thnh phn th hai ca mt packet sniffer l b phn tch gi tin (packet analyzer), cho php hin th ni dung ca tt c cc trng trong mt bn tin giao thc. lm c iu ny, packet analyzer cn phi hiu cu trc ca tt c cc bn tin trao i gia cc giao thc. V d, gi s chng ta quan tm n vic hin th cc trng trong cc bn tin trao i bi giao(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 3

thc HTTP nh Hnh 1.1. Packet analyzer hiu cu trc ca nh dng Ethernet frame, v v vy c th xc nh c IP datagram bn trong Ethernet frame. Packet analyzer cng hiu nh dng ca IP datagram, v c th tch c TCP segment bn trong IP datagram. Tng t, packet analyzer cng bi t cu trc ca TCP segment v, v vy, cho php tch c bn tin HTTP cha trong TCP segment. Cui cng, packet analyzer hiu giao thc HTTP v, v vy, bit c, byte u tin trong mt bn tin HTTP c cha cc lnh iu khin nh cc t GET, POST, hoc HEAD. Trong phm vi cc bi th nghim ny, chng ta s s dng Wireshark packet sniffer hin th ni dung ca cc bn tin ang pht/thu t/bi cc giao thc cc lp khc nhau ca chng giao thc TCP/IP. Chng trnh ny hot ng trn cc my tnh c s dng Ethernet hay ADSL kt ni ti Internet, cng nh cc giao thc im-ni-im nh PPP (Point-to-Point Protocol). Wireshark l tn gi ca chng trnh Ethereal trc , bt ngun t giao thc lp lin kt d liu Ethernet nh hc trong bi ging. 1.2 Ci t Wireshark

chy Wireshark, my tnh cn phi c ci t c hai phn mm packet sniffer Wireshark v th vin bt gi tin libpcap. Nu phn mm libpcap cha c ci t vo trong h iu hnh ca my, cn phi ci t libpcap. bit a ch download, xem thm ti a ch http://www.wireshark.org/download.html. Download v ci gi phn mm Wireshark: truy nhp n a ch

http://www.wireshark.org, truy nhp vo mc Download, chn mt server gn download Wireshark. Phin bn hin ti ca Wireshark l Wireshark 0.99.7. Download v ci t libpcap2: vi Windows, phn mm libpcap thng c bit n vi tn gi WinPCap. download WinPCap truy nhp vo a ch http://www.winpcap.org/, truy nhp n menu Get WinPCap, v download t mc Installer for Windows. Phin bn hin ti ca WinPCap l WinPCap 4.0.2. 1.3 Khi ng Wireshark

Sau khi khi ng Wireshark, giao din ha ngi dng ca Wireshark s c hin th nh Hnh 1.2. Ban u khng c d liu c hin th cc ca s. Giao din Wireshark c nm thnh phn chnh:2

Cc phin bn mi ca Wireshark c th bao gm WinPCap nn cn kim tra li trc khi ci t

(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 4

Menu cu lnh (command menus) l cc menu ko xung t pha trn u ca ca s. Hai menu ng quan tm nht l menu File v Capture. Menu File cho php lu gi d liu gi tn bt c v m mt tp cha d liu gi bt c, v thot khi ng dng Wireshark. Menu Capture cho php bt u bt gi tin.

command menusCa s lc filter specification

Captured packet list

Thng tin header ca mt captured packet header c chn Ni dung packet dng hexadecimal v ASCII

Hnh 1.2. Giao din ngi dng Wireshark

Ca s lit k gi tin (packet-listing window) hin th mt dng tm tt v mi gi tin bt c, bao gm c s th t gi do Wireshark gn, thi gian bt c gi tin, a ch ngun v a ch ch ca gi tin, kiu giao thc, v thng tin v giao thc cha trong gi tin. Phn lit k gi tin c th c xp xp phn loi theo bt k loi no nh bm vo mt tn ct. Trng kiu giao thc (protocol) lit k giao thc mc cao nht thc hin pht hoc thu gi tin ny, tc l, giao thc ngun hay ch ca gi tin ny. Ca s chi tit v packet header (packet-header details window) cung cp chi tit v gi tin c chn (highlighted) trong ca s lit k gi tin. ( chn mt gi tin trong ca s lit k gi tin, t con tr vo dng tm tt v gi tin trong ca s lit k gi tin v click bng phm chut tri). Cc chi tit ny bao gm thng tin v Ethernet frame v IP datagram cha gi tin ny. Lng thng tin ca Ethernet v lp IP c th c m rng hay thu hp li bng cch clicking vo mi tn ch

(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 5

sang phi hay xung di v pha tri ca dng Ethernet frame hay IP datagram ca s chi tit v gi tin. Nu cc gi tin c mang bi TCP hay UDP, chi tit v TCP hay UDP s c hin th. Cui cng, chi tit v giao thc lp cao nht pht hay thu gi tin ny cng c cung cp.

Ca s ni dung gi tin (packet-contents window) hin th ton b ni dung ca frame bt c, c dng ASCII v c s 16 (hexadecimal). Trng lc hin th gi (packet display filter field) pha trn ca giao din ha ngi s dng Wireshark cho php nhp tn hay cc thng tin khc v giao thc lc thng tin hin th ca s lit k gi tin (v v vy, u gi tin v ca s ni dung gi tin). v d di y chng ta s dng trng lc hin th gi lc cc gi Ethernet n, ngoi tr cc gi tng ng vi cc bn tin HTTP.

1.4

Chy th Wireshark

chy th Wireshark thc hin cc bc sau y 1. 2. Bc 1: Khi ng web browser (V d: Internet Explorer hay Firefox), nhp vo trang website la chn. Bc 2: Khi ng phn mm Wireshark. S thy c mt ca s tng t Hnh 1.2, ngoi tr khng c gi d liu hin th cc ca s packet-listing, packet-header, hay packet-contents, do Wireshark cha bt u bt gi. 3. 4. Bc 3: bt u bt gi, chn menu ko xung Capture v chn Start. Thao tc ny s lm cho ca s Wireshark: Capture Options hin th nh Hnh 1.3. Bc 4: Sinh vin c th s dng tt c gi tr default trong ca s values . Cc giao din mng (tc l, cc kt ni vt l) m my tnh c ni n mng s c hin th menu ko xung Interface pha trn ca ca s Capture Options. Trong trng hp my tnh c nhiu giao din mng (v d, nu my tnh c c kt ni mng hu tuyn Ethernet v kt ni v tuyn), bn s cn chn mt giao tip s s dng thu v pht packets (thng thng l giao din hu tuyn Ethernet). Sau khi chn xong giao din mng (hoc s dng giao din default ca Wireshark), click OK. Chng trnh bt u bt packet, tc l, tt c cc packet c pht/thu t/bi my tnh ca bn s c chng trnh Wireshark bt. 5. Bc 5: Khi bt u bt packet, mt ca s thng tin vn tt v bt packet s xut hin nh Hnh 1.4. Ca s ny cho thng tin tm tt v s packets thuc cc kiu

(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 6

khc nhau ang b bt, v mt phm Stop cho php dng bt packet.

Hnh 1.3: Ca s ty chn ca Wireshark

Hnh 1.4: Ca s captured packet ca Wireshark 6. Bc 6: Trong khi Wireshark ang chy, nhp vo mt a ch URL, v d: http://www.lqdtu.edu.vn/index.htm hin th ni dung trang web browser. hin(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 7

th ni dung trang web ny, browser s lin h vi HTTP server ti http://www.lqdtu.edu.vn/index.htm v trao i cc bn tin HTTP vi server download trang. Cc Ethernet frames cha cc bn tin HTTP ny s b Wireshark bt phn tch. 7. Bc 7: Sau khi browser hin th ni dung trang index.html, dng qu trnh bt packet ca Wireshark bng cch chn Stop ca s Wireshark Capture, hin th tt c cc packets bt c t khi bt u bt packet. Ca s chnh ca Wireshark s c dng tng t nh ca s trn Hnh 1.2. Lc ny chng ta c d liu gi thc (live) cha tt c cc bn tin trao i gia my tnh v cc thc th khc ca mng. Bn tin HTTP trao i vi server ca www.lqdtu.edu.vn s c hin th trong danh sch cc gi bt c. Tuy nhin, cng c nhiu loi gi khc cng s c hin th. iu ny c ngha l mc d bn ch thc hin thao thc download mt trang web, nhng c nhiu giao thc khc chy ngm trong my tnh ca bn 8. Bc 8: Nhp vo http (khng c du ngoc kp v dng ch in thng Wireshark th tt c cc tn protocol u dng ch in thng) vo trong ca s lc hin th u ca s Wireshark chnh. Sau chn Apply. Thao tc ny s lc hin th ring bn tin HTTP ca s packet-listing.

Hnh 1.5: Ca s hin th thng tin ca Wireshark sau bc 8(C)2007 Trn Xun Nam, Khoa V tuyn in t, Hc vin K thut Qun s

Bi 1: Gii thiu

Trang 8

9.

Bc 9: Chn bn tin http u tin trong ca s packet-listing. phi l bn tin HTTP GET c gi i t my ca bn ti HTTP server ca trang www.lqdtu.edu.vn. Khi bn chn bn tin HTTP GET, thng tin u khung ca Ethernet frame, IP datagram, TCP segment, v bn tin HTTP s c hin th ca s packet-header. Bng cch click vo u mi tn sang p...