Professional Documents
Culture Documents
Baocao
Baocao
CHNG I. C S L THUYT MNG MY TNH ................................. 5 1 Tng Quan H Thng Mng TCP/IP Ethernet ........................................ 5
1.1 Khi nim mng my tnh ......................................................................................... 5 1.2 Kin trc phn tng ................................................................................................... 6 1.3 M hnh OSI ............................................................................................................... 8 1.3.1 Khi nim ............................................................................................................. 8 1.3.2 Mc ch ............................................................................................................... 9 1.4 Phng thc hot ng ........................................................................................... 10 1.4.1 C kt ni (Connection Oriented) ..................................................................... 10 1.4.2 Khng kt ni (Connectionless) ........................................................................ 11 1.5 B giao thc TCP/IP ................................................................................................ 11 1.5.1 Khi nim ........................................................................................................... 12 1.5.2 Mc ch v ngun gc...................................................................................... 12 1.5.3 c im ............................................................................................................. 13 1.6 So snh TCP/IP v OSI ............................................................................................ 14
CHNG II. K THUT CHN BT .......................................................... 32 1 Tng Quan V Chn Bt Gi Tin (Sniffer)............................................. 32
1.1 Cc khi nim lin quan .......................................................................................... 32 1.2 ng dng ca sniffer................................................................................................ 33 1.2.1 Kh nng ............................................................................................................ 33 1.2.2 Mc ch ............................................................................................................. 33 1.3 Cc chng trnh sniffer hin c ............................................................................ 34
2.3 Cc thnh phn ca mt chng trnh sniffer ...................................................... 37 2.4 Phng chng sniffer ................................................................................................. 38 2.4.1 Pht hin sniffer trong mng ............................................................................ 38 2.4.2 Ngn chn sniffer .............................................................................................. 38 2.4.3 Mt s chng trnh pht hin sniffer .............................................................. 39
CHNG III. PHN TCH, LA CHN V THIT K GII THUT .... 44 1 Chi Tit Cc Phng Php....................................................................... 44
1.1 Winsock ..................................................................................................................... 44 1.1.1 Khi nim ........................................................................................................... 44 1.1.2 Cc s kin ca Winsock ................................................................................... 45 1.1.3 Loi Socket trong Winsock ................................................................................ 45 1.1.4 Lm vic vi Socket trong Winsock................................................................... 45 1.2 .NET Socket .............................................................................................................. 47 1.2.1 Khi nim ........................................................................................................... 47 1.2.2 Lm vic vi .NET Socket ................................................................................. 47 1.2.3 Demo................................................................................................................... 48 1.3 Winpcap .................................................................................................................... 48 1.3.1 Khi nim ........................................................................................................... 49 1.3.2 Lm vic vi Winpcap ...................................................................................... 50
La chn gii thut ................................................................................... 54 Cc Chc Nng Chnh .............................................................................. 56 Phn Tch Xy Dng Cc Chc Nng Chnh ......................................... 59
2.1 Hot ng tng qut ................................................................................................ 59 2.2 Chc nng o lu lng. ......................................................................................... 60 2.2.1 o lu lng vo/ra trn my ci t chng trnh...................................... 60 2.2.2 Bo co thng tin lu lng ............................................................................. 60 2.3 Bt gi tin .................................................................................................................. 61 2.4 Cc thao tc vi File................................................................................................. 63 2.5 Giao din (View) ....................................................................................................... 64 2.6 Thng k (Statistics)................................................................................................. 64 2.6.1 Thng k tch ly (Cumulative)......................................................................... 64 2.6.2 Thng k lin tc (Continous)........................................................................... 65 2.7 Qun l mng ........................................................................................................... 65
2.7.1
LI M U
Ngy nay, mng my tnh tr nn quen thuc vi mi ngi trong x hi. Cng vi s pht trin ca cng ngh thng tin v nhu cu ca con ngi, mng my tnh cng cng ngy cng m rng v tr thnh mt phn khng th thiu ca i sng. Tuy nhin, cng vi s pht trin ca mng my tnh, rt nhiu vn lin quan cng c t ra i vi ngi s dng nh li ng truyn, virus, s tn cng ca hacker.... gp phn gii quyt nhng vn ny th vic kim sot lng thng tin vo ra mang mt ngha kh quan trng. Chnh v vy em la chn thc hin n tt nghip l Xy dng chng trnh kim sot lu lng thng tin trao i qua h thng mng nhm mc ch cung cp mt cng c hu ch cho vic kim sot v hc tp v mng my tnh. Trong thi gian thc tp em xin chn thnh cm n cc thy c gio trong khoa Cng ngh thng tin trng i hc Hng Hi Vit Nam cng cc bn trong tp th lp CNT46-H v c bit thy Ng Quc Vinh gip em trong qu trnh thc hin n ny.
Chng I. C s l thuyt mng my tnh Vo nhng nm 1970 ngi ta bt u xy dng mng truyn thng trong cc thnh phn chnh ca n l cc nt mng gi l b chuyn mch dng hng thng tin ti ch. Cc mng c ni vi nhau bng ng truyn cn cc my tnh x l thng tin ca ngi dng hoc cc trm cui c ni trc tip vo cc nt mng khi cn th trao i thng tin qua mng. Cc nt mng thng l my tnh nn ng thi ng vai tr ca ngi s dng. Chc nng ca nt mng: Qun l truyn tin, qun l mng Nh vy cc my tnh ghp ni vi nhau hnh thnh mng my tnh, y ta thy mng truyn thng cng ghp ni cc my tnh vi nhau nn khi nim mng ma tnh v mng truyn thng c th khng phn bit. Vic hnh thnh mng my tnh nhm t cc mc ch sau: Tn dng v lm tng gi tr ca ti nguyn Chinh phc khong cch Tng cht lng v hiu qu khai thc v x l thng tin Tng tin cy ca h thng nh kh nng thay th khi xy ra s c i vi mt my tnh no . Nh vy: Mng my tnh l tp hp cc my tnh c ghp vi nhau bi cc ng truyn vt l theo mt kin trc no .
Chng I. C s l thuyt mng my tnh nhau). Mc ch ca mi tng l cung cp mt s dch v nht nh cho tng cao hn. Tng i ca h thng A s hi thoi vi tng i ca h thng B, cc quy tc v quy c dng trong hi thoi gi l giao thc mc I Gia hai tng k nhau tn ti mt giao din (interface) xc nh cc thao tc nguyn thu ca tng di cung cp ln tng trn. Trong thc t d liu khng truyn trc tip t tng i ca h thng ny sang tng i ca h thng khc ( tr tng thp nht trc tip s dng ng truyn vt l truyn cc xu bt (0.1) t h thng ny sang h thng khc ).D liu c truyn t h thng gi (sender) sang h thng nhn (receiver) bng ng truyn vt l v c nh vy d liu li i ngc ln cc tng trn. Nh vy khi hai h thng lin kt vi nhau, ch tng thp nht mi c lin kt vt l cn tng cao hn ch c lin kt logic (lin kt o ) c a vo hnh thc ho cc hot ng ca mng thun tin cho vic thit k v ci t cc phn mm truyn thng. Nh vy vit chng trnh cho tng N, phi bit tng N+1 cn g v tng N -1 c th lm c g.
Minh ha kin trc phn tng tng qut 7 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Nguyn tc xy dng kin trc phn tng nh sau: n gin cn hn ch s lng cc tng. To ranh gii cc tng sao cho cc tng tc v m t cc dch v l ti thiu. Chia cc tng sao cho cc chc nng khc nhau c tch bit vi nhau, v cc tng s dng cc loi cng ngh khc nhau cng c tch bit. Cc chc nng ging nhau c t vo cng mt tng. Chn ranh gii cc tng theo kinh nghim c chng t l thnh cng. Cc chc nng c nh v sao cho c th thit k li tng m nh hng t nht n cc tng k n. To ranh gii gia cc tng sao cho c th chun ha giao din tng ng. To mt tng khi d liu c x l mt cch khc bit. Cho php thay i chc nng hoc giao thc trong mt tng khng lm nh hng n cc tng khc. Mi tng ch c cc ranh gii (giao din) vi cc tng k trn v k di n. C th chia mt tng thnh cc tng con khi cn thit. To tng con cho php giao din vi cc tng k cn. Cho php hy b cc tng con nu thy khng cn thit.
Chng I. C s l thuyt mng my tnh dng. Vi l do t chc chun ho quc t ISO thnh lp mt tiu ban nhm xy dng mt khung chun v kin trc mng lm cn c cho cc nh thit k v ch to cc sn phm mng. Kt qu l nm 1984 ISO a ra m hnh tham chiu cho vic kt ni cc h thng m ( Reference Model for Open System Inter connection) hay gn hn l OSI Reference model. M hnh ny c dng lm c s kt ni cc h thng m.
M hnh OSI
1.3.2 Mc ch M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong phn cng, cn nhng tng khc c ci t trong phn mm. M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp, tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny 9 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh c ngha l cho d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l cc c t c thu o mt cch ng n Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n, trong tnh nng ca nhiu tng c gp li lm mt. Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI, thng c gi l mt "chng giao thc".
Chng I. C s l thuyt mng my tnh Tng ng vi ba giai on trao i, ba th tc c bn c s dng, chng hn i vi tng N c: N-CONNECT ( thit lp lin kt ), N-DATA(Truyn d liu ), v NDISCONNECT (Hu b kt ni). Ngoi ra cn mt s th tc ph c s dng tu theo c im, chc nng ca mi tng. V d: Th tc N-RESTART c s dng khi ng li h thng tng 3 Th tc T-EXPEDITED DATA cho vic truyn d liu nhanh tng 4 Th tc S-TOKEN GIVE chuyn iu khin tng 5. .. Mi th tc trn s dng cc hm nguyn thu (Request, Indication, Response, Confirm) cu thnh cc hm c bn ca giao thc ISO. 1.4.2 Khng kt ni (Connectionless) i vi phng thc khng kt ni th ch c duy nht mt giai on l: truyn d liu. So snh hai phng thc hot ng trn chng ta thy rng phng thc hot ng c kt ni cho php truyn d liu tin cy, do c c ch kim sot v qun l cht ch tng kt ni logic. Nhng mt khc n phc tp v kh ci t. Ngc li, phng thc khng kt ni cho php cc PDU (Protocol Data Unit) c truyn theo nhiu ng khc nhau i n ch, thch nghi vi s thay i trng thi ca mng, song li tr gi bi s kh khn gp phi khi tp hp cc PDU di chuyn ti ngi s dng. Hai tng k nhau c th khng nht thit phi s dng cng mt phng thc hot ng m c th dng hai phng thc khc nhau.
Chng I. C s l thuyt mng my tnh 1.5.1 Khi nim B giao thc TCP/IP, ngn gn l TCP/IP (ting Anh: Internet protocol suite hoc IP suite hoc TCP/IP protocol suite - b giao thc lin mng), l mt b cc giao thc truyn thng ci t chng giao thc m Internet v hu ht cc mng my tnh thng mi ang chy trn . B giao thc ny c t tn theo hai giao thc chnh ca n l TCP (Giao thc iu khin Giao vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh ngha. Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v cung cp cho cc giao thc tng cp trn mt dch v c nh ngha r rng da trn vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vi ngi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i mt cch vt l. 1.5.2 Mc ch v ngun gc Giao tip thng tin tr thnh nhu cu khng th thiu trong tt c mi lnh vc hot ng. Mng my tnh tnh ra i phn no p ng c nhu cu . Phm vi lc u ca cc mng b hn ch trong mt nhm lm vic, mt c quan, cng ty... trong mt khu vc. Tuy nhin thc t ca ca nhng nhu cu cn trao i thng tin trong nhiu lnh vc khc nhau, v nhiu ch khc nhau, gia cc t chc, cc c quan. ..l khng c gii hn. V vy nhu cu cn kt ni cc mng khc nhau ca cc t chc khc nhau trao i thng tin l thc s cn thit. Nhng tht khng may l hu ht cc mng ca cc cng ty, cc c quan... u l cc thc th c lp, c thit lp phc v nhu cu trao i thng tin ca bn thn cc t chc . Cc mng ny c th c xy dng t nhng k thut phn cng khc nhau ph hp vi nhng vn giao tip thng tin ca ring h. iu ny chnh l mt cn tr cho vic xy dng mt mng chung, bi v s khng c mt k thut phn cng ring no p ng cho vic xy dng mt mng chung tho mn nhu cu ngi s dng. Ngi s dng cn mt mng tc cao ni cc my, nhng nhng mng nh vy khng th c m rng trn nhng khong cch ln. Nhu cu v mt k thut mi m c th kt ni c nhiu mng vt l c cu trc khc hn 12 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh nhau l tht s cn thit. Nhn thc c iu , trong qu trnh pht trin mng ARPANET ca mnh, t chc ARPA ( Advanced Research Projects Agency) tp trung nghin cu nhm a ra mt k thut tho mn nhng yu cu trn. K thut ARPA bao gm mt thit lp ca cc chun mng xc nh r nhng chi tit ca vic lm th no cc my tnh c th truyn thng vi nhau cng nh mt s thit lp cc quy c cho kt ni mng, lu thng v chn ng. K thut c pht trin y v c a ra vi tn gi chnh xc l TCP/IP Iternet Protocol Suit v thng c gi tt l TCP/IP. Dng TCT/IP ngi ta c th kt ni c tt c cc mng bn trong cng ty ca h hoc c th kt ni gia cc mng ca cc cng ty, cc t chc khc nhau vi nhau. B giao thc TCP/IP gm nhiu giao thc c phn lm 4 tng nh sau:
Cc tng trong b giao thc TCP/IP 1.5.3 c im L b giao thc chun m v sn c, v: n khng thuc s hu ca bt c mt t chc no; cc c t th sn c v rng ri. V vy bt k ai cng c th xy dng phn mm truyn thng qua mng my tnh da trn n. TCP/IP c lp vi phn cng mng vt l, iu ny cho php TCP/IP c th c dng kt ni nhiu loi mng c kin trc vt l khc nhau nh: Ethernet, Tokenring, FDDI, X25, ATM...(Trong phm vi ti ta ch xt ti Ethernet). 13 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh TCP/IP dng a ch IP nh danh cc host trn mng to ra mt mng o thng nht khi kt ni mng. Cc giao thc lp cao c chun ho thch hp v sn c vi ngi dng.
Tng ng cc tng gia TCP/IP v OSI Trong khi m hnh OSI nhn mnh tin cy c cung cp trong dch v chuyn d liu th i vi TCP/IP coi tin cy nm trong vn end to end. 14 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Trong m hnh OSI tt c mi tng u c pht hin v kim tra li, tng giao vn ch lm nhim v kim tra tin cy ca source to destination. Cn i vi b giao thc TCP/IP tng giao vn lm mi nhim v kim tra pht hin v sa li. M hnh OSI c xy dng trc khi cc giao thc ca n c xy dng, do vy n c tnh tng qut cao v c th c dng m t cc m hnh khc. Ngc li, b giao thc TCP/IP ch l mt m hnh nhm v miu t nhng giao thc sn c trong thc t. V vy b giao thc TCP/IP c s dng rng ri trong thc t trong khi m hnh OSI li ph hp vi mc ch hc tp v ging dy.
Nhng tng trn nh gn vi ngi s dng hn, nhng tng thp nht gn vi thit b truyn thng hn. Trong mi tng l mt nhm nhiu giao thc, trong c mt giao thc phc v tng trn ca n v mt giao thc s dng dch v ca tng di ca n (ngoi tr tng nh v tng y). Bng sau lit k mt s giao thc ca cc tng: Tng Giao Thc
DNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC, Application NNTP, POP3, SIP, SMTP,SMPP, SNMP, SSH, Telnet, Echo, RTP, PNRP, rlogin, ENRP Transport Internet Link TCP, UDP, DCCP, SCTP, IL, RUDP, RSVP IP (IPv4, IPv6), ICMP, IGMP, ICMPv6 ARP, RARP, OSPF (IPv4/IPv6), IS-IS, NDP
Chng I. C s l thuyt mng my tnh 2.3.4 Tng lin kt (Link Layer) L tng thp nht ca b giao thc TCP/IP, chu trch nhim v vic chp nhn cc datagram ca tng trn (v d IP datagram) v vic truyn pht chng trn mt mng xc nh. Theo quan im hin nay m hnh TCP/IP khng cn bao gm cc c t vt l, ni cch khc tng lin kt cng khng cn bao gm vn v phn cng hay vic truyn tn hiu vt l na.
Ethernet frame Header o Preamble (PRE): Phn m u gm 7 byte v khng c tnh vo kch thc ca Ethernet. Tt c cc byte trong phn m u ny u c gi tr 10101010 v n c dng ng b ng h gia ni nhn v gi frame. 18 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh o SOF (Start frame delimiter) gm 1 byte v khng c tnh vo kch thc ca Ethernet. Byte ny c gi tr 101010111 v c s dng nh du bt u ca mt frame. i vi nhng h thng Ethernet hin nay hot ng tc 100 Mbps hoc 1000Mbps khng cn cn ti PRE v SOF. o DA (Destination Address) c di 6 byte l a ch ni MAC ca Ethernet card ni n. ch hot ng bnh thng Ethernet ch tip nhn nhng frame c a ch ni n trng vi a ch (duy nht) ca n hoc a ch ni n th hin mt thng ip qung b. Tuy nhin hu ht cc Ethernet card hin nay u c th c t ch a hn tp (promiscuous mode) v khi n s nhn tt c cc frame xut hin trong mng LAN. o SA (Source Addresss) c di 6 byte l a ch MAC ca card ngun. o Length/Type ( di/Loi) 2 byte ch ra di (i vi IEEE 802.3 MAC frame) v loi ca Ethernet frame ch giao thc ca tng cao hn (i vi DIX Ethernet.(DEC- Intel Xerox) ph bin hn). V d nh vi DIX Ethernet frame c giao thc tng trn l IP th 2 byte ny s c gi tr l 0800h v ARP l 0806h. Data Payload: Phn thng tin d liu c di t 46 ti 1500 byte. Trailer (FCS - Frame Check Sequence): 32 bit sa li CRC. Ethernet s dng phng thc truy nhp ng truyn CSMA/CD, do vy nhng frame li do xy ra xung t (collision) trn ng truyn l khng th trnh khi. Tuy nhin, nu nh t l nhng frame li vt qu mt mc no (v d nh 1% tng s frame) c ngha l h thng mng c vn . Nhng Ethernet frame li bao gm: 19 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Frame c ln nh hn 64 byte. (normal collision xy ra kh ph bin). Frame c ln ln hn 1518 byte. Frame c ln ph hp nhng c phn CRC b sai lch (late collision nu c nhiu frame dng ny tc l h thng mng ang gp vn nghim trng). 2.4.2 ARP (address resolution protocol) Giao thc phn gii a ch ARP l phng php tm a ch tng lin kt (hay a ch vt l) khi bit a ch tng Internet (IP) hoc mt vi kiu a ch tng mng khc. ARP c s dung khng ch chuyn i a ch i vi IP v Ethernet m n c ci t lm vic vi nhiu loi a ch ca cc tng cc loi mng khc nhau. Tuy nhin, do s ph bin ca IPv4 v Ethernet nn ARP ch yu c dng chuyn i t a ch IP thnh a ch MAC. N cng c s dng i vi IP da trn cc cng ngh LAN khc Ethernet nh FDDI, Token Ring, IEEE 802.11 hay ATM. Trong thc t, khi truyn thng vi my ch thay v truy vn a ch vt l ca my ch, giao thc ARP s s dng b m ARP (ARP cache). B m lu tr cc a ch IP gn nht c phn gii. Nu a ch MAC ca a ch IP ch c tm thy trong b m th a ch ny s c s dng truyn thng. Cu trc ca mt n v d liu giao thc ARP nh sau:
Bit offset 0 32 64 96 128 160 192 07 8 15 16 32
Protocol type (PTYPE) Protocol length Operation Hardware length (HLEN) (PLEN) (OPER) Sender hardware address (SHA) Sender hardware address (SHA) Sender protocol address (SPA) Sender protocol address (SPA) Target hardware address (THA) Target hardware address (THA) Target protocol address (TPA)
Chng I. C s l thuyt mng my tnh Hardware type (HTYPE) Mi giao thc tng lin kt (link layer) s c gn mt s phn bit (v d nh Ethernet l 1).. Protocol type (PTYPE) Dng phn bit giao thc tng Internet, v d nh vi IP l 0x0800. Hardware length (HLEN) di tnh theo byte ca a ch vt l. i vi Ethernet gi tr ny l 6. Protocol length (PLEN) di tnh theo byte ca a ch logic. i vi IP gi tr ny l 4.. Operation Xc nh hnh ng m bn gi gi tin ang thc hin: 1 cho request, 2 cho reply, 3 cho RARP request v 4 cho RARP reply. Sender hardware address (SHA) a ch vt l ca trm gi. Sender protocol address (SPA) a ch logic ca trm gi (v d nh a ch IP). Target hardware address (THA) a ch vt l ca trm ch. Trng ny c trng i vi gi tin request. Target protocol address (TPA) a ch logic ca trm ch. 2.4.3 RARP (reserve address resolution protocol) L giao thc ngc li so vi ARP, tm a ch logic khi bit a ch vt l. Cu trc ca mt n v d liu ca giao thc RARP hon ton tng t nh ARP, ngoi tr trng Operation. i vi gi d liu ARP th Operation c gi tr 1 nu l request, 2 nu reply. i vi gi d liu RARP th Operation c gi tr 3 nu l request v 4 nu l reply. 2.4.4 IP (internet protocol) Giao thc lin mng IP ht nhn ca b giao thc TCP/IP. Trong phm vi ti chng ta ch xt ti IP phin bn 4 (IPv4). IP l mt giao thc hng d liu c s dng trong mng chuyn mch gi (v d nh Ethernet). IP l mt giao thc hot ng theo phng thc khng lin kt (connectionless) v khng m bo truyn 21 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh (khng c s trao i thng tin iu khin). Vai tr ca IP tng t nh vi tr ca giao thc tng mng (network layer) trong m hnh OSI vi cc chc nng nh sau: Xc nh lc a ch Internet. Di chuyn d liu gia tng giao vn v tng lin kt. Dn ng cho cc n v d liu ti cc trm xa. Thc hin vic ct v hp cc n v d liu. Giao thc IP s b sung phn header vo trc segment c gi t tng giao vn xung v n v d liu ny trong b giao thc TCP/IP c gi l IP packet nh hnh sau:
Cu trc n v d liu IP Trong phn header bao gm cc thnh phn: Version: ch ra phin bn hin hnh ca IP c ci t (c gi tr l 4 i vi IPv4).
Chng I. C s l thuyt mng my tnh Internet Header Length (IHL) Ch di phn u ca IP packet, tnh theo n v t (word = 32 bit). di ti thiu l 5 t (20 byte). Differentiated Services (DS): Trc y cn gi l Type of Services c t cc tham s dch v, c dng c th nh sau:
bit 0 2 3 5 5 6 7
Precedence D T R C Reserved
Vi ngha cc bit c th: Precedebce (3 bit): quyn u tin c th l 111 - Network Control, 110 Internetwork Control, 101 - CRITIC/ECP, 100 - Flash Override, 011 - Flash, 010 - Immediate, 001 - Priority, 000 Routine. D (Delay) (1 bit): ch tr yu cu D = 0 nu tr bnh thng, 1 nu tr thp. T (Throughput) (1 bit): ch thng lng yu cu T = 0 thng lng bnh thng, 1 nu thng lng cao. R (Reliability) (1bit) ch tin cy yu cu R = 0 tin cy bnh thng, 1 nu tin cy cao. C (Cost) (1bit) ch hao ph C = 0 normal cost, 1 nu minimize cost. Reserved (1bit) dnh. Total Length trng 16 bit ch di ton b datagram bao gm c phn header v phn data tnh theo byte v c gi tr ln nht l 65535 v gi tr nh nht l 20 byte. Identification (16 bit) nh danh duy nht cho 1 datagram khi n vn cn trn lin mng. Flags (3 bit) iu khin s phn mnh. Theo th t t bit cao xung bit thp nh sau: 23 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh o Reserved: c gi tr 0. o DF: 0 (May Fragment); 1 (Dont Fragment). o MF: 0 (Last Fragment); 1 (More Fragment). Fragment Offset ch v tr ca on (fragment) trong datagram tnh theo n v 64 bit, c ngha mi on (tr on cui cng) phi cha mt vng d liu c di l bi s ca 64 bit. Time To Live (TTL) (8 bit): quy nh thi gian tn ti (tnh bng giy) ca datagram trong lin mng trnh tnh trng mt datagram b lp v hn trn lin mng. Thi gian ny c cho bi trm gi v c gim i (thng quy c l 1 n v) khi datagram i qua mi router ca lin mng. Protocol (8 bit): ch ra giao thc tng trn k tip s nhn vng d liu trm ch (hin ti thng l TCP hoc UDP c ci t trn IP). Header Checksum (16 bit): m kim sot li 16 bit theo phng php CRS, ch dnh cho phn header. Source address (32 bit): a ch trm ngun. Destination address (16 bit): a ch trm ch. Options ( di thay i): khai bo cc la chn do ngi dng yu cu (ty theo tng chng trnh). Padding ( di thay i): vng m c dng m bo cho phn header lun kt thc mt mc 32 bits. Data ( di thay i): vng d liu c di l bi s ca 8 bit v ti a l 65535 byte. 2.4.5 ICMP (internet control message protocol) Giao thc ICMP cung cp c ch thng bo li v cc tnh hung khng mong mun cng nh iu khin cc thng bo trong b giao thc TCP/IP. Giao thc ny 24 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh c to ra thng bo cc li dn ng cho trm ngun. ICMP ph thuc vo IP c th hot ng v l mt phn khng th thiu ca b giao thc TCP/IP, tuy nhin n khng phi giao thc dng truyn ti d liu nn thng c coi nm trong tng Internet (Internet layer) m khng phi l tng giao vn (transport layer). Chc nng ca ICMP nh sau: Cung cp thng bo phn hi v tr li kim tra tin cy ca kt ni gi hai trm. iu ny c thit lp bi cu lnh PING (Packet internet gropher). ch hng li lu lng cung cp vic dn ng hiu qu hn khi mt b dn ng qu ti d lu lng qua n qu ln. Gi thng bo v thi gian qu khi datagram ca trm ngun vt qu TTL v b loi b. Gi qung co dn ng xc nh a ch ca cc b dn ng trn on mng. Cung cp cc thng bo qu hn thi gian. Xc nh subnet mask no c s dng trn on mng. D liu ca gi ICMP s c ng gi bi giao thc IP v Ethernet nh trong hnh v sau:
n v d liu ca ICMP bao gm 2 phn: Header v Data. Phn Data t rong Window c ln l 32 v theo ngay sau phn Header. Header c bt u sau bit th 160 ca gi tin IP (tr khi phn IP Option c s dng) c cu trc nh sau:
bit 160 167 168 175 176 183 184 191 160 Type Code Checksum
Trong : Type (8 bit): Loi gi tin ICMP. Code (8 bit): Chi tit v cc c im ca gi tin ICMP. Checksum( 16 bit) M sa li CRC. ID & Sequence (32 bit): C gi tr trong trng hp ICMP Echo Request v Echo Reply. 2.4.6 TCP (Transmission Control Protocol) Giao thc iu khin truyn TCP l mt giao thc hot ng theo phng thc c lin kt (connection oriented). Trong b giao thc TCP/IP, n l giao thc trung gian gia IP v mt ng dng pha trn, m bo d liu c trao i mt cch tin cy v ng th t. Cc ng dng s gi cc dng gm cc byte 8 bit ti TCP gi qua mng. TCP s phn chia cc dng ny thnh cc on (segment) c kch thc thch hp (thng da theo kch thc ca n v truyn dn ti a MTU ca tng lin kt ca mng m my tnh ang nm trong . Sau TCP chuyn cc gi tin thu c ti IP thc hin chuyn n qua lin mng ti modul TCP ti my tnh ch. Trong qu trnh ny, n s c c ch bt tay, iu khin truyn, nh s th t v sa li vic truyn dn din ra ng n v chnh xc. n v d liu ca TCP c gi l segment (on d liu) bao gm 2 phn: Header v Data, c miu t di hnh sau:
Bit 0 32 64 96
03
49 Source Port
10 15 Sequence Number
16 31 Destination Port
Cu trc n v d liu TCP Trong : Source port (16 bit): S hiu ca cng ca trm ngun Destination port (16 bit): S hiu ca cng ca trm ch. Sequence number (32 bit): Trng ny c 2 nhim v. Nu c SYN bt th n l s hiu tun t khi u (ISN) v byte d liu u tin l ISN + 1. Nu khng c c SYN th y l s hiu byte u tin ca segment. Acknowledgement number (32 bit): S hiu ca segment tip theo m trm ngun ang ch nhn. Ngm bo nhn tt (cc) segment m trm ch gi cho trm ngun. Data offset (4 bit): Qui nh di ca phn header (tnh theo n v t 32 bit). Phn header c di ti thiu l 5 t (160 bit) v ti a l 15 t (480 bit). Reserved (6 bit): Dnh cho tng lai v c gi tr l 0. Flags (hay Control bits): Bao gm 6 c t tri sang phi nh sau: o URG: C cho trng Urgent pointer o ACK: C cho trng Acknowledgement o PSH: Hm Push RST: Thit lp li ng truyn SYN: ng b li s hiu tun t (sequene number). o FIN: Khng cn d liu t trm ngun. 27 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Window (16 bit): S byte trm ngun c th nhn bt u t gi tr ca trng bo nhn (ACK). Checksum: 16 bit kim tra cho c phn header v d liu. Urgent pointer (16 bit): Tr ti s hiu tun t ca byte i theo sau d liu khn, cho php bn nhn bit c di ca vng d liu khn. Vng ny ch c hiu lc khi c URG c thit lp. Options ( di thay i): y l trng ty chn. Padding ( di thay i): Phn chn thm vo header bo m phn header lun kt thc mt mc 32 bit. Phn thm ny gm ton s 0. TCP data ( di thay i): Cha d liu ca tng trn, c di ngm nh l 536 byte. Gi tr ny c th iu chnh bng cch khai bo trong vng options. 2.4.7 UDP (User Datagram Protocol) y l mt giao thc khng lin kt c s dng thay th trn IP theo yu cu ca cc ng dng. Khc vi TCP, UDP khng c cc chc nng thit lp v gii phng lin kt. N cng khng cung cp cc c ch bo nhn, khng sp xp tun t cc n v d liu n v c th dn ti tnh trng d liu mt hoc trng m khng h c thng bo li cho ngi gi. Tm li n cung cp cc dch v giao vn khng tin cy nh trong TCP. Do t chc nng phc tp nn UDP c xu th hot ng nhanh hn so vi TCP. N thng c dng cho cc ng dng khng i hi tin cy cao trong giao vn. Cu trc ca mt n v d liu UDP nh sau:
Bit 0 32 64
Chng I. C s l thuyt mng my tnh Cu trc n v d liu UDP Trong : Source port (16 bit): Trng ny xc nh cng ca trm gi v c ngha nu mun nhn thng tin phn hi t ngi nhn. Nu khng dng n th t n bng 0. Destination port (16 bit): Trng xc nh cng ca trm nhn thng tin, v trng ny l cn thit. Length (16 bit): Xc nh chiu di ca ton b datagram: phn header v d liu. Chiu di ti thiu l 8 byte khi gi tin khng c d liu, ch c header. Checksum (16 bit): Trng checksum 16 bit dng cho vic kim tra li ca phn header v d liu. 2.4.8 HTTP (Hypertext Transfer Protocol) L mt giao thc tng ng dng da trn giao thc TCP ca tng giao vn trn cng s 80 h tr Web. Trong giao thc ny mi i tng d liu (trang web, nh, audio...) c truyn trong nhng phin (HTTP session) ring bit. Phn d liu c a xung tng giao vn v c chuyn thnh cc TCP packet gi cho trm nhn. bt u mt phin, client thit lp kt ni ti server bng cch gi mt TCP packet vi c SYN c bt ti cng 80. Server gi tr li packet vi c ACK c bt. Cui cng, client gi packet vi c ACK v tip tc l request i tng mnh cn. V d nh GET /index.html HTTP/1.1 Server s phn hi cho client vi m trng thi, v d nh 200 OK, 403 Forbbiden, 404 Not Found... Sau server s gi packet ng kt ni. 2.4.9 DNS (Domain Name System) L mt giao thc cho php nh x gia tn min v a ch IP v lm vic trn giao thc UDP ca tng giao vn (hu ht trn cng 53). Cu trc d liu phn hea der ca DNS message nh sau:
bit 0 15 ID 16 17 20 21 22 23 24 25 27 29 31 Q Query A T R V B Rcode
C u
trc header ca gi tin DNS Trong : ID: L mt trng 16 bits, cha m nhn dng, n c to ra bi mt chng trnh thay cho truy vn. Gi tin hi p s da vo m nhn dng ny hi p li. Chnh v vy m truy vn v hi p c th ph hp vi nhau. QR: L mt trng 1 bit. Bt ny s c thit lp l 0 nu l gi tin truy vn, c thit lp l mt nu l gi tin hi p. Opcode: L mt trng 4 bits, c thit lp l 0 cho c hiu truy vn, c thit lp l 1 cho truy vn ngc, v c thit lp l 2 cho tnh trng truy vn. AA: L trng 1 bit, nu gi tin hi p c thit lp l 1, sau n s i n mt server c thm quyn gii quyt truy vn. TC: L trng 1 bit, trng ny s cho bit l gi tin c b ct khc ra do kch thc gi tin vt qu bng thng cho php hay khng. RD: L trng 1 bit, trng ny s cho bit l truy vn mun server tip tc truy vn mt cch qui. RA: Trng 1 bit ny s cho bit truy vn qui c c thc thi trn server khng . Z: L trng 1 bit. y l mt trng d tr, v c thit lp l 0. Rcode: L trng 4 bits, gi tin hi p s c th nhn cc gi tr sau : o 0: Cho bit l khng c li trong qu trnh truy vn.
Chng I. C s l thuyt mng my tnh 1: Cho bit nh dng gi tin b li, server khng hiu c truy vn. 2: Server b trc trc, khng thc hin hi p c. 3: Tn b li. Ch c server c thm quyn mi c th thit lp gi tr ny. o 4: Khng thi hnh. Server khng th thc hin chc nng ny . o 5: Server t chi thc thi truy vn. QDcount: S ln truy vn ca gi tin trong mt vn . ANcount: S lng ti nguyn tham gia trong phn tr li. NScount: Ch ra s lng ti nguyn c ghi li trong cc phn c thm quyn ca gi tin. ARcount: Ch ra s lng ti nguyn ghi li trong phn thm vo ca gi tin.
Chng II. K thut chn bt cc gi tin (packet), sau gii m, phn tch ni dung ca n nhm thc hin cc mc ch khc nhau.
2.1 Theo di Network Traffic Trong phm vi ca bo co thc tp tt nghip ch xt ti mi trng mng c dy trong WindowXP, hay chnh xc hn l trong phm vi chun Ethernet. Ethernet c xy dng da trn khi nim chia s. Tt c cc my trong mt mng ni b u c chia s chung mt ng dy. iu ch ra rng tt c cc my trong mng u c th nhn thy traffic trong ng dy . Do , phn cng Ethernet s c mt b lc (filter) b qua tt c nhng traffic khng phi dnh cho n (bng cch b qua tt c cc frame c a ch MAC khng ph hp). khc phc, sniffer phi c c ch tt filter trn, a phn cng Ethernet vo ch hn tp (promiscuous mode)
Ta nhn thy trong packet trn cha 14-byte Ethernet header, 20-byte IP header, 20-byte TCP header, HTTP header c du hiu kt thc l (0D 0A 0D 0A) v cui cng l phn d liu. D liu thu c nh sau: Ethernet header: 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 IP header: 0001 C9 TCP header: HTTP header: . 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 1070 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32... ... 3A 61 34 61 22 0D 0A 0D 0A 45 0005 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 020A
Mt Protocol Analyzer s nhn vo nhng d liu trn v phn tch chng, trch xut thng tin v chuyn thnh cc trng thng tin c th d dng c bi con ngi, v d i vi packet trn sau khi thc hin phn tch thng tin ta s c:
ETHER: Destination address : 0000BA5EBA11 ETHER: Source address : 00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type : 0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Precedence = Routine IP: ...0.... = Normal Delay IP: ....0... = Normal Throughput IP: .....0.. = Normal Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 (0x1DE4) IP: Flags Summary = 2 (0x2) IP: .......0 = Last fragment in datagram IP: ......1. = Cannot fragment datagram IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP - Transmission Control IP: Checksum = 0xC26D IP: Source Address = 10.0.0.2 IP: Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer Protocol TCP: Destination Port = 0x0775 TCP: Sequence Number = 97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) TCP: Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x10 : .A.... TCP: ..0..... = No urgent data TCP: ...1.... = Acknowledgement field significant
Chng II. K thut chn bt o SSL Sercure Socket Layer o SSH Sercure Shell o VPNs Virtual Private Networks Ci t mng sniffing kh khn hn o Kim tra ng dy v cc my trong mng. o S dng Switch thay v Hub. S dng Adapter khng h tr sniffing Mt vi loi Adapter c khng h tr promiscuous mode. 2.4.3 Mt s chng trnh pht hin sniffer AntiSniff http://www.l0pht.com/antisniff/ CPM (Check Promiscuous Mode) ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/ Dnh cho UNIX. o neped http://www.apostols.org/projectz/neped/ o sentinel http://www.packetfactory.net/Projects/sentinel/ o cpm (Check Promiscuous Mode) ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/cpm/
xy dng chng trnh sniffer, chng ta c cc la chn chnh: Chn bt mc ng dng, mc h iu hnh v mc network adapter.
Chng II. K thut chn bt Packet Injection: gi cc packet ti raw socket. Raw socket khng nm tng ngn ng lp trnh m l mt phn networking API ca h iu hnh. S dng raw socket chng ta c th ly v header ca packet khc vi socket thng thng ch ly v payload ca packet. Raw socket c s dng trong transport layer v network layer. Khi Window XP c pht hnh nm 2001, raw socket c ci t trong th vin Winsock, tuy nhin Microsoft tuyn b raw socket ch c hacket dng trong vic thc hin TCP reset attacks. Do vy sau 3 nm sau trong bn hotfix, Mircrosoft hn ch h tr raw socket trong winsock cng nh khng h tr cho ng dng no s dng chng na.
Chng II. K thut chn bt API ca libpcap v winpcap c vit bng C hoc C++ nn c th xy dng ng dng bng cc ngn ng khc nh .NET, Java ta cn c wrapper. Danh sch cc wrapper s dng libpcap/winpcap vi ngn ng khc C/C++: Net::Pcap, a Perl wrapper for pcap python-libpcap, a Python wrapper for pcap pcapy, another Python wrapper for pcap PacketFu, a Ruby wrapper for pcap tclpcap, a Tcl wrapper for pcap jpcap, a Java wrapper for pcap jNetPcap, another Java wrapper for pcap WinPcapNET, SharpPcap, Pcap.Net, .NET wrappers for WinPcap pcap, Haskell bindings for pcap mlpcap, Objective Caml bindings for pcap pcap, Chicken Scheme wrapper for pcap
Chng II. K thut chn bt Tng ng gia Socket v Pcap Raw socket v pcap u c th c s dng vit chng trnh sniffer. Tuy nhin socket ch c th lm vic t tng th 4 trong m hnh OSI tr ln (transport layer trong TCP/IP) v raw socket c th lm vic c vi tng th 3 trong m hnh OSI tr ln (network layer trong TCP/IP) cn pcap c th lm vic vi tng th 2 tr ln trong m hnh OSI (link layer trong TCP/IP) (ngun). Ngoi ra raw socket trn window khng cn c Microsoft h tr cng nh tnh nng b gii hn nh: D liu TCP khng th c gi qua raw socket. UDP datagram vi a ch ngun khng hp l s khng th gi qua raw socket. Do vy, nu s dng Socket o c ton b lu lng thng tin vo/ra mt h thng hay mt trm th s dn ti kt qu c th khng chnh xc do n ch c th chn bt mt s loi packet nht nh (TCP v UDP) (IP nu nh s dng raw IP socket). Cc giao thc vi cc gi d liu khc nh ARP, RARP, ICMP ta s khng th chn bt khi s dng socket. Nu s dng th vin pcap chn bt mc network adapter th ta s c th chn bt c ton b thng tin do mc chn bt y tng th 2 trong m hnh OSI (link layer trong TCP/IP). Tuy nhin, sai lch l rt nh do cc gi tin ngoi TCP v UDP c rt nh v khng thng xuyn. S dng Raw Socket ta c th block mt ng dng, mt tin trnh s dng mng bng cch c th chn cng hay chn a ch IP ca n. Tuy nhin, khi s dng th vin pcap, ta khng th lm vic ny m ch c th chn bt v trch xut thng tin. Kt lun: xy dng mt ng dng sniffer, ta hon ton c th s dng bt k mt trong hai phng php trn. Tuy nhin, ty vo nhiu yu t khc nhau m ta c th chn mt trong hai phng php hay kt hp c hai phng php.
S giao tip thng qua winsock Winsock thc s nh mt tng gia cc ng dng winsock v ngn xp TCP/IP. Cc ng dng yu cu Winsock.dll cn lm nhng g, n bin dch cc cu lnh dch chuyn ti b giao thc TCP/IP v b giao thc TCP/IP chuyn chng ln
Chng III. Phn tch, la chn v thit k gii thut mng. Yu cu l Winsock.dll ang dng phi c phin bn ng vi phin bn ca TCP/IP ang chy. 1.1.2 Cc s kin ca Winsock DatArribal: y l ni pht hin d liu n thng qua cng cc b. Connect: To lp mt kt ni ti trm khc. SendProgesss: Phn ln c kt hp vi vic truyn file. Cho bit mun lm g trong khi n vn x l vic gi thng tin d liu. SendComplete: Sau khi gi d liu hon thnh cho bit xy ra chuyn g. Close: Dng ng kt ni, ngt kt ni. SendData: Bo cho Winsock iu khin vic gi d liu. GetData: Bo cho Winsock iu khin nhn d liu thng ang c gi thng qua RemotePort. 1.1.3 Loi Socket trong Winsock Stream Socket : Cung cp lin lc 2 chiu, chui tun t v tin cy. Stream Socket hot ng ging nh cuc m thoi. Trong Winsock c k hiu l kiu SOCK_STREAM dng giao thc iu khin truyn thng mng TCP. Datagram Socket : H tr dng thng bo 2 chiu. Datagarm Socket hot ng nh vic gi th i gi th li v thiu tin cy. Trong Winsock c k hiu kiu SOCK_DGRAM dng giao thc d liu ngi dng UDP. Sequential Packet Socket : Cung cp truyn thng 2 chiu, chui tun t, tin cy. Trong Winsock n c k hiu l kiu SOCK_SEQPACKET. Raw Socket : Cung cp truy cp c bn cc giao thc truyn thng, cho php truy cp trc tip cc thng tin header ca packet tng thp (IP). 1.1.4 Lm vic vi Socket trong Winsock Khi to Socket : Hm int socket (int domain, int type, int protocol) c gi khi to Socket trong min v kiu xc nh. Nu giao thc khng c ch r h thng s mc 45 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut nh giao thc h tr loi socket ch nh. Cc socket nm gi s c tr v. Qu trnh truyn thng kt ni qua cc a ch. Hm int bind (int s, const struct sockaddr *name, int namelen) c gi kt hp ng dn hoc a ch Internet ti Socket. S dng unlink () rm() hy mt socket. Kt ni cc Stream Socket: i vi vic kt ni cc Socket, mt tin trnh thng hot ng nh Server m tin trnh khc l Client. Server kt hp Socket ca n ti ng dn hoc a ch. Sau Server gi hm int listen (int s, int backlog) cho SOCK_STREAM. N xc nh c bao nhiu yu cu kt ni trong hng i .Mt Client khi to kt ni ti Socket ca Server bng cch gi hm int connect (int s, struct sockaddr *name, int namelen) Server gi hm accept() hon tt kt ni cho SOCK_STREAM. Hm int accept (int s, struct sockaddr *addr, int *addrlen) tr v mt socket mi ph hp vi s lin lc ring . Mt server c th c nhiu kt ni SOCK_STREAM ch ng trong cng lc. Truyn ti v ng Stream Socket: C mt s hm gi v nhn d liu t Socket SOCK_STREAM l read() v write(). Cc hm send (int s, const char *msg, int len, int flags) , revc (int s, const ch *buf, int len, int flags) ging vi read() v write() nhng c thm mt s c iu khin:Dng hm close() ng Socket. Datagram Socket: Mt Datagram Socket khng i hi phi thnh lp kt ni. Mi thng ip s mang mt a ch ch. Nu a ch cc b ring bit l cn thit th vic gi hm bind() phi c gi trc khi truyn d liu. D liu c gi thng qua hm sendto() hoc sendmsg(). Hm sendto c gi ging nh hm send() c gi vi a ch ch xc nh. nhn cc thng bo Datagram Socket ta gi hm recvfrom() hoc recvmsg(). Trong khi revc() yu cu mt vng m th recvfrom() yu cu ti 2 vng m cho d liu v cho a ch ngun. Datagram Socket cng c th dng hm connect() kt ni socket ti mt socket ch c xc nh trc. Khi cng vic hon tt th hm send() v recv() c dng
Chng III. Phn tch, la chn v thit k gii thut gi v nhn d liu. Hm accept() v listend() khng c s dng vi Datagram Socket.
S giao tip thng qua .NET Socket 1.2.2 Lm vic vi .NET Socket Nu lm vic vi cc tng cao, .NET Socket cung cp sn cc lp TcpListener, TcpClient v UdpClient:
Chng III. Phn tch, la chn v thit k gii thut C ch lm vic ca .NET Socket lm vic vi tng thp hn, ta phi dng lp Socket Khi to Socket khi to 1 Socket ta s dng cu t: Socket (IPAddress, SocketType, ProtocolType);: Kt ni Socket: kt ni Socket, ta s dng hm Connect() vi tham s l a ch IP mun kt ni ti. Truyn ti d liu thng qua Socket: gi v nhn d liu thng qua .NET Socket, ta s dng hm Send() v Receive() vi cc tham s ph hp. 1.2.3 Demo
1.3 Winpcap
S dng Winpcap xy dng sniffer c ngha l thc hin chn bt mc network adapter.
Chng III. Phn tch, la chn v thit k gii thut 1.3.1 Khi nim Winpcap l mt thu vin m ngun m dnh cho vic chn bt v phn tch gi tin trn nn h thng Win32. Rt nhiu cc ng dng mng hin nay da trn Socket truy cp mng da vo h iu hnh do h iu hnh thc hin hu nh cc cng vic mc thp. Tuy nhin, i khi ta cn truy cp vo d liu nguyn thy trn mng m khng quan tm ti giao thc m n s dng. Khi Winpcap s l s la chn khi cho php ta truy cp trc tip cc gi tin ti mc ca network adapter (trong phm vi ti ta ch xt Ethernet). Winpcap c cc mc tiu chnh sau y: Chn bt cc gi tin (raw packet), k c gi tin gi/nhn ca my ang chy ng dng chn bt ln gi tin chia s thng qua n. Lc gi tin theo nhng quy lut nh trc (giao thc, a ch...). Gi raw packet qua mng. Thng k v bo co cc thng tin lin quan. Winpcap ging nh nhng b th vin chn bt gi tin khc nh libpcap,... gm c 2 thnh phn: Packet Capture Driver Giao din lp trnh (nm trong Packet.dll). Hot ng ca Winpcap c miu t trong hnh sau:
C ch hot ng ca Winpcap
1.3.2 Lm vic vi Winpcap
Ly v danh sch cc device: ly v danh sch cc thit b mng ta s dng hm pcap_findalldevs_ex(). Hm ny s tr v mt danh sch cc thit b m sau ta c th m vi hm pcap_open(). M mt thit b v chn bt cc gi tin: m mt thit b mng (thng l network adapter) bt u chn bt ta s dng hm pcap_open(). Sau khi thit b c m, vic chn bt c th c thc hin vi hm pcap_dispatch() hoc pcap_loop(). Hai hm ny tng t nhau, nhng im khc bit l pcap_dispatch() s dng li khi thi gian quy nh ht (timeout) trong khi pcap_loop() ch dng li khi n bt c gi tin (do vy n thng khng c s dng trong thc t do s block chng trnh). Ngoi ra ta cng c th s dng hm pcap_next_ex() v kt qu tr v s l packet header v d liu). Lc gi tin (filtering) 50 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut L mt tnh nng mnh v hu dng nht trong winpcap.N cung cp kh nng phn tch mng mt cch hiu qu v kt hp hon ho vi c ch chn bt ca Winpcap. Nhng hm c s dng filter packet l pcap_compile() v pcap_setfilter(). Thng k: Ta c th thng k da vo thng tin ca cc packet chn bt c thu thp thng tin tnh trng mng. Tuy nhin, vi nhng ng dng khng i hi thng k chi tit ta c th yu cu network adapter lm cng vic thng k bng cch thit t n trong trng thi thng k (statistical mode) set_mode(). bng cch s dng hm
Trong phn ny chng ta s phn tch phng hng v gii thut thc hin chng trnh m khng quan tm ti cng ngh c th 51 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut chn bt v phn tch gi tin, chng trnh c ci t trn mt my c lp c th l my ch ca mng LAN (gateway). u tin, n s tin hnh bt cc gi tin truyn trn mng thng qua thit b card mng (network adapter). Sau chng trnh tin hnh c ct ly phn header ca gi tin, tip theo n s phn tch tng hp cc header phn chung laays ra cc header xc nh. Khi tng hp xong chng trnh a thng tin ca tng header vo mt c s d liu (hoc file). Vi yu cu ca ti, chng ta c th s khng cn lu li d liu ca cc gi tin m ch cn header ca chng. Thng tin ca cc gi tin c thng k v hin th. Cc bc tng qut c thc hin theo s sau y:
2.1 Bt gi tin
Ca ng c th x l gi tin l card mng. Thng qua n cc gi tin truyn trn tin thu c ra mn hnh vi c ch event (ngay lp tc khi chn bt v phn tch c gi tin) hay cng c th thc hin tng t mi mt khong thi gian (v d 5s). T nhng thng tin thu c nhng bc trn ta c th thng k vo bo co ty thuc vo yu cu ca ngi dng.
Chng III. Phn tch, la chn v thit k gii thut ht c phn header ca gi tin. Ta c th bc tch ln lt tng phn header ca cc giao thc bt u t giao thc cp thp nht m chng trnh chn bt (IP h eader vi chng trnh s dng raw socket v Ethernet header vi chng trnh s dng winpcap). Da vo header ca n v d liu tng di, ta hon ton c th bc tch v thu c header ca n v d liu giao thc tng trn.
2.4 a vo c s d liu
Cc thng tin ta xc nh c bc trn c th c a vo mt c s d liu tin cho vic hin th, thng k vo bo co. Cc thng tin c th gm Phin bn. Thi gian sng. a ch ngun. a ch ch. Tng s cc segment. S hiu cng ngun. S hiu cng ch. 53 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut Giao thc truyn. di header. ln gi tin Nhng thng tin ny khng nht thit phi c a vo mt c s d liu quan h hay mt file d liu trn a v c th lm tng phc tp khng cn thit cho chng trnh. Chng ta c th ch cn ghi cc thng tin ny vo mt b m trong b nh my tnh.
T nhng so snh gia hai phng php chn bt gi tin (raw socket v pcap) v chi tit hai b th vin tng ng (winsock v winpcap) nhng mc trn, ta nhn thy mt s c im sau khi la chn gii thut v cng ngh:
Kh nng: C hai phng php u c kh nng thc hin yu cu t ra ca ti l chn bt, phn tch cc gi tin. Tuy nhin, vi winpcap, do chn bt mc card mng nn ta c th chn bt cc gi tin thng qua mng, cn i vi winsock do chn bt mc h iu hnh, ta ch c th chn bt cc gi tin c h iu hnh chp nhn (tc l ch c th chn bt cc gi tin thng qua my ang chy chng trnh v ch i vi mt s loi gi tin nht nh c h iu hnh h tr. Tc : Do winpcap chn bt mc network adapter nn c tc cao hn so vi winsock. Ngoi ra .NET Socket do cn cn c thm CLR nn c th hot ng chm hn. Tuy nhin vi cc my tnh hin nay tc sai khc l khng ng k 54 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut linh hot : Winsock v .NET Socket ch c th chn bt gi tin t tng giao thc IP tr ln v gi gn trong mt s hu hn cc loi gi tin m h iu hnh h tr, do n km link hot hn. Ngoi ra pht trin ng dng vi Winsock ta phi s dng Visual C++, vi .NET Socket ta phi s dng .NET trong khi i vi Winpcap ta c kh nhiu th vin c lin kt trong cc ngn ng khc nhau nh Java, .NET, Python, ... H tr: Bn Winsock mi nht l Winsock 2.0 v rt t c ci tin cng nh khng cn c Microsoft h tr nhiu (cn b rt bt mt vi chc nng) trong khi Winpcap vn ang c tip tc pht trin (mi nht l Winpcap 4.1 vo thng 1/2009) vi m ngun v documentation y . phc tp ci t: S dng Winpcap pht trin c phc tp cao hn do t c s h tr ca h iu hnh v phi ci thm th vin ngoi nhng tnh linh hot cng cao hn. Nhng ng dng c: Hin nay hu ht cc ng dng chn bt gi tin u s dng Winpcap, c bit l nhng chng trnh chn bt gi tin thng dng v ni ting nh Wireshark hay Packet Analyzer u s dng Winpcap. Winpcap gn nh tr thnh mt chun khng chnh thc i vi cc chng trnh chn bt gi tin trn Windows. T nhng l do nu trn, s dng phng n chn bt mc thp c phn ph hp hn i vi ti phn tch lu lng thng tin vo ra trong mt mng.. Do vy, em xin xut s dng Winpcap 4.0 kt hp vi Jpcap 0.7 (ti a ch (http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html)) thc hin xy dng chng trnh.
Meter
Capture
File
View
Statistics
Bandwidth
Start
Open
Toolbar
Cummulative
Limit
Stop
Save
Face
Continuous
Block
Restart
Reload
Table Filter
Exit
Close
Meter (o lu lng bng thng) o Traffic Meteter: o lu lng bng thng trn 1 n v thi gian v hin th di dng th lin tc. Traffic Report: bo co lu lng thng tin di dng th bao gm: Bo co lu lng trong 24 gi gn nht. Bo co lu lng trong ngy. Bo co tng lu lng trong tun, thng, nm hoc trong mt khong thi gian bt k. Capture (bt gi tin) o Start: Bt u qu trnh bt gi tin. o Stop: Kt thc qu trnh bt gi tin. o Restart: Khi ng li qu trnh bt gi tin. o Exit Thot khi chng trnh. File (tp tin) o Open: M file ly thng tin v cc trng ca cc gi tin c ghi li t trc. o Save: Ghi li thng tin cc trng ca gi tin va bt c vo mt tp vi tn t t. o Reload: M li file c m t phin lm vic trc . View (giao din) o Toolbar: Cho php bt/tt ch hin th thanh Toolbar. o Face: Cho php thay i giao din ca chng trnh (giao din window, metal...) o Table Filter: Cho php hin th hay khng cc trng thng tin thu c ln mn hnh. 57 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Statistics (thng k) o Cumulative: Thng k tch ly vi cc tiu ch nh: s lng cc g i tin, ln cc loi gi tin, phn trm cc loi gi tin trn cc tng khc nhau v hin th di dng th vng.. o Continous: Thng k lin tc t l gia cc loi gi tin trn mi tng v hin th di dng th thi gian lin tc. Bandwidth Management (qun l bng thng) o Limit: Cho php qun l bng thng vo/ra mng ca h thng, cho php thit t gii hn lu lng, cnh bo v kha mng nu nh vt qu lu lng cho php c quy nh t trc. o Block: Kha mt a ch IP hay mt cng kt ni Internet ca h thng. Help o Thng tin v chng trnh v ngi thc hin. o Tr gip s dng chng trnh.
2.2 Chc nng o lu lng 2.2.1 o lu lng vo/ra trn my ci t chng trnh
Mt my tnh c th c nhiu thit b mng khc nhau cng thc hin vo/ra mng. o c lu lng trn mt my, chng ta phi o lu lng vo/ra trn tt c cc thit b, sau tng hp li v kim tra a ch, nu nh a ch ngun v ch chnh xc th s hin th ra biu thi gian lin tc v ghi vo c s d liu.
Hot ng ghi c s d liu T c s d liu, ta c th to ra nhng bo co nh: Bo co lu lng theo tng gi, tng ngy, tng tun, tng thng v tng nm. Bo co lu lng trong mt khong thi gian bt k. Hin th di dng th.
2.3 Bt gi tin
Chng trnh cn cho php la chn cc thit b mng khc nhau c ci t trn my v thc hin chn bt cc gi tin vo ra trn cc thit b mng . Nhng thng tin m ngi dng cn khai bo trc mi phin chn bt bao gm: Chn bt trn thit b no. Chn bt vi s lng gi tin ti a l bao nhiu. Chn bt trong thi gian ti a l bao nhiu chng trnh s t ng dng li. (c th khai bo hoc khng). Chn bt trong ch a hn tp (promiscuous mode) hay khng. Cc thao tc chng ta c th thc hin vi chc nng ny bo gm: 61 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Start: bt u thc hin bt gi tin vi nhng thit lp nh trn. Stop: dng qu trnh bt gi tin. Restart: bt u li t u bt gi tin vi nhng thit lp gi nguyn t phin lm vic trc . thc hin chn bt cc gi tin trong mng LAN ta cn phi thit lp chng trnh chn bt trong ch a hn tp (promiscuous mode) v lp t cc my trong mng theo nhng s thch hp nh nhng v d sau y:
V d s cch ni cc my trong mng 1 Trong s trn, my c ci t chng trnh c ni vi nhng my trong cng mng thng qua mt Hub. Do vy, my ny hon ton c th chn bt c nhng gi tin vo/ra trn ton mng (bao gm c nhng gi tin vo/ra trn nhng my khc trn mng ni cng mt Hub).
V d s cch ni cc my trong mng 2 Trong s ny, cc my trong mng c ni vi nhau bng switch. Tuy nhin, my ci t chng trnh s c ni vo switch thng qua mirror port v do vy n s nhn bit c tt c cc gi tin qua mng. Tuy nhin i vi cch ni ny yu cu swtich phi c chc nng port mirroring.
V d s cch ni cc my trong mng 3 Trong s ny ta s dng mt Hub v mt Switch khng c chc nng port mirroring t hiu qu tng t 2 cch trn.
Chng IV. Xy dng chng trnh chn bt gi tin hin nay nh wireshark, network analyzer, tcpdump... ngha l chng trnh ca chng ta v nhng chng trnh trn hon ton c nh dng file tng thch (compatible). Nhng packet chn bt trn chng trnh ny hon ton c th m ra trn chng trnh khc v ngc li.
Chng IV. Xy dng chng trnh T l phn trm gia cc gi tin trn mi tng. Tng ln ca cc gi tin cc loi trn mi tng. T l phn trm gia ln cc gi tin trn mi tng. Nhng thng tin ny s c hin th di dng th vng (Ring Chart) c th d dng quan st v so snh. 2.6.2 Thng k lin tc (Continous) Cho php thng k t l gia cc gi trn trn cc tng di dng th dng ng k v cp nht trn thi gian thc (TimeSeries Chart).
S mi lin h trong hot ng kha mng Nhng thng tin ta cn c trong chc nng ny bao gm: a ch ngun ( bao gm IP v SubnetMask). a ch ch (bao gm IP v SubnetMask). S hiu cng ngun (i vi TCP v UDP). 65 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh S hiu cng ch (i vi TCP v UDP). 2.7.2 Kha mng t ng T ng kha truy cp mng theo nhng iu kin cho trc.
Traffic Meter Ngi dng c th ty n/hin, di chuyn Meter theo mun. Cc thnh phn cn li ca chng trnh nu mun kch hot ta phi s dng cc Menu trong System Tray
Chng IV. Xy dng chng trnh Toolbar: cc cng c di dng nt bm trc quan. Cc nt bm ny u c nhng menu tng ng trn thanh menu v c tc dng tng ng.
Thanh Toolbar
Packets Table: hin th danh sch cc gi tin chn bt c.di dng bng d liu cng nh km theo b lc i vi cc trng thng tin trn bng.
Bng danh sch cc gi tin Packet Information Tree: hin th thng tin ca packet c la chn trn Packets Table i vi tng tng.
Statusbar: hin th trng thi ca chng trnh: s packet chn bt c v s packet c hin th trn bng (hai s lng ny l khc nhau nu nh ngi dng thc hin filter i vi mt ct thng tin bt k no ).
Khi bt u thc hin bt gi tin bng menu Capture trn menu hoc nt bm trn toolbar, ngi dng s c yu cu khai bo cc thng tin lin quan ti phin lm vic nh sau:
La chn thit b s chn bt trn danh sch. La chn c chn bt trong ch a hn tp hay khng. 70 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh La chn s t ng dng bt gi tin sau mt khong thi gian nh trc hay sau mt s lng gi tin nht nh. Khi , chng trnh s tin hnh chn bt cc gi tin theo thi gian thc vi cc tiu ch k trn. Cc gi tin s c hin th ra mn hnh di dng bng.(Packets Table). Bng hin th l bng ng vi phn d liu (model) ca cc packet v phn hin th (view) hon ton ring bit, do vy ngi dng c th thc hin la chn bng s hin th thng tin g m khng h nh hng n d liu, ng thi gip chng trnh ch cn phn tch nhng thng tin cn thit m khng cn phn tch ton b tt c cc trng thng tin, gp phn lm tng hiu nng.
Bng d liu cho php ngi dng la chn thng tin hin th Bng d liu cho php ngi dng sp xp trn tt c cc trng thng tin hin th bng cch nhy p vo header ca trng thng tin trn bng.
Bng d liu cho php ngi dng thc hin lc trn mt trng gi tr bt k hin th trn bng bng cch g vo filter nm ngay pha trn bng. Nhng packet no khng tha mn gi tr filter s c giu i m khng nh hng g n d liu chng trnh.
V d Filter cho trng Destination IP vi gi tr 192.168. Ch nhng packet no c gi tr tng ng bt u bng 192.168 mi c hin th.
Chng IV. Xy dng chng trnh cc chng trnh khc k trn hay ghi li file m cc chng trnh c th m c. Cc thao tc gm: Open: m file ( yu cu l file dng chun *.pcap ca libpcap). Save: lu li file di nh dng chun *.pcap. Save as: lu li file va m di tn khc v ui bt k. Reload: m li file va m trong phin trc . Close: ng li file hay hy b phin chn bt
Menu thng k Ngi dng c th la chn chc nng thng k thng qua menu hoc nt bm trn thanh toolbar. 3.6.1 Thng k tch ly (Cumulative Statistics) Chc nng ny cho php ngi dng thng k li thng tin t lc bt u phin chn bt v lin tc cp nht cho n khi ngi dng la chn dng phin chn bt. 73 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Ngi dng c th thng k theo tng tng bao gm: Thng tin tng qut. Network Layer. Transport Layer Application Layer. D liu c thng k theo cc tiu ch sau: Tng s lng cc packet mi loi. T l phn trm cc packet mi loi. Tc chn bt (bit/s v packet/s). Tng ln ca packet theo mi loi. D liu c lin tc cp nht trn biu dng vng v vi mi mt tiu ch s c mt biu tng ng. v d di y l biu thng k tch ly trn cng mt d liu i vi tng Application v theo hai tiu ch khc nhau l tng s lng packet v tng ln ca packet mi loi.
V d thng k theo tng ln cc gi tin 3.6.2 Thng k lin tc (Continous Statistics) Khng ging nh thng k tch ly, thng k lin tc cho php ngi dng nhn bit s thay i ca t l cc packet trong khong thi gian lin tc do n s dng th dng ng lin tc v c cp nht 1giy/ln. Thng tin c lu tr ti a ti 120 giy.
V d vi Metal LookAndFeel
V d vi Office 2007 LookAndFeel Cho php ngi dng la chn ngn ng ca chng trnh (ting Anh v ting Vit). Sau khi thay i th ton b cc on hi thoi, cc menu... ca chng trnh u c chuyn sang ngn ng tng ng.
4.1 Nhc im
Chng trnh cn tn ti rt nhiu nhng nhc im cn phi khc phc, l: Cha thc s qun l v chn bt c trong mng LAN. Nu mun chn bt cc gi tin trong mng LAN th cn phi lp t cc my trong mng theo s thch hp s dng Hub hoc Switch c chc nng port mirroring kt hp vi ch bt a hn tp (promiscuous mode).
Chng IV. Xy dng chng trnh Khng thc s kha kt ni mng m ch ng vai tr cu ni ngi dng s dng dch v IPSercurity ca Windows. Do vy chc nng kha ny cng khng th hot ng trn cc h iu hnh khc ngoi Windows v chng trnh cha thc s hon ton Cross-Platform. S dng c s d liu HyperSQL vi ch b nh, do vy mi ln khi ng chng trnh phi load ton b c s d liu vo b nh, gy tn thi gian khi ng nu nh d liu c lu qu nhiu (khong vi nm). Nhng thng tin ghi li vo c s d liu cn t ( ch bao gm lu lng vo/ra v s packet vo/ra). Cha thc hin highlight i vi cc loi gi tin khc nhau. Cch thc phn tch cc gi tin cn s si, t chng loi gi tin c th phn tch, cch thc hin th cc trng thng tin cn nhiu ch khng hp l ( cch hin th trng thi gian, cch cn l cc ct d liu trong bng...). Cha c chc nng gii m d liu ca gi tin cng nh theo du lung TCP (TCP Stream) t kim tra th t cc gi TCP v tng hp thnh mt file d liu hon chnh, do vy cng cha th cnh bo cc on m c c th gi ti h thng. Khi thc hin chn bt gi tin th chng trnh ch cho php chn bt t mt thit b duy nht, nu mun chn bt nhiu thit b cng lc th phi chy hai chng trnh cng lc.
Chng IV. Xy dng chng trnh Pht trin thm chc nng phn tch gi tin cho php hin th mi lin h gia cc a ch v mi lin h gia cc cng di dng th.
Kt Lun
Trong thi gian lm n tt nghip ny, cng vi s c gng ca bn thn v s hng dn tn tnh ca thy gio Th.S. Ng Quc Vinh v cc thy c gio trong khoa Cng ngh thng tin cng s tham gia ng gp ca cc bn sinh vin, em xy dng c chng trnh kim sot lu lng thng tin trn h thng mng vi cc yu cu ra. Em c gng hon thin chng trnh c v mt chc nng cng nh giao din, song vn khng th trnh khi rt nhiu thiu st, em rt mong nhn c s tham gia ng gp v gip ca cc thy c gio, cc bn sinh vin em c th pht trin hn na chng trnh ca mnh. Trong thi gian ti em s c gng nghin cu pht trin v hon thin ti ca mnh hn na. Cui cng, mt ln na em xin chn thnh cm n cc thy c trong khoa Cng ngh thng tin, nhng ngi du dt em trong sut qu trnh hc tp ti trng v c bit gi li cm n su sc n thy Ng Quc Vinh hng dn, gip em trong sut qu trnh lm ti tt nghip ny..
Hi Phng thng 12 nm 2009 Sinh vin: Trn Ngc Vit
[1]. Wikipedia.org [2]. Robert Graham. Packet Sniffing FAQ. [3]. Nguyn Thc Hi. Mng my tnh v cc h thng m. [4]. Fiach Reid. Network Programming in .NET With C# and Visual Basic .NET. [5]. Keita Fujii. Jpcap Tutorials.