Baocao

MC LC
CHNG I. C S L THUYT MNG MY TNH ................................. 5 1 Tng Quan H Thng Mng TCP/IP Ethernet ........................................ 5
1.1 Khi nim mng my tnh ......................................................................................... 5 1.2 Kin trc phn tng ................................................................................................... 6 1.3 M hnh OSI ............................................................................................................... 8 1.3.1 Khi nim ............................................................................................................. 8 1.3.2 Mc ch ............................................................................................................... 9 1.4 Phng thc hot ng ........................................................................................... 10 1.4.1 C kt ni (Connection Oriented) ..................................................................... 10 1.4.2 Khng kt ni (Connectionless) ........................................................................ 11 1.5 B giao thc TCP/IP ................................................................................................ 11 1.5.1 Khi nim ........................................................................................................... 12 1.5.2 Mc ch v ngun gc...................................................................................... 12 1.5.3 c im ............................................................................................................. 13 1.6 So snh TCP/IP v OSI ............................................................................................ 14
B giao thc TCP/IP Cc giao thc v khun dng d liu chnh.... 15

2.1 Cu trc phn tng ca TCP/IP ............................................................................. 15 2.2 ng gi d liu trong TCP/IP ............................................................................... 16 2.3 S lc chc nng cc tng ..................................................................................... 17 2.3.1 Tng ng dng (Application Layer) ................................................................. 17 2.3.2 Tng giao vn (Transport Layer) ...................................................................... 17 2.3.3 Tng Internet (Internet Layer) .......................................................................... 17 2.3.4 Tng lin kt (Link Layer) ................................................................................. 18 2.4 Cc giao thc chnh v khun dng d liu tng ng........................................ 18 2.4.1 Ethernet .............................................................................................................. 18 2.4.2 ARP (address resolution protocol) .................................................................... 20 2.4.3 RARP (reserve address resolution protocol) ..................................................... 21 2.4.4 IP (internet protocol) ......................................................................................... 21 2.4.5 ICMP (internet control message protocol) ........................................................ 24 2.4.6 TCP (Transmission Control Protocol) .............................................................. 26 2.4.7 UDP (User Datagram Protocol) ........................................................................ 28 2.4.8 HTTP (Hypertext Transfer Protocol) ................................................................ 29 2.4.9 DNS (Domain Name System) ............................................................................ 29
CHNG II. K THUT CHN BT .......................................................... 32 1 Tng Quan V Chn Bt Gi Tin (Sniffer)............................................. 32
1.1 Cc khi nim lin quan .......................................................................................... 32 1.2 ng dng ca sniffer................................................................................................ 33 1.2.1 Kh nng ............................................................................................................ 33 1.2.2 Mc ch ............................................................................................................. 33 1.3 Cc chng trnh sniffer hin c ............................................................................ 34
Cch Thc Hot ng .............................................................................. 34

2.1 2.2 Theo di Network Traffic ........................................................................................ 34 Phn tch Network Traffic ....................................................................................... 35
1 Trn Ngc Vit CNT46 H
2.3 Cc thnh phn ca mt chng trnh sniffer ...................................................... 37 2.4 Phng chng sniffer ................................................................................................. 38 2.4.1 Pht hin sniffer trong mng ............................................................................ 38 2.4.2 Ngn chn sniffer .............................................................................................. 38 2.4.3 Mt s chng trnh pht hin sniffer .............................................................. 39
Cc Phng Php Xy Dng ................................................................... 39

3.1 3.2 3.3 Raw Socket mc h iu hnh ............................................................................. 40 Pcap mc network adapter .................................................................................. 41 So snh Raw Socket v Pcap ................................................................................... 42
CHNG III. PHN TCH, LA CHN V THIT K GII THUT .... 44 1 Chi Tit Cc Phng Php....................................................................... 44
1.1 Winsock ..................................................................................................................... 44 1.1.1 Khi nim ........................................................................................................... 44 1.1.2 Cc s kin ca Winsock ................................................................................... 45 1.1.3 Loi Socket trong Winsock ................................................................................ 45 1.1.4 Lm vic vi Socket trong Winsock................................................................... 45 1.2 .NET Socket .............................................................................................................. 47 1.2.1 Khi nim ........................................................................................................... 47 1.2.2 Lm vic vi .NET Socket ................................................................................. 47 1.2.3 Demo................................................................................................................... 48 1.3 Winpcap .................................................................................................................... 48 1.3.1 Khi nim ........................................................................................................... 49 1.3.2 Lm vic vi Winpcap ...................................................................................... 50
Hng Thc Hin Chng Trnh ............................................................ 51

2.1 2.2 2.3 2.4 2.5 Bt gi tin .................................................................................................................. 52 Tch phn header..................................................................................................... 52 Phn tch, tng hp header ..................................................................................... 53 a vo c s d liu ............................................................................................... 53 Hin th, thng k v bo co .................................................................................. 54
La chn gii thut ................................................................................... 54 Cc Chc Nng Chnh .............................................................................. 56 Phn Tch Xy Dng Cc Chc Nng Chnh ......................................... 59
2.1 Hot ng tng qut ................................................................................................ 59 2.2 Chc nng o lu lng. ......................................................................................... 60 2.2.1 o lu lng vo/ra trn my ci t chng trnh...................................... 60 2.2.2 Bo co thng tin lu lng ............................................................................. 60 2.3 Bt gi tin .................................................................................................................. 61 2.4 Cc thao tc vi File................................................................................................. 63 2.5 Giao din (View) ....................................................................................................... 64 2.6 Thng k (Statistics)................................................................................................. 64 2.6.1 Thng k tch ly (Cumulative)......................................................................... 64 2.6.2 Thng k lin tc (Continous)........................................................................... 65 2.7 Qun l mng ........................................................................................................... 65
CHNG IV. XY DNG CHNG TRNH ............................................. 56 1 2
2.7.1
Kha mng theo mt lut m ngi dng la chn ........................................ 65
Gii Thiu Chng Trnh......................................................................... 66

3.1 Khi ng chng trnh .......................................................................................... 66 3.2 Chc nng bo co ................................................................................................... 67 3.3 Chc nng bt gi tin............................................................................................... 67 3.4 Cc thao tc vi file .................................................................................................. 72 3.5 Chc nng di chuyn trn bng d liu ................................................................. 73 3.6 Chc nng thng k ................................................................................................. 73 3.6.1 Thng k tch ly (Cumulative Statistics) ......................................................... 73 3.6.2 Thng k lin tc (Continous Statistics) ........................................................... 75 3.7 Ngn chn thng tin ................................................................................................. 76 3.8 Mt s tnh nng ph ............................................................................................... 77
Nhc im v hng pht trin ............................................................ 78

4.1 4.2 Nhc im ............................................................................................................... 78 Hng pht trin ...................................................................................................... 79
Kt Lun ............................................................................................................ 81 TI LIU THAM KHO ................................................................................ 82
LI M U
Ngy nay, mng my tnh tr nn quen thuc vi mi ngi trong x hi. Cng vi s pht trin ca cng ngh thng tin v nhu cu ca con ngi, mng my tnh cng cng ngy cng m rng v tr thnh mt phn khng th thiu ca i sng. Tuy nhin, cng vi s pht trin ca mng my tnh, rt nhiu vn lin quan cng c t ra i vi ngi s dng nh li ng truyn, virus, s tn cng ca hacker.... gp phn gii quyt nhng vn ny th vic kim sot lng thng tin vo ra mang mt ngha kh quan trng. Chnh v vy em la chn thc hin n tt nghip l Xy dng chng trnh kim sot lu lng thng tin trao i qua h thng mng nhm mc ch cung cp mt cng c hu ch cho vic kim sot v hc tp v mng my tnh. Trong thi gian thc tp em xin chn thnh cm n cc thy c gio trong khoa Cng ngh thng tin trng i hc Hng Hi Vit Nam cng cc bn trong tp th lp CNT46-H v c bit thy Ng Quc Vinh gip em trong qu trnh thc hin n ny.
Hi Phng thng 12 nm 2009 Sinh vin: Trn Ngc Vit
Chng I. C s l thuyt mng my tnh
CHNG I. C S L THUYT MNG MY TNH

xy dng mt chng trnh qun l, thng k, kim sot lu lng thng tin, ta cn thc hin chn bt cc gi tin vo ra h thng mng cng nh phn tch cc gi tin thu c. (Packet Capture v Packet Analysis). Chng trnh nh vy thng c gi l Sniffer (Packet Analyzer). xy dng c sniffer, ta cn c c hiu bit c bn v mng my tnh v cc giao thc lin quan. Trong phm vi ca ti s c thc hin trn h iu hnh Window v s dng b giao thc TCP/IP Ethernet nn trong phn ny s trnh by nhng vn c bn nht ca mng Ethernet.
Tng Quan H Thng Mng TCP/IP Ethernet
1.1 Khi nim mng my tnh

T nhng nm 1960 xut hin cc mng ni cc my tnh v cc Terminal s dng chung ngun ti nguyn, gim chi ph khi mun thng tin trao i s liu v s dng trong cng tc vn phng mt cch tin li. Vi vic tng nhanh cc my tnh mini v cc my tnh c nhn lm tng yu cu truyn s liu gi cc my tnh, gia cc terminal, v gia cc terminal vi my tnh l mt trong nhng ng lc thc y s ra i v pht trin ngy cng mnh m cc mng my tnh.Qu trnh hnh thnh mng my tnh c th tm tt qua cc giai on sau: Giai on cc terminal ni trc tip vi my tnh: y l giai on u tin ca mng my tnh, tn dng cng sut ca my tnh ngi ta ghp ni cc terminal vo mt my tnh c gi l cc my tnh trung tm. Giai on cc b tin x l (Prontal) giai on 1 my tnh trung tm qun l truyn tin ti cc terminal, giai on 2 my tnh trung tm qun l truyn tin ti cc b tp trung qua cc b ghp ni iu khin ng truyn. Ta c th thay th b ghp ni ng truyn bng cc my tnh nini gi l prontal, chnh l b tin x l. Giai on mng my tnh: 5 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Vo nhng nm 1970 ngi ta bt u xy dng mng truyn thng trong cc thnh phn chnh ca n l cc nt mng gi l b chuyn mch dng hng thng tin ti ch. Cc mng c ni vi nhau bng ng truyn cn cc my tnh x l thng tin ca ngi dng hoc cc trm cui c ni trc tip vo cc nt mng khi cn th trao i thng tin qua mng. Cc nt mng thng l my tnh nn ng thi ng vai tr ca ngi s dng. Chc nng ca nt mng: Qun l truyn tin, qun l mng Nh vy cc my tnh ghp ni vi nhau hnh thnh mng my tnh, y ta thy mng truyn thng cng ghp ni cc my tnh vi nhau nn khi nim mng ma tnh v mng truyn thng c th khng phn bit. Vic hnh thnh mng my tnh nhm t cc mc ch sau: Tn dng v lm tng gi tr ca ti nguyn Chinh phc khong cch Tng cht lng v hiu qu khai thc v x l thng tin Tng tin cy ca h thng nh kh nng thay th khi xy ra s c i vi mt my tnh no . Nh vy: Mng my tnh l tp hp cc my tnh c ghp vi nhau bi cc ng truyn vt l theo mt kin trc no .
1.2 Kin trc phn tng

gim phc tp trong thit k v ci t mng, cc mng my tnh c t chc thit k theo kiu phn tng (layering). Trong h thng thnh phn ca mng c t chc thnh mt cu trc a tng, mi tng c xy dng trn tng trc ; mi tng s cung cp mt s dch v cho tng cao hn. S lng cc tng cng nh chc nng ca mi tng l tu thuc vo nh thit k. V d cu trc phn tng ca mng SNA ca IBM, mng DECnet ca Digital, mng ARPANET. .. l c s khc nhau. Nguyn tc cu trc ca mng phn tng l: mi h thng trong mt mng u c cu trc phn tng (S lng tng, chc nng ca mi tng l nh 6 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh nhau). Mc ch ca mi tng l cung cp mt s dch v nht nh cho tng cao hn. Tng i ca h thng A s hi thoi vi tng i ca h thng B, cc quy tc v quy c dng trong hi thoi gi l giao thc mc I Gia hai tng k nhau tn ti mt giao din (interface) xc nh cc thao tc nguyn thu ca tng di cung cp ln tng trn. Trong thc t d liu khng truyn trc tip t tng i ca h thng ny sang tng i ca h thng khc ( tr tng thp nht trc tip s dng ng truyn vt l truyn cc xu bt (0.1) t h thng ny sang h thng khc ).D liu c truyn t h thng gi (sender) sang h thng nhn (receiver) bng ng truyn vt l v c nh vy d liu li i ngc ln cc tng trn. Nh vy khi hai h thng lin kt vi nhau, ch tng thp nht mi c lin kt vt l cn tng cao hn ch c lin kt logic (lin kt o ) c a vo hnh thc ho cc hot ng ca mng thun tin cho vic thit k v ci t cc phn mm truyn thng. Nh vy vit chng trnh cho tng N, phi bit tng N+1 cn g v tng N -1 c th lm c g.
Minh ha kin trc phn tng tng qut 7 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Nguyn tc xy dng kin trc phn tng nh sau: n gin cn hn ch s lng cc tng. To ranh gii cc tng sao cho cc tng tc v m t cc dch v l ti thiu. Chia cc tng sao cho cc chc nng khc nhau c tch bit vi nhau, v cc tng s dng cc loi cng ngh khc nhau cng c tch bit. Cc chc nng ging nhau c t vo cng mt tng. Chn ranh gii cc tng theo kinh nghim c chng t l thnh cng. Cc chc nng c nh v sao cho c th thit k li tng m nh hng t nht n cc tng k n. To ranh gii gia cc tng sao cho c th chun ha giao din tng ng. To mt tng khi d liu c x l mt cch khc bit. Cho php thay i chc nng hoc giao thc trong mt tng khng lm nh hng n cc tng khc. Mi tng ch c cc ranh gii (giao din) vi cc tng k trn v k di n. C th chia mt tng thnh cc tng con khi cn thit. To tng con cho php giao din vi cc tng k cn. Cho php hy b cc tng con nu thy khng cn thit.
1.3 M hnh OSI

1.3.1 Khi nim Do cc nh thit k t do la chn kin trc mng ring ca mnh. T dn n tnh trng khng tng thch gia cc mng v: Phng php truy nhp ng truyn khc nhau, h giao thc khc nhau. ..s khng tng thch lm tr ngi cho qu trnh tng tc gia ngi dng cc mng khc nhau. Nhu cu trao i thng tin cng ln th tr ngi cng khng th chp nhn c vi ngi s 8 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh dng. Vi l do t chc chun ho quc t ISO thnh lp mt tiu ban nhm xy dng mt khung chun v kin trc mng lm cn c cho cc nh thit k v ch to cc sn phm mng. Kt qu l nm 1984 ISO a ra m hnh tham chiu cho vic kt ni cc h thng m ( Reference Model for Open System Inter connection) hay gn hn l OSI Reference model. M hnh ny c dng lm c s kt ni cc h thng m.
M hnh OSI
1.3.2 Mc ch M hnh OSI phn chia chc nng ca mt giao thc ra thnh mt chui cc tng cp. Mi mt tng cp c mt c tnh l n ch s dng chc nng ca tng di n, ng thi ch cho php tng trn s dng cc chc nng ca mnh. Mt h thng ci t cc giao thc bao gm mt chui cc tng ni trn c gi l "chng giao thc" (protocol stack). Chng giao thc c th c ci t trn phn cng, hoc phn mm, hoc l t hp ca c hai. Thng thng th ch c nhng tng thp hn l c ci t trong phn cng, cn nhng tng khc c ci t trong phn mm. M hnh OSI ny ch c ngnh cng nghip mng v cng ngh thng tin tn trng mt cch tng i. Tnh nng chnh ca n l quy nh v giao din gia cc tng cp, tc qui nh c t v phng php cc tng lin lc vi nhau. iu ny 9 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh c ngha l cho d cc tng cp c son tho v thit k bi cc nh sn xut, hoc cng ty, khc nhau nhng khi c lp rp li, chng s lm vic mt cch dung ha (vi gi thit l cc c t c thu o mt cch ng n Thng th nhng phn thc thi ca giao thc s c sp xp theo tng cp, tng t nh c t ca giao thc ra, song bn cnh , c nhng trng hp ngoi l, cn c gi l "ng ct ngn" (fast path). Trong kin to "ng ct ngn", cc giao dch thng dng nht, m h thng cho php, c ci t nh mt thnh phn n, trong tnh nng ca nhiu tng c gp li lm mt. Vic phn chia hp l cc chc nng ca giao thc khin vic suy xt v chc nng v hot ng ca cc chng giao thc d dng hn, t to iu kin cho vic thit k cc chng giao thc t m, chi tit, song c tin cy cao. Mi tng cp thi hnh v cung cp cc dch v cho tng ngay trn n, ng thi i hi dch v ca tng ngay di n. Nh ni trn, mt thc thi bao gm nhiu tng cp trong m hnh OSI, thng c gi l mt "chng giao thc".
1.4 Phng thc hot ng

mi tng m hnh trong tng ISO, c hai phng thc hot ng chnh c p dng l: phng thc hot ng c lin kt (connection-oriented) v khng c lin kt (connectionless). Vi phng thc c lin kt, trc khi truyn d liu cn thit phi thit lp mt lin kt logic gia cc thc th cng tng. Cn vi phng thc khng lin kt th khng cn lp lin kt logic v mi n v d liu c truyn l c lp vi cc n v d liu trc hoc sau n. 1.4.1 C kt ni (Connection Oriented) Vi phng thc c kt ni, qu trnh truyn d liu phi tri qua ba giai on theo th t thi gian. Thit lp kt ni: hai thc th ng mc hai h thng thng lng vi nhau v tp cc tham s s c s dng trong giai on sau. Truyn d liu: d liu c truyn vi cc c ch kim sot v qun l. Hu b kt ni (logic): gii phng cc ti nguyn h thng cp pht cho lin kt dng cho cc lin kt khc. 10 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Tng ng vi ba giai on trao i, ba th tc c bn c s dng, chng hn i vi tng N c: N-CONNECT ( thit lp lin kt ), N-DATA(Truyn d liu ), v NDISCONNECT (Hu b kt ni). Ngoi ra cn mt s th tc ph c s dng tu theo c im, chc nng ca mi tng. V d: Th tc N-RESTART c s dng khi ng li h thng tng 3 Th tc T-EXPEDITED DATA cho vic truyn d liu nhanh tng 4 Th tc S-TOKEN GIVE chuyn iu khin tng 5. .. Mi th tc trn s dng cc hm nguyn thu (Request, Indication, Response, Confirm) cu thnh cc hm c bn ca giao thc ISO. 1.4.2 Khng kt ni (Connectionless) i vi phng thc khng kt ni th ch c duy nht mt giai on l: truyn d liu. So snh hai phng thc hot ng trn chng ta thy rng phng thc hot ng c kt ni cho php truyn d liu tin cy, do c c ch kim sot v qun l cht ch tng kt ni logic. Nhng mt khc n phc tp v kh ci t. Ngc li, phng thc khng kt ni cho php cc PDU (Protocol Data Unit) c truyn theo nhiu ng khc nhau i n ch, thch nghi vi s thay i trng thi ca mng, song li tr gi bi s kh khn gp phi khi tp hp cc PDU di chuyn ti ngi s dng. Hai tng k nhau c th khng nht thit phi s dng cng mt phng thc hot ng m c th dng hai phng thc khc nhau.
1.5 B giao thc TCP/IP

M hnh OSI l m hnh tham chiu c t chc ISO xy dng nhm to mt chun phc v vic ni kt cc h thng m. Tuy nhin, do nhiu l do khc nhau m OSI khng c s dng trong thc t m thay vo c s dng rng ri nht l m hnh kin trc mng (b giao thc) TCP/IP. Hu nh tt c cc h iu hnh hin ti u c ci t b giao thc TCP/IP. Trong phn ny s gii thiu s lc v m hnh TCP/IP.
Chng I. C s l thuyt mng my tnh 1.5.1 Khi nim B giao thc TCP/IP, ngn gn l TCP/IP (ting Anh: Internet protocol suite hoc IP suite hoc TCP/IP protocol suite - b giao thc lin mng), l mt b cc giao thc truyn thng ci t chng giao thc m Internet v hu ht cc mng my tnh thng mi ang chy trn . B giao thc ny c t tn theo hai giao thc chnh ca n l TCP (Giao thc iu khin Giao vn) v IP (Giao thc Lin mng). Chng cng l hai giao thc u tin c nh ngha. Nh nhiu b giao thc khc, b giao thc TCP/IP c th c coi l mt tp hp cc tng, mi tng gii quyt mt tp cc vn c lin quan n vic truyn d liu, v cung cp cho cc giao thc tng cp trn mt dch v c nh ngha r rng da trn vic s dng cc dch v ca cc tng thp hn. V mt lgic, cc tng trn gn vi ngi dng hn v lm vic vi d liu tru tng hn, chng da vo cc giao thc tng cp di bin i d liu thnh cc dng m cui cng c th c truyn i mt cch vt l. 1.5.2 Mc ch v ngun gc Giao tip thng tin tr thnh nhu cu khng th thiu trong tt c mi lnh vc hot ng. Mng my tnh tnh ra i phn no p ng c nhu cu . Phm vi lc u ca cc mng b hn ch trong mt nhm lm vic, mt c quan, cng ty... trong mt khu vc. Tuy nhin thc t ca ca nhng nhu cu cn trao i thng tin trong nhiu lnh vc khc nhau, v nhiu ch khc nhau, gia cc t chc, cc c quan. ..l khng c gii hn. V vy nhu cu cn kt ni cc mng khc nhau ca cc t chc khc nhau trao i thng tin l thc s cn thit. Nhng tht khng may l hu ht cc mng ca cc cng ty, cc c quan... u l cc thc th c lp, c thit lp phc v nhu cu trao i thng tin ca bn thn cc t chc . Cc mng ny c th c xy dng t nhng k thut phn cng khc nhau ph hp vi nhng vn giao tip thng tin ca ring h. iu ny chnh l mt cn tr cho vic xy dng mt mng chung, bi v s khng c mt k thut phn cng ring no p ng cho vic xy dng mt mng chung tho mn nhu cu ngi s dng. Ngi s dng cn mt mng tc cao ni cc my, nhng nhng mng nh vy khng th c m rng trn nhng khong cch ln. Nhu cu v mt k thut mi m c th kt ni c nhiu mng vt l c cu trc khc hn 12 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh nhau l tht s cn thit. Nhn thc c iu , trong qu trnh pht trin mng ARPANET ca mnh, t chc ARPA ( Advanced Research Projects Agency) tp trung nghin cu nhm a ra mt k thut tho mn nhng yu cu trn. K thut ARPA bao gm mt thit lp ca cc chun mng xc nh r nhng chi tit ca vic lm th no cc my tnh c th truyn thng vi nhau cng nh mt s thit lp cc quy c cho kt ni mng, lu thng v chn ng. K thut c pht trin y v c a ra vi tn gi chnh xc l TCP/IP Iternet Protocol Suit v thng c gi tt l TCP/IP. Dng TCT/IP ngi ta c th kt ni c tt c cc mng bn trong cng ty ca h hoc c th kt ni gia cc mng ca cc cng ty, cc t chc khc nhau vi nhau. B giao thc TCP/IP gm nhiu giao thc c phn lm 4 tng nh sau:
Cc tng trong b giao thc TCP/IP 1.5.3 c im L b giao thc chun m v sn c, v: n khng thuc s hu ca bt c mt t chc no; cc c t th sn c v rng ri. V vy bt k ai cng c th xy dng phn mm truyn thng qua mng my tnh da trn n. TCP/IP c lp vi phn cng mng vt l, iu ny cho php TCP/IP c th c dng kt ni nhiu loi mng c kin trc vt l khc nhau nh: Ethernet, Tokenring, FDDI, X25, ATM...(Trong phm vi ti ta ch xt ti Ethernet). 13 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh TCP/IP dng a ch IP nh danh cc host trn mng to ra mt mng o thng nht khi kt ni mng. Cc giao thc lp cao c chun ho thch hp v sn c vi ngi dng.
1.6 So snh TCP/IP v OSI

Do nhiu nguyn nhn nh lch s, chi ph nn b giao thc TCP/IP c s dng rt lu trc khi m hnh OSI ra i. Cng do vy nn m hnh OSI kh ng c s dung rng ri trong thc t m l m hnh hc thut dng so snh vi m hnh thc t l TCP/IP. Hai ci c lin quan t nhiu, song khng phi l hon ton ging nhau. im khc bit u tin d thy nht l s lng ca cc tng cp. Trong khi b giao thc TCP/IP c 4 (hoc 5 tng) th m hnh OSI c ti 7 tng vi s khc bit l 2 tng mi: tng phin v tng trnh din. Nhiu so snh gp 2 tng ny vo tng ng dng trong b giao thc TCP/IP. Hnh v sau y so snh cc tng tng ng ln nhau gia OSI v TCP/IP:
Tng ng cc tng gia TCP/IP v OSI Trong khi m hnh OSI nhn mnh tin cy c cung cp trong dch v chuyn d liu th i vi TCP/IP coi tin cy nm trong vn end to end. 14 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Trong m hnh OSI tt c mi tng u c pht hin v kim tra li, tng giao vn ch lm nhim v kim tra tin cy ca source to destination. Cn i vi b giao thc TCP/IP tng giao vn lm mi nhim v kim tra pht hin v sa li. M hnh OSI c xy dng trc khi cc giao thc ca n c xy dng, do vy n c tnh tng qut cao v c th c dng m t cc m hnh khc. Ngc li, b giao thc TCP/IP ch l mt m hnh nhm v miu t nhng giao thc sn c trong thc t. V vy b giao thc TCP/IP c s dng rng ri trong thc t trong khi m hnh OSI li ph hp vi mc ch hc tp v ging dy.
B giao thc TCP/IP Cc giao thc v khun dng d liu chnh
2.1 Cu trc phn tng ca TCP/IP

Nh ta ni phn trn, TCP/IP l m hnh m kt ni mng, Do vy, n cng c thit k theo kin trc phn tng tng t nh m hnh OSI. B giao thc TCP/IP c thit k gm 4 tng c m t theo hnh di:
B giao thc TCP/IP 15 Trn Ngc Vit CNT46 H
2.2 ng gi d liu trong TCP/IP

B giao thc TCP/IP dng s ng gi d liu nhm tru tng ha cc giao thc v dch v, ni cch khc l cc giao thc tng cao hn s dng cc giao thc tng thp hn nhm t c mc ch ca mnh bng cch ng gi d liu ging nh v d trong hnh sau:
Nhng tng trn nh gn vi ngi s dng hn, nhng tng thp nht gn vi thit b truyn thng hn. Trong mi tng l mt nhm nhiu giao thc, trong c mt giao thc phc v tng trn ca n v mt giao thc s dng dch v ca tng di ca n (ngoi tr tng nh v tng y). Bng sau lit k mt s giao thc ca cc tng: Tng Giao Thc
DNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC, Application NNTP, POP3, SIP, SMTP,SMPP, SNMP, SSH, Telnet, Echo, RTP, PNRP, rlogin, ENRP Transport Internet Link TCP, UDP, DCCP, SCTP, IL, RUDP, RSVP IP (IPv4, IPv6), ICMP, IGMP, ICMPv6 ARP, RARP, OSPF (IPv4/IPv6), IS-IS, NDP
Mt s giao thc trn cc tng ca TCP/IP
2.3 S lc chc nng cc tng

2.3.1 Tng ng dng (Application Layer) y l tng cao nht trong cu trc phn lp ca TCP/IP. Tng ny bao gm tt c cc chung trnh ng dng s dng cc dch v sn c thng qua mt chng giao thc TCP/IP. Cc chng trnh ng dng tng tc vi mt trong cc giao thc ca tng giao vn truyn hoc nhn d liu. Mi chng trnh ng dng la chn mt kiu giao thc thch hp cho cng vic ca n. Chng trnh ng dng chuyn d liu theo mu m tng giao vn yu cu. 2.3.2 Tng giao vn (Transport Layer) Nhim v trc tin ca tng giao vn l cung cp s giao tip thng tin gia cc chng trnh ng dng. Mi s giao tip c gi l end-to-end. Tng giao vn cng c th iu chnh lu lng lung thng tin. N cng cung cp mt s vn chuyn tin cy, m bo rng d liu n m khng b li. lm nh vy, phn mm giao thc h tr bn nhn c th gi li cc thng bo xc nhn v vic thu d liu v bn gi c th truyn li cc gi tin b mt hoc b li. Phn mm giao thc chia dng d liu ra thnh nhng n v d liu nh hn (thng c gi l cc Packets) v chuyn mi packet cng vi a ch ch ti tng tip theo tip tc qu trnh truyn dn. 2.3.3 Tng Internet (Internet Layer) Tng mng x l giao tip thng tin t mt my ny ti mt my khc. N chp nhn mt yu cu gi mt gi t t tng giao vn cng vi mt nh danh ca my ch m gi tin s c gi ti. V d vi giao thc TCP hay UDP ca tng giao vn, n s bc gi tin trong mt IP Datagram, in y vo trong phn header, s dng gii thut chn ng quyt nh l giao pht gi tin trc tip hay l gi n ti mt Router, v chuyn datagram ti giao din phi ghp mng thch hp cho vic truyn dn.tng mng cng x l cc Datagram n, kim tra tnh hp l ca chng, v s dng gii thut chn ng quyt nh l datagram s c x l cc b hay l s c chuyn i tip. i vi cc datagrams c a ch ch cc b, th phn mm tng mng s xo phn header ca cc datagram , v chn trong s cc giao thc tng giao vn mt giao thc thch hp x l packet.
Chng I. C s l thuyt mng my tnh 2.3.4 Tng lin kt (Link Layer) L tng thp nht ca b giao thc TCP/IP, chu trch nhim v vic chp nhn cc datagram ca tng trn (v d IP datagram) v vic truyn pht chng trn mt mng xc nh. Theo quan im hin nay m hnh TCP/IP khng cn bao gm cc c t vt l, ni cch khc tng lin kt cng khng cn bao gm vn v phn cng hay vic truyn tn hiu vt l na.
2.4 Cc giao thc chnh v khun dng d liu tng ng

Trong phn ny ta s xem xt cc giao thc cng nh khun dng d liu chnh ca b giao thc TCP/IP. d phn bit ta s xem xt i vi tng tng ca TCP/IP theo th t t di ln trn. 2.4.1 Ethernet L giao thc nm trong tng lin kt hay l mt chun cng ngh dnh cho mng cc b (LAN) c quy nh trong IEEE 802.3. N l mt giao thc nm trong tng lin kt ca b giao thc TCP/IP hay tng ng l tng lin kt d liu trong m hnh OSI. Hin nay n ang c s dng rt rng ri so vi cc giao thc khc nh FDDI, Token RingEthernet c dng gi nhng khi d liu gia im ngun v im ch c xc nh da vo a ch MAC (Media Access Control). c im ca giao thc Ethernet Cu trc ca mt n v d liu trong giao thc Ethernet (gi l Ethernet frame) c cu trc nh sau: (n v tnh theo byte).
PRE SOF DA SA Length/Type Data Payload FCS 7 1 6 6 2 46-1500 4
Ethernet frame Header o Preamble (PRE): Phn m u gm 7 byte v khng c tnh vo kch thc ca Ethernet. Tt c cc byte trong phn m u ny u c gi tr 10101010 v n c dng ng b ng h gia ni nhn v gi frame. 18 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh o SOF (Start frame delimiter) gm 1 byte v khng c tnh vo kch thc ca Ethernet. Byte ny c gi tr 101010111 v c s dng nh du bt u ca mt frame. i vi nhng h thng Ethernet hin nay hot ng tc 100 Mbps hoc 1000Mbps khng cn cn ti PRE v SOF. o DA (Destination Address) c di 6 byte l a ch ni MAC ca Ethernet card ni n. ch hot ng bnh thng Ethernet ch tip nhn nhng frame c a ch ni n trng vi a ch (duy nht) ca n hoc a ch ni n th hin mt thng ip qung b. Tuy nhin hu ht cc Ethernet card hin nay u c th c t ch a hn tp (promiscuous mode) v khi n s nhn tt c cc frame xut hin trong mng LAN. o SA (Source Addresss) c di 6 byte l a ch MAC ca card ngun. o Length/Type ( di/Loi) 2 byte ch ra di (i vi IEEE 802.3 MAC frame) v loi ca Ethernet frame ch giao thc ca tng cao hn (i vi DIX Ethernet.(DEC- Intel Xerox) ph bin hn). V d nh vi DIX Ethernet frame c giao thc tng trn l IP th 2 byte ny s c gi tr l 0800h v ARP l 0806h. Data Payload: Phn thng tin d liu c di t 46 ti 1500 byte. Trailer (FCS - Frame Check Sequence): 32 bit sa li CRC. Ethernet s dng phng thc truy nhp ng truyn CSMA/CD, do vy nhng frame li do xy ra xung t (collision) trn ng truyn l khng th trnh khi. Tuy nhin, nu nh t l nhng frame li vt qu mt mc no (v d nh 1% tng s frame) c ngha l h thng mng c vn . Nhng Ethernet frame li bao gm: 19 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Frame c ln nh hn 64 byte. (normal collision xy ra kh ph bin). Frame c ln ln hn 1518 byte. Frame c ln ph hp nhng c phn CRC b sai lch (late collision nu c nhiu frame dng ny tc l h thng mng ang gp vn nghim trng). 2.4.2 ARP (address resolution protocol) Giao thc phn gii a ch ARP l phng php tm a ch tng lin kt (hay a ch vt l) khi bit a ch tng Internet (IP) hoc mt vi kiu a ch tng mng khc. ARP c s dung khng ch chuyn i a ch i vi IP v Ethernet m n c ci t lm vic vi nhiu loi a ch ca cc tng cc loi mng khc nhau. Tuy nhin, do s ph bin ca IPv4 v Ethernet nn ARP ch yu c dng chuyn i t a ch IP thnh a ch MAC. N cng c s dng i vi IP da trn cc cng ngh LAN khc Ethernet nh FDDI, Token Ring, IEEE 802.11 hay ATM. Trong thc t, khi truyn thng vi my ch thay v truy vn a ch vt l ca my ch, giao thc ARP s s dng b m ARP (ARP cache). B m lu tr cc a ch IP gn nht c phn gii. Nu a ch MAC ca a ch IP ch c tm thy trong b m th a ch ny s c s dng truyn thng. Cu trc ca mt n v d liu giao thc ARP nh sau:
Bit offset 0 32 64 96 128 160 192 07 8 15 16 32
Protocol type (PTYPE) Protocol length Operation Hardware length (HLEN) (PLEN) (OPER) Sender hardware address (SHA) Sender hardware address (SHA) Sender protocol address (SPA) Sender protocol address (SPA) Target hardware address (THA) Target hardware address (THA) Target protocol address (TPA)
Hardware type (HTYPE)
Cu trc mt n v d liu ARP
Chng I. C s l thuyt mng my tnh Hardware type (HTYPE) Mi giao thc tng lin kt (link layer) s c gn mt s phn bit (v d nh Ethernet l 1).. Protocol type (PTYPE) Dng phn bit giao thc tng Internet, v d nh vi IP l 0x0800. Hardware length (HLEN) di tnh theo byte ca a ch vt l. i vi Ethernet gi tr ny l 6. Protocol length (PLEN) di tnh theo byte ca a ch logic. i vi IP gi tr ny l 4.. Operation Xc nh hnh ng m bn gi gi tin ang thc hin: 1 cho request, 2 cho reply, 3 cho RARP request v 4 cho RARP reply. Sender hardware address (SHA) a ch vt l ca trm gi. Sender protocol address (SPA) a ch logic ca trm gi (v d nh a ch IP). Target hardware address (THA) a ch vt l ca trm ch. Trng ny c trng i vi gi tin request. Target protocol address (TPA) a ch logic ca trm ch. 2.4.3 RARP (reserve address resolution protocol) L giao thc ngc li so vi ARP, tm a ch logic khi bit a ch vt l. Cu trc ca mt n v d liu ca giao thc RARP hon ton tng t nh ARP, ngoi tr trng Operation. i vi gi d liu ARP th Operation c gi tr 1 nu l request, 2 nu reply. i vi gi d liu RARP th Operation c gi tr 3 nu l request v 4 nu l reply. 2.4.4 IP (internet protocol) Giao thc lin mng IP ht nhn ca b giao thc TCP/IP. Trong phm vi ti chng ta ch xt ti IP phin bn 4 (IPv4). IP l mt giao thc hng d liu c s dng trong mng chuyn mch gi (v d nh Ethernet). IP l mt giao thc hot ng theo phng thc khng lin kt (connectionless) v khng m bo truyn 21 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh (khng c s trao i thng tin iu khin). Vai tr ca IP tng t nh vi tr ca giao thc tng mng (network layer) trong m hnh OSI vi cc chc nng nh sau: Xc nh lc a ch Internet. Di chuyn d liu gia tng giao vn v tng lin kt. Dn ng cho cc n v d liu ti cc trm xa. Thc hin vic ct v hp cc n v d liu. Giao thc IP s b sung phn header vo trc segment c gi t tng giao vn xung v n v d liu ny trong b giao thc TCP/IP c gi l IP packet nh hnh sau:
n v d liu ca giao thc IP c cu trc nh sau:

Bit offset 0 32 64 96 128 160 160 /192+ 47 815 1618 1931 Header Differentiated Version Total Length length Services Identification Flags Fragment Offset Time to Live Protocol Header Checksum Source Address Destination Address Options + Padding Data (max 65535 bytes) 03
Cu trc n v d liu IP Trong phn header bao gm cc thnh phn: Version: ch ra phin bn hin hnh ca IP c ci t (c gi tr l 4 i vi IPv4).
Chng I. C s l thuyt mng my tnh Internet Header Length (IHL) Ch di phn u ca IP packet, tnh theo n v t (word = 32 bit). di ti thiu l 5 t (20 byte). Differentiated Services (DS): Trc y cn gi l Type of Services c t cc tham s dch v, c dng c th nh sau:
bit 0 2 3 5 5 6 7
Precedence D T R C Reserved
Vi ngha cc bit c th: Precedebce (3 bit): quyn u tin c th l 111 - Network Control, 110 Internetwork Control, 101 - CRITIC/ECP, 100 - Flash Override, 011 - Flash, 010 - Immediate, 001 - Priority, 000 Routine. D (Delay) (1 bit): ch tr yu cu D = 0 nu tr bnh thng, 1 nu tr thp. T (Throughput) (1 bit): ch thng lng yu cu T = 0 thng lng bnh thng, 1 nu thng lng cao. R (Reliability) (1bit) ch tin cy yu cu R = 0 tin cy bnh thng, 1 nu tin cy cao. C (Cost) (1bit) ch hao ph C = 0 normal cost, 1 nu minimize cost. Reserved (1bit) dnh. Total Length trng 16 bit ch di ton b datagram bao gm c phn header v phn data tnh theo byte v c gi tr ln nht l 65535 v gi tr nh nht l 20 byte. Identification (16 bit) nh danh duy nht cho 1 datagram khi n vn cn trn lin mng. Flags (3 bit) iu khin s phn mnh. Theo th t t bit cao xung bit thp nh sau: 23 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh o Reserved: c gi tr 0. o DF: 0 (May Fragment); 1 (Dont Fragment). o MF: 0 (Last Fragment); 1 (More Fragment). Fragment Offset ch v tr ca on (fragment) trong datagram tnh theo n v 64 bit, c ngha mi on (tr on cui cng) phi cha mt vng d liu c di l bi s ca 64 bit. Time To Live (TTL) (8 bit): quy nh thi gian tn ti (tnh bng giy) ca datagram trong lin mng trnh tnh trng mt datagram b lp v hn trn lin mng. Thi gian ny c cho bi trm gi v c gim i (thng quy c l 1 n v) khi datagram i qua mi router ca lin mng. Protocol (8 bit): ch ra giao thc tng trn k tip s nhn vng d liu trm ch (hin ti thng l TCP hoc UDP c ci t trn IP). Header Checksum (16 bit): m kim sot li 16 bit theo phng php CRS, ch dnh cho phn header. Source address (32 bit): a ch trm ngun. Destination address (16 bit): a ch trm ch. Options ( di thay i): khai bo cc la chn do ngi dng yu cu (ty theo tng chng trnh). Padding ( di thay i): vng m c dng m bo cho phn header lun kt thc mt mc 32 bits. Data ( di thay i): vng d liu c di l bi s ca 8 bit v ti a l 65535 byte. 2.4.5 ICMP (internet control message protocol) Giao thc ICMP cung cp c ch thng bo li v cc tnh hung khng mong mun cng nh iu khin cc thng bo trong b giao thc TCP/IP. Giao thc ny 24 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh c to ra thng bo cc li dn ng cho trm ngun. ICMP ph thuc vo IP c th hot ng v l mt phn khng th thiu ca b giao thc TCP/IP, tuy nhin n khng phi giao thc dng truyn ti d liu nn thng c coi nm trong tng Internet (Internet layer) m khng phi l tng giao vn (transport layer). Chc nng ca ICMP nh sau: Cung cp thng bo phn hi v tr li kim tra tin cy ca kt ni gi hai trm. iu ny c thit lp bi cu lnh PING (Packet internet gropher). ch hng li lu lng cung cp vic dn ng hiu qu hn khi mt b dn ng qu ti d lu lng qua n qu ln. Gi thng bo v thi gian qu khi datagram ca trm ngun vt qu TTL v b loi b. Gi qung co dn ng xc nh a ch ca cc b dn ng trn on mng. Cung cp cc thng bo qu hn thi gian. Xc nh subnet mask no c s dng trn on mng. D liu ca gi ICMP s c ng gi bi giao thc IP v Ethernet nh trong hnh v sau:
n v d liu ca ICMP bao gm 2 phn: Header v Data. Phn Data t rong Window c ln l 32 v theo ngay sau phn Header. Header c bt u sau bit th 160 ca gi tin IP (tr khi phn IP Option c s dng) c cu trc nh sau:
bit 160 167 168 175 176 183 184 191 160 Type Code Checksum

192 ID Sequence
Trong : Type (8 bit): Loi gi tin ICMP. Code (8 bit): Chi tit v cc c im ca gi tin ICMP. Checksum( 16 bit) M sa li CRC. ID & Sequence (32 bit): C gi tr trong trng hp ICMP Echo Request v Echo Reply. 2.4.6 TCP (Transmission Control Protocol) Giao thc iu khin truyn TCP l mt giao thc hot ng theo phng thc c lin kt (connection oriented). Trong b giao thc TCP/IP, n l giao thc trung gian gia IP v mt ng dng pha trn, m bo d liu c trao i mt cch tin cy v ng th t. Cc ng dng s gi cc dng gm cc byte 8 bit ti TCP gi qua mng. TCP s phn chia cc dng ny thnh cc on (segment) c kch thc thch hp (thng da theo kch thc ca n v truyn dn ti a MTU ca tng lin kt ca mng m my tnh ang nm trong . Sau TCP chuyn cc gi tin thu c ti IP thc hin chuyn n qua lin mng ti modul TCP ti my tnh ch. Trong qu trnh ny, n s c c ch bt tay, iu khin truyn, nh s th t v sa li vic truyn dn din ra ng n v chnh xc. n v d liu ca TCP c gi l segment (on d liu) bao gm 2 phn: Header v Data, c miu t di hnh sau:
Bit 0 32 64 96
03
49 Source Port
10 15 Sequence Number
16 31 Destination Port
Acknowledgement Number Data Reserve Flags Window

Offset 128 160 160/192 + d Checksum Options + Padding Data Urgent Pointer
Cu trc n v d liu TCP Trong : Source port (16 bit): S hiu ca cng ca trm ngun Destination port (16 bit): S hiu ca cng ca trm ch. Sequence number (32 bit): Trng ny c 2 nhim v. Nu c SYN bt th n l s hiu tun t khi u (ISN) v byte d liu u tin l ISN + 1. Nu khng c c SYN th y l s hiu byte u tin ca segment. Acknowledgement number (32 bit): S hiu ca segment tip theo m trm ngun ang ch nhn. Ngm bo nhn tt (cc) segment m trm ch gi cho trm ngun. Data offset (4 bit): Qui nh di ca phn header (tnh theo n v t 32 bit). Phn header c di ti thiu l 5 t (160 bit) v ti a l 15 t (480 bit). Reserved (6 bit): Dnh cho tng lai v c gi tr l 0. Flags (hay Control bits): Bao gm 6 c t tri sang phi nh sau: o URG: C cho trng Urgent pointer o ACK: C cho trng Acknowledgement o PSH: Hm Push RST: Thit lp li ng truyn SYN: ng b li s hiu tun t (sequene number). o FIN: Khng cn d liu t trm ngun. 27 Trn Ngc Vit CNT46 H
Chng I. C s l thuyt mng my tnh Window (16 bit): S byte trm ngun c th nhn bt u t gi tr ca trng bo nhn (ACK). Checksum: 16 bit kim tra cho c phn header v d liu. Urgent pointer (16 bit): Tr ti s hiu tun t ca byte i theo sau d liu khn, cho php bn nhn bit c di ca vng d liu khn. Vng ny ch c hiu lc khi c URG c thit lp. Options ( di thay i): y l trng ty chn. Padding ( di thay i): Phn chn thm vo header bo m phn header lun kt thc mt mc 32 bit. Phn thm ny gm ton s 0. TCP data ( di thay i): Cha d liu ca tng trn, c di ngm nh l 536 byte. Gi tr ny c th iu chnh bng cch khai bo trong vng options. 2.4.7 UDP (User Datagram Protocol) y l mt giao thc khng lin kt c s dng thay th trn IP theo yu cu ca cc ng dng. Khc vi TCP, UDP khng c cc chc nng thit lp v gii phng lin kt. N cng khng cung cp cc c ch bo nhn, khng sp xp tun t cc n v d liu n v c th dn ti tnh trng d liu mt hoc trng m khng h c thng bo li cho ngi gi. Tm li n cung cp cc dch v giao vn khng tin cy nh trong TCP. Do t chc nng phc tp nn UDP c xu th hot ng nhanh hn so vi TCP. N thng c dng cho cc ng dng khng i hi tin cy cao trong giao vn. Cu trc ca mt n v d liu UDP nh sau:
Bit 0 32 64
0 - 15 Source Port Length Data
16 31 Destination Port Checksum
Chng I. C s l thuyt mng my tnh Cu trc n v d liu UDP Trong : Source port (16 bit): Trng ny xc nh cng ca trm gi v c ngha nu mun nhn thng tin phn hi t ngi nhn. Nu khng dng n th t n bng 0. Destination port (16 bit): Trng xc nh cng ca trm nhn thng tin, v trng ny l cn thit. Length (16 bit): Xc nh chiu di ca ton b datagram: phn header v d liu. Chiu di ti thiu l 8 byte khi gi tin khng c d liu, ch c header. Checksum (16 bit): Trng checksum 16 bit dng cho vic kim tra li ca phn header v d liu. 2.4.8 HTTP (Hypertext Transfer Protocol) L mt giao thc tng ng dng da trn giao thc TCP ca tng giao vn trn cng s 80 h tr Web. Trong giao thc ny mi i tng d liu (trang web, nh, audio...) c truyn trong nhng phin (HTTP session) ring bit. Phn d liu c a xung tng giao vn v c chuyn thnh cc TCP packet gi cho trm nhn. bt u mt phin, client thit lp kt ni ti server bng cch gi mt TCP packet vi c SYN c bt ti cng 80. Server gi tr li packet vi c ACK c bt. Cui cng, client gi packet vi c ACK v tip tc l request i tng mnh cn. V d nh GET /index.html HTTP/1.1 Server s phn hi cho client vi m trng thi, v d nh 200 OK, 403 Forbbiden, 404 Not Found... Sau server s gi packet ng kt ni. 2.4.9 DNS (Domain Name System) L mt giao thc cho php nh x gia tn min v a ch IP v lm vic trn giao thc UDP ca tng giao vn (hu ht trn cng 53). Cu trc d liu phn hea der ca DNS message nh sau:
bit 0 15 ID 16 17 20 21 22 23 24 25 27 29 31 Q Query A T R V B Rcode

Question count Authority count Answer count Additional count
C u
trc header ca gi tin DNS Trong : ID: L mt trng 16 bits, cha m nhn dng, n c to ra bi mt chng trnh thay cho truy vn. Gi tin hi p s da vo m nhn dng ny hi p li. Chnh v vy m truy vn v hi p c th ph hp vi nhau. QR: L mt trng 1 bit. Bt ny s c thit lp l 0 nu l gi tin truy vn, c thit lp l mt nu l gi tin hi p. Opcode: L mt trng 4 bits, c thit lp l 0 cho c hiu truy vn, c thit lp l 1 cho truy vn ngc, v c thit lp l 2 cho tnh trng truy vn. AA: L trng 1 bit, nu gi tin hi p c thit lp l 1, sau n s i n mt server c thm quyn gii quyt truy vn. TC: L trng 1 bit, trng ny s cho bit l gi tin c b ct khc ra do kch thc gi tin vt qu bng thng cho php hay khng. RD: L trng 1 bit, trng ny s cho bit l truy vn mun server tip tc truy vn mt cch qui. RA: Trng 1 bit ny s cho bit truy vn qui c c thc thi trn server khng . Z: L trng 1 bit. y l mt trng d tr, v c thit lp l 0. Rcode: L trng 4 bits, gi tin hi p s c th nhn cc gi tr sau : o 0: Cho bit l khng c li trong qu trnh truy vn.
Chng I. C s l thuyt mng my tnh 1: Cho bit nh dng gi tin b li, server khng hiu c truy vn. 2: Server b trc trc, khng thc hin hi p c. 3: Tn b li. Ch c server c thm quyn mi c th thit lp gi tr ny. o 4: Khng thi hnh. Server khng th thc hin chc nng ny . o 5: Server t chi thc thi truy vn. QDcount: S ln truy vn ca gi tin trong mt vn . ANcount: S lng ti nguyn tham gia trong phn tr li. NScount: Ch ra s lng ti nguyn c ghi li trong cc phn c thm quyn ca gi tin. ARcount: Ch ra s lng ti nguyn ghi li trong phn thm vo ca gi tin.
Chng II. K thut chn bt
CHNG II. K THUT CHN BT

1 Tng Quan V Chn Bt Gi Tin (Sniffer)
Packet l mt n v d liu c nh dng lu chuyn trn mng. Network Traffic l lu lng thng tin vo/ra h thng mng. c th o c, kim sot Network Traffic ta cn phi chn bt cc gi tin (Packet capture). Packet capture l hnh ng chn bt cc packet d liu c lu chuyn trn mng. Packet capture gm c: o Deep Packet Capture (DPC): l hnh ng chn bt ton b cc gi tin trn mng (bao gm c phn header v payload). Cc gi tin chn bt c s c lu tr li trong b nh tm thi hoc lu di. o Deep Packet Inspection (DPI): l qu trnh kim tra, nh gi tm ra nguyn nhn ca nhng vn ca mng, xc nh nguy c an ton bo mt, chc chn mng hot ng chnh xc v k thut v lut php. o DPC v DPI c kt hp vi nhau nhm qun l, nh gi, phn tch s lun chuyn cc gi tin trn mng ng thi lu gi li nhng thng tin cho cc mc ch khc sau ny. Trong thc t packet capture c th ghi li c header m khng cn lu gi ton b phn ni dung payload. Nh vy, ta c th gim c yu cu b nh dng lu tr, trnh cc vn php lut trong khi vn c y nhng thng tin cn thit nht. Packet Analyzer (Sniffer) l phn mm hoc phn cng my tnh c gn vo trong 1 mng my tnh c th theo di thng tin lu chuyn (network traffic) trn 1 mng hay mt phn ca mng. Sniffer s c nhim v chn bt
1.1 Cc khi nim lin quan
Chng II. K thut chn bt cc gi tin (packet), sau gii m, phn tch ni dung ca n nhm thc hin cc mc ch khc nhau.
1.2 ng dng ca sniffer

1.2.1 Kh nng i vi mng LAN c dy th ph thuc vo cu trc ca mng (s dng hub hay switch) ta c th chn bt ton b hay mt phn cc thng tin trn mng t mt nt duy nht nm trong mng. i vi hub ta c th chn bt tt c cc gi tin truyn ti qua mng, nhng i vi switch cn phi c mt s phng thc c bit nh ARP snoofing. i vi mng LAN khng dy th cc gi tin c chn bt trn cc knh ring bit. mt my c th chn bt thng tin trong mng ca n, network adapter phi c t promiscuous mode. 1.2.2 Mc ch Thng c 2 dng chnh: dng kim tra bo tr mng v dng kia dng xm nhp mng. Chng c s dng cho cc mc ch: Phn tch hiu nng lm vic hoc s c mng. Nhn bit s xm nhp mng, r r thng tin, ... ly v thng tin lin quan ti qu trnh xm nhp. Qun l s dng mng. Tp hp thng tin bo co v trng thi mng. Sa li, bo tr cc hnh thi, giao thc mng. Lc ly thng tin cn thit c lu chuyn trn mng, a v dng ph hp con ngi c th c. Chn bt cc thng tin nhy cm nh mt khu, username ca ngi dng khc trn mng nhm xm nhp h thng ca h. 33 Trn Ngc Vit CNT46 H
1.3 Cc chng trnh sniffer hin c

Hin nay c rt nhiu chng trnh min ph cng nh thng mi thc hin vic chn bt v phn tch gi tin. Mt s chng trnh trong nh: Tcpdump (http://www.tcpdump.org/) i vi Unix v Windump (http://www.winpcap.org/windump/default.htm) i vi Window. Wireshark (http://www.wireshark.org/). Etherpeek (http://www.aggroup.com/). Triticom LANdecoder32 (http://www.triticom.com/TRITICOM/LANdecoder32/). Snort (http://en.wikipedia.org/wiki/Snort_(software)). Kismet (http://en.wikipedia.org/wiki/Kismet_(software)) dnh cho
802.11 wireless LANs. Cain & Anbel (http://www.oxid.it/)
Cch Thc Hot ng
2.1 Theo di Network Traffic Trong phm vi ca bo co thc tp tt nghip ch xt ti mi trng mng c dy trong WindowXP, hay chnh xc hn l trong phm vi chun Ethernet. Ethernet c xy dng da trn khi nim chia s. Tt c cc my trong mt mng ni b u c chia s chung mt ng dy. iu ch ra rng tt c cc my trong mng u c th nhn thy traffic trong ng dy . Do , phn cng Ethernet s c mt b lc (filter) b qua tt c nhng traffic khng phi dnh cho n (bng cch b qua tt c cc frame c a ch MAC khng ph hp). khc phc, sniffer phi c c ch tt filter trn, a phn cng Ethernet vo ch hn tp (promiscuous mode)
2.2 Phn tch Network Traffic

Khi d liu c gi trn ng dy, n s c chia nh, ng gi thnh nhiu packet v c gi i mt cch ring bit. Sniffer l chng trnh s chn bt cc packet ny. Sau khi tin hnh chn bt thnh cng cc gi tin, chng ta s c c cc packet mang thng tin. Tuy nhin, ly c thng tin cn thit phc v cho cc mc ch khc nhau, chng ta phi thc hin vic phn tch cc gi tin (Packet Analysis). Cc giao thc c th sniffing nh: Ethernet, IPv4, IPv6, ARP/RARP, TCP, UDP, hoc ICMPv4, telnet, rlogin, http, SMNP, NNTP, POP, FTP, IMAP... V d v phn tch mt gi tin: Di y l 512 byte u tin d liu ca mt gi tin Ethernet di dng Hex khi ta s dng trnh duyt duyt trang web http://web.archive.org/web/20050221103207/http://www.robertgraham.com/pubs/s niffing-faq.html
000 010 020 030 040 050 060 070 080 090 0A0 0B0 0C0 0D0 0E0 0F0 100 110 120 130 140 150 160 170 180 190 1A0 1B0 1C0 1D0 1E0 1F0 00 05 01 70 30 53 6F 41 65 6E 2F 69 0D 4A 31 6E 74 20 33 20 3A 53 6B 65 0A 28 2C 68 6D 73 70 75 00 DC C9 79 30 54 6E 6C 6E 74 68 63 0A 75 20 67 2D 31 39 22 61 6E 20 72 0D 6E 20 31 65 74 69 74 BA 1D 00 8F 20 52 6E 69 67 65 74 72 44 6C 47 65 4D 39 3A 30 34 69 77 29 0A 65 73 3E 6E 69 6E 65 5E E4 50 27 4F 49 65 76 74 6E 6D 6F 61 20 4D 73 6F 20 32 38 61 66 69 20 3C 74 6E 0D 74 6F 67 72 BA 40 07 00 4B 44 63 65 68 74 6C 73 74 31 54 3A 64 4A 36 62 22 66 72 46 68 77 69 0A 20 6E 20 20 11 00 75 00 0D 45 74 0D 3A 2D 0D 6F 65 39 0D 20 69 75 20 37 0D 69 65 41 31 6F 66 0D 61 73 69 6E 00 7F 05 48 0A 52 69 0A 20 54 0A 66 3A 39 0A 62 66 6C 47 38 0A 6E 74 51 3E 72 66 0A 6E 20 6E 65 A0 06 D0 54 56 0D 6F 43 32 79 53 74 20 39 41 79 69 20 4D 64 0D 67 61 3C 53 6B 65 54 73 61 74 74 C9 C2 00 54 69 0A 6E 6F 39 70 65 2D 53 20 63 74 65 31 54 33 0A 20 70 2F 6E 20 72 68 77 62 6F 77 B0 6D C0 50 61 50 3A 6E 36 65 72 49 75 32 63 65 64 39 0D 62 3C 28 2C 74 69 77 29 69 65 6F 20 6F 5E 0A 04 2F 3A 72 20 74 37 3A 76 49 6E 31 65 73 3A 39 0A 39 74 6E 20 69 66 69 20 73 72 75 0D 72 BD 00 AE 31 20 6F 4B 65 34 20 65 53 2C 3A 70 0D 20 39 45 64 69 65 73 74 66 72 46 20 73 74 0A 6B 08 00 7D 2E 31 78 65 6E 0D 74 72 2F 20 34 74 0A 4D 20 54 31 74 74 6E 6C 69 65 41 64 20 20 63 73 00 02 F5 31 2E 79 65 74 0A 65 3A 34 32 35 2D 4C 6F 30 61 62 6C 77 69 65 6E 74 51 6F 71 74 6F 20 45 0A 50 20 30 2D 70 2D 43 78 20 2E 35 3A 52 61 6E 37 67 65 65 6F 66 3E 67 61 3C 63 75 61 6D 61 00 00 10 32 20 43 2D 4C 6F 74 4D 30 20 35 61 73 2C 3A 3A 31 3E 72 66 0D 20 70 2F 75 65 70 70 6E ...^......^...E. ....@....m...... ...P.u......}.P. py.'..HTTP/1.1.2 00.OK..Via:.1.0. STRIDER..Proxy-C onnection:.KeepAlive..Content-L ength:.29674..Co ntent-Type:.text /html..Server:.M icrosoft-IIS/4.0 ..Date:.Sun,.25. Jul.1999.21:45:5 1.GMT..Accept-Ra nges:.bytes..Las t-Modified:.Mon, .19.Jul.1999.07: 39:26.GMT..ETag: ."08b78d3b9d1be1 :a4a"....<title> Sniffing.(networ k.wiretap,.sniff er).FAQ</title>. ...<h1>Sniffing. (network.wiretap ,.sniffer).FAQ</ h1>....This.docu ment.answers.que stions.about.tap ping.into...comp uter.networks.an
V d phn tch Network Traffic 35 Trn Ngc Vit CNT46 H
Ta nhn thy trong packet trn cha 14-byte Ethernet header, 20-byte IP header, 20-byte TCP header, HTTP header c du hiu kt thc l (0D 0A 0D 0A) v cui cng l phn d liu. D liu thu c nh sau: Ethernet header: 00 00 BA 5E BA 11 00 A0 C9 B0 5E BD 08 00 IP header: 0001 C9 TCP header: HTTP header: . 00 50 07 75 05 D0 00 C0 04 AE 7D F5 50 1070 79 8F 27 00 00 48 54 54 50 2F 31 2E 31 20 32... ... 3A 61 34 61 22 0D 0A 0D 0A 45 0005 DC 1D E4 40 00 7F 06 C2 6D 0A 00 00 020A
Mt Protocol Analyzer s nhn vo nhng d liu trn v phn tch chng, trch xut thng tin v chuyn thnh cc trng thng tin c th d dng c bi con ngi, v d i vi packet trn sau khi thc hin phn tch thng tin ta s c:
ETHER: Destination address : 0000BA5EBA11 ETHER: Source address : 00A0C9B05EBD ETHER: Frame Length : 1514 (0x05EA) ETHER: Ethernet Type : 0x0800 (IP) IP: Version = 4 (0x4) IP: Header Length = 20 (0x14) IP: Service Type = 0 (0x0) IP: Precedence = Routine IP: ...0.... = Normal Delay IP: ....0... = Normal Throughput IP: .....0.. = Normal Reliability IP: Total Length = 1500 (0x5DC) IP: Identification = 7652 (0x1DE4) IP: Flags Summary = 2 (0x2) IP: .......0 = Last fragment in datagram IP: ......1. = Cannot fragment datagram IP: Fragment Offset = 0 (0x0) bytes IP: Time to Live = 127 (0x7F) IP: Protocol = TCP - Transmission Control IP: Checksum = 0xC26D IP: Source Address = 10.0.0.2 IP: Destination Address = 10.0.1.201 TCP: Source Port = Hypertext Transfer Protocol TCP: Destination Port = 0x0775 TCP: Sequence Number = 97517760 (0x5D000C0) TCP: Acknowledgement Number = 78544373 (0x4AE7DF5) TCP: Data Offset = 20 (0x14) TCP: Reserved = 0 (0x0000) TCP: Flags = 0x10 : .A.... TCP: ..0..... = No urgent data TCP: ...1.... = Acknowledgement field significant

TCP: ....0... = No Push function TCP: .....0.. = No Reset TCP: ......0. = No Synchronize TCP: .......0 = No Fin TCP: Window = 28793 (0x7079) TCP: Checksum = 0x8F27 TCP: Urgent Pointer = 0 (0x0) HTTP: Response (to client using port 1909) HTTP: Protocol Version = HTTP/1.1 HTTP: Status Code = OK HTTP: Reason = OK
2.3 Cc thnh phn ca mt chng trnh sniffer

Hardware Phn cng tha mn cc tiu chun ca network adapter. Ngoi ra c th c cc tnh nng c bit b sung kim tra li CRC, li in th, li cp... Ch : c th chn bt cc gi tin vo/ra mt mng gin tip t mt nt mng th card mng ca nt mng phi h tr ch a hn tp (promiscuous mode). Hu ht cc card mng hin nay u h tr ch ny. Tuy nhin, cc mng hin nay ang dn chuyn sang s dng switch thay v broadcast gi tin nh hub, vy nn chn bt gi tin trong mt mng khng cn n gin nh trc y na. Capture driver L phn quan trng nht. N c nhim v bt ly network traffic trn ng dy, lu tr d liu vo buffer v lc ly thng tin cn thit. Buffer D liu sau khi c ly v s c lu tr tm thi ti buffer. Thng c 2 phng php s dng buffer: ghi vo cho ti khi buffer y, hoc ghi theo phng php vng trn khi m d liu mi nht s thay th d liu c nht. Real-time analysis Phn tch traffic v protocol, kim tra li khi capture packet. Decode Gii m v hin th ni dung ca network traffic di dng ph hp ty thuc vo yu cu. Packet editting/transmission Mt vi chng trnh cho php chng ta t to cho mnh nhng packet v a chng ln mng.
2.4 Phng chng sniffer

Trc tin, chc chn rng khng mt my ring bit no c th lng nghe hay chn bt ton b mng Internet. Th hai, c th lng nghe mt lin kt, cn phi truy nhp c vo dy ni vt l ca lin kt (hay c th tham gia vo gia ng truyn vt l ca cc gi tin). Vy nn trc ht phng chng sniffer l ngn chn khng sniffer c ci t hay chy trn bt k my no trong mng cng nh kim tra cn thn dy ni trong mng (i vi mng c dy). Ngoi ra phng chng sniffer ta cn: 2.4.1 Pht hin sniffer trong mng Mt s phng thc n gin nht pht hin chng trnh sniffer: Phng thc Ping: gi mt gi tin ping ti a ch IP m khng phi l Ethernet Adapter, gm nhng bc nh sau: o Gi s my nghi ng c a ch IP 10.0.0.1 v MAC l 00-40-05-A479-32 o Gi mt gi tin ICMP Echo Request (ping) c IP ca my nghi ng v a ch MAC thay i (v d 00-40-05-A4-79-31). o Nu nh ta nhn c phn hi tc l my nghi ng b chc nng Ethernet Filter, do n ang lng nghe trn ng dy. Phng thc ARP Tng t nh phng thc Ping nhng s dng gi tin ARP thay cho ICMP Phng thc DNS Rt nhiu chng trnh sniffer s t ng chuyn i a ch IP thng qua DNS. Ta c th pht hin promiscuous mode ca mt my da vo DNS traffic m n to ra (yu cu cn phi thit t my nghi ng request ti DNS server m ta c th kim sot, sau da vo traffic kim tra). 2.4.2 Ngn chn sniffer Chng sniffing d liu 38 Trn Ngc Vit CNT46 H
Chng II. K thut chn bt o SSL Sercure Socket Layer o SSH Sercure Shell o VPNs Virtual Private Networks Ci t mng sniffing kh khn hn o Kim tra ng dy v cc my trong mng. o S dng Switch thay v Hub. S dng Adapter khng h tr sniffing Mt vi loi Adapter c khng h tr promiscuous mode. 2.4.3 Mt s chng trnh pht hin sniffer AntiSniff http://www.l0pht.com/antisniff/ CPM (Check Promiscuous Mode) ftp://coast.cs.purdue.edu/pub/tools/unix/cpm/ Dnh cho UNIX. o neped http://www.apostols.org/projectz/neped/ o sentinel http://www.packetfactory.net/Projects/sentinel/ o cpm (Check Promiscuous Mode) ftp://ftp.cerias.purdue.edu/pub/tools/unix/sysutils/cpm/
Cc Phng Php Xy Dng
xy dng chng trnh sniffer, chng ta c cc la chn chnh: Chn bt mc ng dng, mc h iu hnh v mc network adapter.
3.1 Raw Socket mc h iu hnh

Socket l mt phng php thit lp kt ni truyn thng gia mt chng trnh yu cu dch v ( client) v mt chng trnh cung cp dch v (server) trn mng LAN, WAN hay Internet v i lc l gia nhng qu trnh ngay bn trong my tnh. Mi socket c th c xem nh mt im cui trong mt kt ni. Mt socket trn my yu cu dch v c a ch mng c cp sn gi mt socket trn my cung cp dch v. Mt khi socket c thit lp ph hp, hai my tnh c th trao i dch v v d liu. Cc c tnh ca Socket bao gm: Giao thc (TDP, UDP hay raw IP). S hiu cng. a ch IP. Phn loi: C vi loi Socket thng dng nh: Datagram Socket hay cn gi l connectionless socket s dng UDP. Stream Socket hay cn gi l connection oriented socket s dng TCP. Raw Socket (hay l Raw IP Socket). Vi socket dng ny tng giao vn c b qua v ng dng c th truy nhp trc tip vo d liu ca gi tin IP. Tm li, s dng Socket ta c th chn bt v truy nhp cc thng tin t tng giao vn tr ln (TCP v UDP) v c th truy nhp ti tng Internet ( IP) nu s dng raw socket. Tuy nhin hin nay trn h iu hnh window ch c th vin winsock dnh cho Visual C++ v Socket trong .Net h tr raw socket. Th vin lp trnh mng ca Java khng cho php ngi pht trin c s dng ti raw socket. Raw socket l mt socket cho php truy nhp trc tip ti header ca mt packet. Ni mt cch khc, raw socket l mt cch b qua ton b network stack v a packet ti thng tng ng dng. Raw socket c th thc hin mt trong hai tc v: Packet Sniffing: nhn cc packet t raw socket. 40 Trn Ngc Vit CNT46 H
Chng II. K thut chn bt Packet Injection: gi cc packet ti raw socket. Raw socket khng nm tng ngn ng lp trnh m l mt phn networking API ca h iu hnh. S dng raw socket chng ta c th ly v header ca packet khc vi socket thng thng ch ly v payload ca packet. Raw socket c s dng trong transport layer v network layer. Khi Window XP c pht hnh nm 2001, raw socket c ci t trong th vin Winsock, tuy nhin Microsoft tuyn b raw socket ch c hacket dng trong vic thc hin TCP reset attacks. Do vy sau 3 nm sau trong bn hotfix, Mircrosoft hn ch h tr raw socket trong winsock cng nh khng h tr cho ng dng no s dng chng na.
3.2 Pcap mc network adapter

Pcap (packet capture) bao gm nhng giao din lp trnh ng dng (API) dng chn bt network traffic. i vi cc h thng thuc h Unix ta c th vin libpcap, cn i vi Window ta c th vin c port t libpcap l winpcap. Pcap thng c hai thnh phn c bn: Driver: packet capture driver khng th c vit bng cc ngn ng bc cao m thng vit bng C hoc assembly. Hai driver c s dng rng ri nht hin nay l driver thng mi nm trong PCAUSA v driver min ph nm trong Windump package. Interface: l giao din thc hin packet capture. Libpcap v Winpcap c s dng t link layer tr ln. Chng cung cp c ch packet capture v packet filter, c th lu tr packet thu c vo file hay c file ... Ngoi ra chng cn cho php to cc custom packet v injection chng trn mng. Rt nhiu ng dng s dng libpcap hay winpcap vo cc mc ch khc nhau nh packet sniffer, network monitor, network tester hay network intrusion detection system... Tuy nhin nhc im ca vic s dng cc th vin ny l chng ch c th s dng chn bt gi tin m khng th block mt a ch hay mt cng hay mt tin trnh truy nhp mng nh socket.
Chng II. K thut chn bt API ca libpcap v winpcap c vit bng C hoc C++ nn c th xy dng ng dng bng cc ngn ng khc nh .NET, Java ta cn c wrapper. Danh sch cc wrapper s dng libpcap/winpcap vi ngn ng khc C/C++: Net::Pcap, a Perl wrapper for pcap python-libpcap, a Python wrapper for pcap pcapy, another Python wrapper for pcap PacketFu, a Ruby wrapper for pcap tclpcap, a Tcl wrapper for pcap jpcap, a Java wrapper for pcap jNetPcap, another Java wrapper for pcap WinPcapNET, SharpPcap, Pcap.Net, .NET wrappers for WinPcap pcap, Haskell bindings for pcap mlpcap, Objective Caml bindings for pcap pcap, Chicken Scheme wrapper for pcap
3.3 So snh Raw Socket v Pcap
Chng II. K thut chn bt Tng ng gia Socket v Pcap Raw socket v pcap u c th c s dng vit chng trnh sniffer. Tuy nhin socket ch c th lm vic t tng th 4 trong m hnh OSI tr ln (transport layer trong TCP/IP) v raw socket c th lm vic c vi tng th 3 trong m hnh OSI tr ln (network layer trong TCP/IP) cn pcap c th lm vic vi tng th 2 tr ln trong m hnh OSI (link layer trong TCP/IP) (ngun). Ngoi ra raw socket trn window khng cn c Microsoft h tr cng nh tnh nng b gii hn nh: D liu TCP khng th c gi qua raw socket. UDP datagram vi a ch ngun khng hp l s khng th gi qua raw socket. Do vy, nu s dng Socket o c ton b lu lng thng tin vo/ra mt h thng hay mt trm th s dn ti kt qu c th khng chnh xc do n ch c th chn bt mt s loi packet nht nh (TCP v UDP) (IP nu nh s dng raw IP socket). Cc giao thc vi cc gi d liu khc nh ARP, RARP, ICMP ta s khng th chn bt khi s dng socket. Nu s dng th vin pcap chn bt mc network adapter th ta s c th chn bt c ton b thng tin do mc chn bt y tng th 2 trong m hnh OSI (link layer trong TCP/IP). Tuy nhin, sai lch l rt nh do cc gi tin ngoi TCP v UDP c rt nh v khng thng xuyn. S dng Raw Socket ta c th block mt ng dng, mt tin trnh s dng mng bng cch c th chn cng hay chn a ch IP ca n. Tuy nhin, khi s dng th vin pcap, ta khng th lm vic ny m ch c th chn bt v trch xut thng tin. Kt lun: xy dng mt ng dng sniffer, ta hon ton c th s dng bt k mt trong hai phng php trn. Tuy nhin, ty vo nhiu yu t khc nhau m ta c th chn mt trong hai phng php hay kt hp c hai phng php.
Chng III. Phn tch, la chn v thit k gii thut
CHNG III. PHN TCH, LA CHN V THIT K GII THUT

1 Chi Tit Cc Phng Php 1.1 Winsock
S dng Winsock xy dng chng trnh sniffer ngha l chn bt mc h iu hnh vi Raw Socket. Do ti thc hin trong phm vi h iu hnh Windows nn chng ta ch xt ti Winsock (ngoi ra cn c th c .NET Socket).. 1.1.1 Khi nim L vit tt ca t Window Socket. L mt th vin socket, n c dng nh l giao din gia TCP/IP v Windows. Winsock l mt th vin lin kt ng .DLL chy trn nn h iu hnh Windows. WINSOCK.DLL lin h vi TCP t giao tip ra ngoi mng Internet. Hnh di th hin cch lm vic ca Winsock:
S giao tip thng qua winsock Winsock thc s nh mt tng gia cc ng dng winsock v ngn xp TCP/IP. Cc ng dng yu cu Winsock.dll cn lm nhng g, n bin dch cc cu lnh dch chuyn ti b giao thc TCP/IP v b giao thc TCP/IP chuyn chng ln
Chng III. Phn tch, la chn v thit k gii thut mng. Yu cu l Winsock.dll ang dng phi c phin bn ng vi phin bn ca TCP/IP ang chy. 1.1.2 Cc s kin ca Winsock DatArribal: y l ni pht hin d liu n thng qua cng cc b. Connect: To lp mt kt ni ti trm khc. SendProgesss: Phn ln c kt hp vi vic truyn file. Cho bit mun lm g trong khi n vn x l vic gi thng tin d liu. SendComplete: Sau khi gi d liu hon thnh cho bit xy ra chuyn g. Close: Dng ng kt ni, ngt kt ni. SendData: Bo cho Winsock iu khin vic gi d liu. GetData: Bo cho Winsock iu khin nhn d liu thng ang c gi thng qua RemotePort. 1.1.3 Loi Socket trong Winsock Stream Socket : Cung cp lin lc 2 chiu, chui tun t v tin cy. Stream Socket hot ng ging nh cuc m thoi. Trong Winsock c k hiu l kiu SOCK_STREAM dng giao thc iu khin truyn thng mng TCP. Datagram Socket : H tr dng thng bo 2 chiu. Datagarm Socket hot ng nh vic gi th i gi th li v thiu tin cy. Trong Winsock c k hiu kiu SOCK_DGRAM dng giao thc d liu ngi dng UDP. Sequential Packet Socket : Cung cp truyn thng 2 chiu, chui tun t, tin cy. Trong Winsock n c k hiu l kiu SOCK_SEQPACKET. Raw Socket : Cung cp truy cp c bn cc giao thc truyn thng, cho php truy cp trc tip cc thng tin header ca packet tng thp (IP). 1.1.4 Lm vic vi Socket trong Winsock Khi to Socket : Hm int socket (int domain, int type, int protocol) c gi khi to Socket trong min v kiu xc nh. Nu giao thc khng c ch r h thng s mc 45 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut nh giao thc h tr loi socket ch nh. Cc socket nm gi s c tr v. Qu trnh truyn thng kt ni qua cc a ch. Hm int bind (int s, const struct sockaddr *name, int namelen) c gi kt hp ng dn hoc a ch Internet ti Socket. S dng unlink () rm() hy mt socket. Kt ni cc Stream Socket: i vi vic kt ni cc Socket, mt tin trnh thng hot ng nh Server m tin trnh khc l Client. Server kt hp Socket ca n ti ng dn hoc a ch. Sau Server gi hm int listen (int s, int backlog) cho SOCK_STREAM. N xc nh c bao nhiu yu cu kt ni trong hng i .Mt Client khi to kt ni ti Socket ca Server bng cch gi hm int connect (int s, struct sockaddr *name, int namelen) Server gi hm accept() hon tt kt ni cho SOCK_STREAM. Hm int accept (int s, struct sockaddr *addr, int *addrlen) tr v mt socket mi ph hp vi s lin lc ring . Mt server c th c nhiu kt ni SOCK_STREAM ch ng trong cng lc. Truyn ti v ng Stream Socket: C mt s hm gi v nhn d liu t Socket SOCK_STREAM l read() v write(). Cc hm send (int s, const char *msg, int len, int flags) , revc (int s, const ch *buf, int len, int flags) ging vi read() v write() nhng c thm mt s c iu khin:Dng hm close() ng Socket. Datagram Socket: Mt Datagram Socket khng i hi phi thnh lp kt ni. Mi thng ip s mang mt a ch ch. Nu a ch cc b ring bit l cn thit th vic gi hm bind() phi c gi trc khi truyn d liu. D liu c gi thng qua hm sendto() hoc sendmsg(). Hm sendto c gi ging nh hm send() c gi vi a ch ch xc nh. nhn cc thng bo Datagram Socket ta gi hm recvfrom() hoc recvmsg(). Trong khi revc() yu cu mt vng m th recvfrom() yu cu ti 2 vng m cho d liu v cho a ch ngun. Datagram Socket cng c th dng hm connect() kt ni socket ti mt socket ch c xc nh trc. Khi cng vic hon tt th hm send() v recv() c dng
Chng III. Phn tch, la chn v thit k gii thut gi v nhn d liu. Hm accept() v listend() khng c s dng vi Datagram Socket.
1.2 .NET Socket

1.2.1 Khi nim .NET Socket tng t nh Winsock l mt th vin lp trnh socket cho window nhng hot ng trn nn .NET. Ni cch khc, .NET Socket l mt giao din lp trnh managed code ca Window Socket (Winsock), tc l n hot ng trn nn Winsock. Do vy, ta hu nh c th coi lp trnh vi .NET Socket ging nh lp trnh vi Winsock. Trong .NET Socket, chng ta c 3 loi Socket tng t nh Winsock l Stream Socket, Datagram Socket v Raw Socket. Hu ht cc lp dng lp trnh vi .NET Socket nm trong Namespace System.Net.Sockets.
S giao tip thng qua .NET Socket 1.2.2 Lm vic vi .NET Socket Nu lm vic vi cc tng cao, .NET Socket cung cp sn cc lp TcpListener, TcpClient v UdpClient:
Chng III. Phn tch, la chn v thit k gii thut C ch lm vic ca .NET Socket lm vic vi tng thp hn, ta phi dng lp Socket Khi to Socket khi to 1 Socket ta s dng cu t: Socket (IPAddress, SocketType, ProtocolType);: Kt ni Socket: kt ni Socket, ta s dng hm Connect() vi tham s l a ch IP mun kt ni ti. Truyn ti d liu thng qua Socket: gi v nhn d liu thng qua .NET Socket, ta s dng hm Send() v Receive() vi cc tham s ph hp. 1.2.3 Demo
Demo thc hin bt gi tin IP s dng Socket
1.3 Winpcap
S dng Winpcap xy dng sniffer c ngha l thc hin chn bt mc network adapter.
Chng III. Phn tch, la chn v thit k gii thut 1.3.1 Khi nim Winpcap l mt thu vin m ngun m dnh cho vic chn bt v phn tch gi tin trn nn h thng Win32. Rt nhiu cc ng dng mng hin nay da trn Socket truy cp mng da vo h iu hnh do h iu hnh thc hin hu nh cc cng vic mc thp. Tuy nhin, i khi ta cn truy cp vo d liu nguyn thy trn mng m khng quan tm ti giao thc m n s dng. Khi Winpcap s l s la chn khi cho php ta truy cp trc tip cc gi tin ti mc ca network adapter (trong phm vi ti ta ch xt Ethernet). Winpcap c cc mc tiu chnh sau y: Chn bt cc gi tin (raw packet), k c gi tin gi/nhn ca my ang chy ng dng chn bt ln gi tin chia s thng qua n. Lc gi tin theo nhng quy lut nh trc (giao thc, a ch...). Gi raw packet qua mng. Thng k v bo co cc thng tin lin quan. Winpcap ging nh nhng b th vin chn bt gi tin khc nh libpcap,... gm c 2 thnh phn: Packet Capture Driver Giao din lp trnh (nm trong Packet.dll). Hot ng ca Winpcap c miu t trong hnh sau:
Chng III. Phn tch, la chn v thit k gii thut
C ch hot ng ca Winpcap
1.3.2 Lm vic vi Winpcap
Ly v danh sch cc device: ly v danh sch cc thit b mng ta s dng hm pcap_findalldevs_ex(). Hm ny s tr v mt danh sch cc thit b m sau ta c th m vi hm pcap_open(). M mt thit b v chn bt cc gi tin: m mt thit b mng (thng l network adapter) bt u chn bt ta s dng hm pcap_open(). Sau khi thit b c m, vic chn bt c th c thc hin vi hm pcap_dispatch() hoc pcap_loop(). Hai hm ny tng t nhau, nhng im khc bit l pcap_dispatch() s dng li khi thi gian quy nh ht (timeout) trong khi pcap_loop() ch dng li khi n bt c gi tin (do vy n thng khng c s dng trong thc t do s block chng trnh). Ngoi ra ta cng c th s dng hm pcap_next_ex() v kt qu tr v s l packet header v d liu). Lc gi tin (filtering) 50 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut L mt tnh nng mnh v hu dng nht trong winpcap.N cung cp kh nng phn tch mng mt cch hiu qu v kt hp hon ho vi c ch chn bt ca Winpcap. Nhng hm c s dng filter packet l pcap_compile() v pcap_setfilter(). Thng k: Ta c th thng k da vo thng tin ca cc packet chn bt c thu thp thng tin tnh trng mng. Tuy nhin, vi nhng ng dng khng i hi thng k chi tit ta c th yu cu network adapter lm cng vic thng k bng cch thit t n trong trng thi thng k (statistical mode) set_mode(). bng cch s dng hm
Demo s dng Winpcap v Jpcap 0.7 chn bt gi tin
Hng Thc Hin Chng Trnh
Trong phn ny chng ta s phn tch phng hng v gii thut thc hin chng trnh m khng quan tm ti cng ngh c th 51 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut chn bt v phn tch gi tin, chng trnh c ci t trn mt my c lp c th l my ch ca mng LAN (gateway). u tin, n s tin hnh bt cc gi tin truyn trn mng thng qua thit b card mng (network adapter). Sau chng trnh tin hnh c ct ly phn header ca gi tin, tip theo n s phn tch tng hp cc header phn chung laays ra cc header xc nh. Khi tng hp xong chng trnh a thng tin ca tng header vo mt c s d liu (hoc file). Vi yu cu ca ti, chng ta c th s khng cn lu li d liu ca cc gi tin m ch cn header ca chng. Thng tin ca cc gi tin c thng k v hin th. Cc bc tng qut c thc hin theo s sau y:
M hnh tng qut x l ca chng trnh
2.1 Bt gi tin
Ca ng c th x l gi tin l card mng. Thng qua n cc gi tin truyn trn tin thu c ra mn hnh vi c ch event (ngay lp tc khi chn bt v phn tch c gi tin) hay cng c th thc hin tng t mi mt khong thi gian (v d 5s). T nhng thng tin thu c nhng bc trn ta c th thng k vo bo co ty thuc vo yu cu ca ngi dng.
2.2 Tch phn header

Sau khi can thip c th chn bt c gi tin (d mc no) ta tin hnh c tng byte ca gi tin v lu vo mt b m c t chc sn. Khi c ta s c 52 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut ht c phn header ca gi tin. Ta c th bc tch ln lt tng phn header ca cc giao thc bt u t giao thc cp thp nht m chng trnh chn bt (IP h eader vi chng trnh s dng raw socket v Ethernet header vi chng trnh s dng winpcap). Da vo header ca n v d liu tng di, ta hon ton c th bc tch v thu c header ca n v d liu giao thc tng trn.
2.3 Phn tch, tng hp header

Ta tin hnh phn tch cc giao thc, so snh header thu c tng hp thng tin i vi nhng segment thuc cng mt gi tin b phn on.( c th nhn c 1 header duy nht ca nhng segment c phn on ny) Ta cng c th dng mt b m th hai lu tr cc header duy nht ny. Qua qu trnh ny ta c th thu c cc thng tin nh: Thi gian tn ti ca gi tin. Tng s cc gi tin. Tng s cc segment ca mt gi tin. Tng di ca gi tin. a ch ch n, a ch ngun.
2.4 a vo c s d liu
Cc thng tin ta xc nh c bc trn c th c a vo mt c s d liu tin cho vic hin th, thng k vo bo co. Cc thng tin c th gm Phin bn. Thi gian sng. a ch ngun. a ch ch. Tng s cc segment. S hiu cng ngun. S hiu cng ch. 53 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut Giao thc truyn. di header. ln gi tin Nhng thng tin ny khng nht thit phi c a vo mt c s d liu quan h hay mt file d liu trn a v c th lm tng phc tp khng cn thit cho chng trnh. Chng ta c th ch cn ghi cc thng tin ny vo mt b m trong b nh my tnh.
2.5 Hin th, thng k v bo co

Ta c th hin th nhng thn tin thu c ra mn hnh vi c ch event (ngay lp tc khi chn bt v phn tch c gi tin) hay cng c th thc hin tng t mi mt khong thi gian (v d 5s). T nhng thng tin thu c nhng bc trn ta c th thng k vo bo co ty thuc vo yu cu ca ngi dng.
La chn gii thut
T nhng so snh gia hai phng php chn bt gi tin (raw socket v pcap) v chi tit hai b th vin tng ng (winsock v winpcap) nhng mc trn, ta nhn thy mt s c im sau khi la chn gii thut v cng ngh:
Kh nng: C hai phng php u c kh nng thc hin yu cu t ra ca ti l chn bt, phn tch cc gi tin. Tuy nhin, vi winpcap, do chn bt mc card mng nn ta c th chn bt cc gi tin thng qua mng, cn i vi winsock do chn bt mc h iu hnh, ta ch c th chn bt cc gi tin c h iu hnh chp nhn (tc l ch c th chn bt cc gi tin thng qua my ang chy chng trnh v ch i vi mt s loi gi tin nht nh c h iu hnh h tr. Tc : Do winpcap chn bt mc network adapter nn c tc cao hn so vi winsock. Ngoi ra .NET Socket do cn cn c thm CLR nn c th hot ng chm hn. Tuy nhin vi cc my tnh hin nay tc sai khc l khng ng k 54 Trn Ngc Vit CNT46 H
Chng III. Phn tch, la chn v thit k gii thut linh hot : Winsock v .NET Socket ch c th chn bt gi tin t tng giao thc IP tr ln v gi gn trong mt s hu hn cc loi gi tin m h iu hnh h tr, do n km link hot hn. Ngoi ra pht trin ng dng vi Winsock ta phi s dng Visual C++, vi .NET Socket ta phi s dng .NET trong khi i vi Winpcap ta c kh nhiu th vin c lin kt trong cc ngn ng khc nhau nh Java, .NET, Python, ... H tr: Bn Winsock mi nht l Winsock 2.0 v rt t c ci tin cng nh khng cn c Microsoft h tr nhiu (cn b rt bt mt vi chc nng) trong khi Winpcap vn ang c tip tc pht trin (mi nht l Winpcap 4.1 vo thng 1/2009) vi m ngun v documentation y . phc tp ci t: S dng Winpcap pht trin c phc tp cao hn do t c s h tr ca h iu hnh v phi ci thm th vin ngoi nhng tnh linh hot cng cao hn. Nhng ng dng c: Hin nay hu ht cc ng dng chn bt gi tin u s dng Winpcap, c bit l nhng chng trnh chn bt gi tin thng dng v ni ting nh Wireshark hay Packet Analyzer u s dng Winpcap. Winpcap gn nh tr thnh mt chun khng chnh thc i vi cc chng trnh chn bt gi tin trn Windows. T nhng l do nu trn, s dng phng n chn bt mc thp c phn ph hp hn i vi ti phn tch lu lng thng tin vo ra trong mt mng.. Do vy, em xin xut s dng Winpcap 4.0 kt hp vi Jpcap 0.7 (ti a ch (http://netresearch.ics.uci.edu/kfujii/jpcap/doc/index.html)) thc hin xy dng chng trnh.
Chng IV. Xy dng chng trnh
CHNG IV. XY DNG CHNG TRNH

1 Cc Chc Nng Chnh
Chng trnh thc hin bt cc gi tin, sau tin hnh phn tch gi tin ly tng phn thng tin ca cc trng trong header ca mi gi tin bt c. Cc thng tin thu c s c lu li vo vng m, hoc cng c th lu li vo file sau ny nhng thng tin li c th ly ra hin th ln mn hnh hoc thng k. Cc gi tin thu c s c phn loi theo giao thc v tng s gi tin thu c cng nh tng lu lng vo/ra mng cng s lin tc c cp nht. Chng trnh cng c kh nng pht hin v cnh bo nhng li xy ra trn mng v Chng trnh gm cc chc nng chnh sau y:
Kim Sot Lu Lng Thng Tin Qua H Thng Mng
Meter
Capture
File
View
Statistics
Bandwidth
Traffic Meter Traffic Report
Start
Open
Toolbar
Cummulative
Limit
Stop
Save
Face
Continuous
Block
Restart
Reload
Table Filter
Exit
Close
S phn cp chc nng
Meter (o lu lng bng thng) o Traffic Meteter: o lu lng bng thng trn 1 n v thi gian v hin th di dng th lin tc. Traffic Report: bo co lu lng thng tin di dng th bao gm: Bo co lu lng trong 24 gi gn nht. Bo co lu lng trong ngy. Bo co tng lu lng trong tun, thng, nm hoc trong mt khong thi gian bt k. Capture (bt gi tin) o Start: Bt u qu trnh bt gi tin. o Stop: Kt thc qu trnh bt gi tin. o Restart: Khi ng li qu trnh bt gi tin. o Exit Thot khi chng trnh. File (tp tin) o Open: M file ly thng tin v cc trng ca cc gi tin c ghi li t trc. o Save: Ghi li thng tin cc trng ca gi tin va bt c vo mt tp vi tn t t. o Reload: M li file c m t phin lm vic trc . View (giao din) o Toolbar: Cho php bt/tt ch hin th thanh Toolbar. o Face: Cho php thay i giao din ca chng trnh (giao din window, metal...) o Table Filter: Cho php hin th hay khng cc trng thng tin thu c ln mn hnh. 57 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Statistics (thng k) o Cumulative: Thng k tch ly vi cc tiu ch nh: s lng cc g i tin, ln cc loi gi tin, phn trm cc loi gi tin trn cc tng khc nhau v hin th di dng th vng.. o Continous: Thng k lin tc t l gia cc loi gi tin trn mi tng v hin th di dng th thi gian lin tc. Bandwidth Management (qun l bng thng) o Limit: Cho php qun l bng thng vo/ra mng ca h thng, cho php thit t gii hn lu lng, cnh bo v kha mng nu nh vt qu lu lng cho php c quy nh t trc. o Block: Kha mt a ch IP hay mt cng kt ni Internet ca h thng. Help o Thng tin v chng trnh v ngi thc hin. o Tr gip s dng chng trnh.
Phn Tch Xy Dng Cc Chc Nng Chnh
2.1 Hot ng tng qut
Lu hot ng tng qut
2.2 Chc nng o lu lng 2.2.1 o lu lng vo/ra trn my ci t chng trnh
Mt my tnh c th c nhiu thit b mng khc nhau cng thc hin vo/ra mng. o c lu lng trn mt my, chng ta phi o lu lng vo/ra trn tt c cc thit b, sau tng hp li v kim tra a ch, nu nh a ch ngun v ch chnh xc th s hin th ra biu thi gian lin tc v ghi vo c s d liu.
2.2.2 Bo co thng tin lu lng

Lu lng vo ra trn my s c lu vo mt c s d liu ht sc n gin theo mi pht. Thng tin lu li s l lu lng vo, lu lng ra, s gi tin vo v s gi tin ra trong 1 gi. Nu nh khong thi gian ghi vo c s d liu (1 pht/ln) khng trng gi vi bt c bn ghi no trong c s d liu th s thm bn ghi mi, nu ngc li s cng thm thng tin mi o c c vo bn ghi c.C s d liu c s dng l HyperSQL, c dung lng nh, c chy cng trong my o JVM ca chng trnh chnh nn c tc rt nhanh.
Bng trong c s d liu
Hot ng ghi c s d liu T c s d liu, ta c th to ra nhng bo co nh: Bo co lu lng theo tng gi, tng ngy, tng tun, tng thng v tng nm. Bo co lu lng trong mt khong thi gian bt k. Hin th di dng th.
2.3 Bt gi tin
Chng trnh cn cho php la chn cc thit b mng khc nhau c ci t trn my v thc hin chn bt cc gi tin vo ra trn cc thit b mng . Nhng thng tin m ngi dng cn khai bo trc mi phin chn bt bao gm: Chn bt trn thit b no. Chn bt vi s lng gi tin ti a l bao nhiu. Chn bt trong thi gian ti a l bao nhiu chng trnh s t ng dng li. (c th khai bo hoc khng). Chn bt trong ch a hn tp (promiscuous mode) hay khng. Cc thao tc chng ta c th thc hin vi chc nng ny bo gm: 61 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Start: bt u thc hin bt gi tin vi nhng thit lp nh trn. Stop: dng qu trnh bt gi tin. Restart: bt u li t u bt gi tin vi nhng thit lp gi nguyn t phin lm vic trc . thc hin chn bt cc gi tin trong mng LAN ta cn phi thit lp chng trnh chn bt trong ch a hn tp (promiscuous mode) v lp t cc my trong mng theo nhng s thch hp nh nhng v d sau y:
V d s cch ni cc my trong mng 1 Trong s trn, my c ci t chng trnh c ni vi nhng my trong cng mng thng qua mt Hub. Do vy, my ny hon ton c th chn bt c nhng gi tin vo/ra trn ton mng (bao gm c nhng gi tin vo/ra trn nhng my khc trn mng ni cng mt Hub).
V d s cch ni cc my trong mng 2 Trong s ny, cc my trong mng c ni vi nhau bng switch. Tuy nhin, my ci t chng trnh s c ni vo switch thng qua mirror port v do vy n s nhn bit c tt c cc gi tin qua mng. Tuy nhin i vi cch ni ny yu cu swtich phi c chc nng port mirroring.
V d s cch ni cc my trong mng 3 Trong s ny ta s dng mt Hub v mt Switch khng c chc nng port mirroring t hiu qu tng t 2 cch trn.
2.4 Cc thao tc vi File

Sau khi bt c nhng gi tin, yu cu t ra l phi lu tr li nhng thng tin ny phc v nhng mc tiu sau ny. Thng tin ny c lu tr li di dng file. File ny phi l file tiu chun *.pcap c h tr bi tt c cc chng trnh 63 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh chn bt gi tin hin nay nh wireshark, network analyzer, tcpdump... ngha l chng trnh ca chng ta v nhng chng trnh trn hon ton c nh dng file tng thch (compatible). Nhng packet chn bt trn chng trnh ny hon ton c th m ra trn chng trnh khc v ngc li.
2.5 Giao din (View)

Giao din chng trnh phi t c nhng yu cu nh sau: Hin th c danh sch nhng gi tin chn bt c di dng bng. Hin th thng tin ca mi gi tin i vi tng tng di dng cy. Hin th thng tin ca mi gi tin di dng m hexa. C th ty bin nhng ct thng tin trn bng danh sch gi tin. C chc nng sp xp bng i vi tng trng thng tin theo la chn ca ngi dng. C chc nng lc trn tng trng thng tin gip ngi dng c th tm kim c gi tin c c tnh cn thit v hin th c s khc nhau gia s gi tin thc s chn bt v s gi tin hin th. C th d dng di chuyn gia cc gi tin ( gi tin u tin, cui cng trn d liu, gi tin c s th t chn bt bt k gi tin va la chn trc ,...). Cho php ngi dng ty bin nhng thnh phn trn giao din (n/hin). Cho php ngi dng la chn bng thng tin t ng cun xung gi tin mi nht hoc khng. Cho php ngi dng la chn lookandfeel a thch vi nhiu lookandfeel khc nhau. Cho php ngi dng la chn s dng giao din ngn ng thch hp (ting Anh hoc ting Vit).
2.6 Thng k (Statistics)

2.6.1 Thng k tch ly (Cumulative) Cho php thng k t l i vi cc gi tin theo tng tng t lc bt u chn bt ( tng network, tng trasnport v tng application) theo cc tiu ch nh: S lng cc gi tin cc loi trn mi tng v tng s. 64 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh T l phn trm gia cc gi tin trn mi tng. Tng ln ca cc gi tin cc loi trn mi tng. T l phn trm gia ln cc gi tin trn mi tng. Nhng thng tin ny s c hin th di dng th vng (Ring Chart) c th d dng quan st v so snh. 2.6.2 Thng k lin tc (Continous) Cho php thng k t l gia cc gi trn trn cc tng di dng th dng ng k v cp nht trn thi gian thc (TimeSeries Chart).
2.7 Qun l mng

2.7.1 Kha mng theo mt lut m ngi dng la chn Cho php ngi dng kha mng theo mt lut m h la chn. Chng trnh khng trc tip ng vai tr firewall m ch n gin kt ni vi cng c IPSercurity ca Windows thc hin chc nng ny, do vy n ch c tc dng vi gi tin t tng transport tr ln (chnh xc hn l ch thc hin c i vi gi tin IP).
S mi lin h trong hot ng kha mng Nhng thng tin ta cn c trong chc nng ny bao gm: a ch ngun ( bao gm IP v SubnetMask). a ch ch (bao gm IP v SubnetMask). S hiu cng ngun (i vi TCP v UDP). 65 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh S hiu cng ch (i vi TCP v UDP). 2.7.2 Kha mng t ng T ng kha truy cp mng theo nhng iu kin cho trc.
Gii Thiu Chng Trnh
3.1 Khi ng chng trnh

Khi chng trnh khi ng, chc nng u tin hot ng l cng c Meter dng o lu lng thng tin vo ra trn 1 giy, hin th di dng th thi gian lin tc v ghi li thng tin vo c s d liu.
Traffic Meter Ngi dng c th ty n/hin, di chuyn Meter theo mun. Cc thnh phn cn li ca chng trnh nu mun kch hot ta phi s dng cc Menu trong System Tray
System Tray Menu
3.2 Chc nng bo co

Bo co di dng th lu lng thng tin vo/ra, s lng gi tin vo/ra c lu trong c s d liu.
V d mt biu bo co hin th thng tin 24 gi gn nht
3.3 Chc nng bt gi tin

Chc nng chnh ca chng trnh l bt gi tin, do vy nn y l thnh phn quan trng nht ca chng trnh. Giao din c bn ca chc nng ny gm c cc hnh phn nh sau: Menu: menu chnh ca chng trnh.
Menu chng trnh 67 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Toolbar: cc cng c di dng nt bm trc quan. Cc nt bm ny u c nhng menu tng ng trn thanh menu v c tc dng tng ng.
Thanh Toolbar
Packets Table: hin th danh sch cc gi tin chn bt c.di dng bng d liu cng nh km theo b lc i vi cc trng thng tin trn bng.
Bng danh sch cc gi tin Packet Information Tree: hin th thng tin ca packet c la chn trn Packets Table i vi tng tng.
Packet HexPane: hin th d liu ca packet c la chn di dnh m hexa
Statusbar: hin th trng thi ca chng trnh: s packet chn bt c v s packet c hin th trn bng (hai s lng ny l khc nhau nu nh ngi dng thc hin filter i vi mt ct thng tin bt k no ).
Khi bt u thc hin bt gi tin bng menu Capture trn menu hoc nt bm trn toolbar, ngi dng s c yu cu khai bo cc thng tin lin quan ti phin lm vic nh sau:
La chn thit b s chn bt trn danh sch. La chn c chn bt trong ch a hn tp hay khng. 70 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh La chn s t ng dng bt gi tin sau mt khong thi gian nh trc hay sau mt s lng gi tin nht nh. Khi , chng trnh s tin hnh chn bt cc gi tin theo thi gian thc vi cc tiu ch k trn. Cc gi tin s c hin th ra mn hnh di dng bng.(Packets Table). Bng hin th l bng ng vi phn d liu (model) ca cc packet v phn hin th (view) hon ton ring bit, do vy ngi dng c th thc hin la chn bng s hin th thng tin g m khng h nh hng n d liu, ng thi gip chng trnh ch cn phn tch nhng thng tin cn thit m khng cn phn tch ton b tt c cc trng thng tin, gp phn lm tng hiu nng.
Bng d liu cho php ngi dng la chn thng tin hin th Bng d liu cho php ngi dng sp xp trn tt c cc trng thng tin hin th bng cch nhy p vo header ca trng thng tin trn bng.
V d sp xp theo gi tr tng dn ca trng Source IP
Bng d liu cho php ngi dng thc hin lc trn mt trng gi tr bt k hin th trn bng bng cch g vo filter nm ngay pha trn bng. Nhng packet no khng tha mn gi tr filter s c giu i m khng nh hng g n d liu chng trnh.
V d Filter cho trng Destination IP vi gi tr 192.168. Ch nhng packet no c gi tr tng ng bt u bng 192.168 mi c hin th.
3.4 Cc thao tc vi file

Chng trnh s dng nh dng chun *.pcap ca th vin libpcap nn hon ton tng thch vi bt k chng trnh chn bt gi tin no khc s dng chun ny (wireshark, windump, tcpdump...) Chng trnh c th m cc file c lu li t
Chng IV. Xy dng chng trnh cc chng trnh khc k trn hay ghi li file m cc chng trnh c th m c. Cc thao tc gm: Open: m file ( yu cu l file dng chun *.pcap ca libpcap). Save: lu li file di nh dng chun *.pcap. Save as: lu li file va m di tn khc v ui bt k. Reload: m li file va m trong phin trc . Close: ng li file hay hy b phin chn bt
3.5 Chc nng di chuyn trn bng d liu

Nhy ti gi tin u tin c chn bt. Nhy ti mt gi tin c s th t bt k. Nhy ti gi tin cui cng c chn bt (l gi tin u tin v cui cng trn d liu (model) v khc vi gi tin u tin/ cui cng c hin th trn bng (view)). Nhy ti gi tin trc la chn (tng t previous/back trn trnh duyt).
3.6 Chc nng thng k
Menu thng k Ngi dng c th la chn chc nng thng k thng qua menu hoc nt bm trn thanh toolbar. 3.6.1 Thng k tch ly (Cumulative Statistics) Chc nng ny cho php ngi dng thng k li thng tin t lc bt u phin chn bt v lin tc cp nht cho n khi ngi dng la chn dng phin chn bt. 73 Trn Ngc Vit CNT46 H
Chng IV. Xy dng chng trnh Ngi dng c th thng k theo tng tng bao gm: Thng tin tng qut. Network Layer. Transport Layer Application Layer. D liu c thng k theo cc tiu ch sau: Tng s lng cc packet mi loi. T l phn trm cc packet mi loi. Tc chn bt (bit/s v packet/s). Tng ln ca packet theo mi loi. D liu c lin tc cp nht trn biu dng vng v vi mi mt tiu ch s c mt biu tng ng. v d di y l biu thng k tch ly trn cng mt d liu i vi tng Application v theo hai tiu ch khc nhau l tng s lng packet v tng ln ca packet mi loi.
V d thng k theo tng s lng cc gi tin
V d thng k theo tng ln cc gi tin 3.6.2 Thng k lin tc (Continous Statistics) Khng ging nh thng k tch ly, thng k lin tc cho php ngi dng nhn bit s thay i ca t l cc packet trong khong thi gian lin tc do n s dng th dng ng lin tc v c cp nht 1giy/ln. Thng tin c lu tr ti a ti 120 giy.
V d thng k lin tc trn tng Transport
V d thng k lin tc trn tng Network
3.7 Ngn chn thng tin

Bng cch s dng tin ch ipseccmd nm trong b Windows Support Tools, ta c th dng chng trnh kt ni ti dch v IPSercurity ca Windows thc hin ngn chn mt kt ni bt k. Vi v d pha di, ta chn lut nh sau: a ch ngun chnh l a ch ca chng ta. a ch ch l bt k a ch no. Giao thc l TCP. Cng ngun l bt k cng no. Cng ch l cng c gi tr 80. Nh vy sau khi lut ny c a vo dch v IPSercurity, Windows s t ng ngn chn tt c cc gi tin tha mn lut trn, cng chnh l ngn chn hot ng truy cp website.
V d ngn chn kt ni truy cp web
3.8 Mt s tnh nng ph

Cho php ngi dng ty bin LookAndFeel theo mun vi gn 20 LookAndFeel khc nhau
V d vi Metal LookAndFeel
V d vi Office 2007 LookAndFeel Cho php ngi dng la chn ngn ng ca chng trnh (ting Anh v ting Vit). Sau khi thay i th ton b cc on hi thoi, cc menu... ca chng trnh u c chuyn sang ngn ng tng ng.
Giao din ting Vit
Nhc im v hng pht trin
4.1 Nhc im
Chng trnh cn tn ti rt nhiu nhng nhc im cn phi khc phc, l: Cha thc s qun l v chn bt c trong mng LAN. Nu mun chn bt cc gi tin trong mng LAN th cn phi lp t cc my trong mng theo s thch hp s dng Hub hoc Switch c chc nng port mirroring kt hp vi ch bt a hn tp (promiscuous mode).
Chng IV. Xy dng chng trnh Khng thc s kha kt ni mng m ch ng vai tr cu ni ngi dng s dng dch v IPSercurity ca Windows. Do vy chc nng kha ny cng khng th hot ng trn cc h iu hnh khc ngoi Windows v chng trnh cha thc s hon ton Cross-Platform. S dng c s d liu HyperSQL vi ch b nh, do vy mi ln khi ng chng trnh phi load ton b c s d liu vo b nh, gy tn thi gian khi ng nu nh d liu c lu qu nhiu (khong vi nm). Nhng thng tin ghi li vo c s d liu cn t ( ch bao gm lu lng vo/ra v s packet vo/ra). Cha thc hin highlight i vi cc loi gi tin khc nhau. Cch thc phn tch cc gi tin cn s si, t chng loi gi tin c th phn tch, cch thc hin th cc trng thng tin cn nhiu ch khng hp l ( cch hin th trng thi gian, cch cn l cc ct d liu trong bng...). Cha c chc nng gii m d liu ca gi tin cng nh theo du lung TCP (TCP Stream) t kim tra th t cc gi TCP v tng hp thnh mt file d liu hon chnh, do vy cng cha th cnh bo cc on m c c th gi ti h thng. Khi thc hin chn bt gi tin th chng trnh ch cho php chn bt t mt thit b duy nht, nu mun chn bt nhiu thit b cng lc th phi chy hai chng trnh cng lc.
4.2 Hng pht trin

Do iu kin thi gian v trnh m chng trnh ca em cn hn ch v mt chc nng v nhiu thiu st. Trong tng lai, em mun hn cht nhng thiu st ny cng nh m rng v mt chc nng cho chng trnh vi hng pht trin sau: M rng s lng cc loi gi tin c th phn tch cng nh mc chi tit khi phn tch mt gi tin, sa i kh nng hin th cc thng tin mt cch ph hp hn. Nng cp chc nng bo co c th in n, xut ra nhiu nh dng khc nhau. Nng cp chng trnh tr thnh chng trnh client-server trong server c trang b thm kh nng iu khin chng trnh client trao, thu nhn cc bo co ca chng trnh client hay yu cu chng trnh client kha mng theo mt lut no .
Chng IV. Xy dng chng trnh Pht trin thm chc nng phn tch gi tin cho php hin th mi lin h gia cc a ch v mi lin h gia cc cng di dng th.
Kt Lun
Trong thi gian lm n tt nghip ny, cng vi s c gng ca bn thn v s hng dn tn tnh ca thy gio Th.S. Ng Quc Vinh v cc thy c gio trong khoa Cng ngh thng tin cng s tham gia ng gp ca cc bn sinh vin, em xy dng c chng trnh kim sot lu lng thng tin trn h thng mng vi cc yu cu ra. Em c gng hon thin chng trnh c v mt chc nng cng nh giao din, song vn khng th trnh khi rt nhiu thiu st, em rt mong nhn c s tham gia ng gp v gip ca cc thy c gio, cc bn sinh vin em c th pht trin hn na chng trnh ca mnh. Trong thi gian ti em s c gng nghin cu pht trin v hon thin ti ca mnh hn na. Cui cng, mt ln na em xin chn thnh cm n cc thy c trong khoa Cng ngh thng tin, nhng ngi du dt em trong sut qu trnh hc tp ti trng v c bit gi li cm n su sc n thy Ng Quc Vinh hng dn, gip em trong sut qu trnh lm ti tt nghip ny..
Hi Phng thng 12 nm 2009 Sinh vin: Trn Ngc Vit
TI LIU THAM KHO
[1]. Wikipedia.org [2]. Robert Graham. Packet Sniffing FAQ. [3]. Nguyn Thc Hi. Mng my tnh v cc h thng m. [4]. Fiach Reid. Network Programming in .NET With C# and Visual Basic .NET. [5]. Keita Fujii. Jpcap Tutorials.

Baocao

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Baocao

Uploaded by

Copyright:

Available Formats

MC LC

B giao thc TCP/IP Cc giao thc v khun dng d liu chnh.... 15

Cch Thc Hot ng .............................................................................. 34

1 Trn Ngc Vit CNT46 H

Cc Phng Php Xy Dng ................................................................... 39

Hng Thc Hin Chng Trnh ............................................................ 51

CHNG IV. XY DNG CHNG TRNH ............................................. 56 1 2

2 Trn Ngc Vit CNT46 H

Kha mng theo mt lut m ngi dng la chn ........................................ 65

Gii Thiu Chng Trnh......................................................................... 66

Nhc im v hng pht trin ............................................................ 78

Kt Lun ............................................................................................................ 81 TI LIU THAM KHO ................................................................................ 82

3 Trn Ngc Vit CNT46 H

Hi Phng thng 12 nm 2009 Sinh vin: Trn Ngc Vit

4 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

CHNG I. C S L THUYT MNG MY TNH

Tng Quan H Thng Mng TCP/IP Ethernet

1.1 Khi nim mng my tnh

1.2 Kin trc phn tng

1.3 M hnh OSI

1.4 Phng thc hot ng

1.5 B giao thc TCP/IP

11 Trn Ngc Vit CNT46 H

1.6 So snh TCP/IP v OSI

B giao thc TCP/IP Cc giao thc v khun dng d liu chnh

2.1 Cu trc phn tng ca TCP/IP

B giao thc TCP/IP 15 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

2.2 ng gi d liu trong TCP/IP

Mt s giao thc trn cc tng ca TCP/IP

16 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

2.3 S lc chc nng cc tng

17 Trn Ngc Vit CNT46 H

2.4 Cc giao thc chnh v khun dng d liu tng ng

Hardware type (HTYPE)

Cu trc mt n v d liu ARP

20 Trn Ngc Vit CNT46 H

n v d liu ca giao thc IP c cu trc nh sau:

22 Trn Ngc Vit CNT46 H

25 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

Acknowledgement Number Data Reserve Flags Window

26 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

0 - 15 Source Port Length Data

16 31 Destination Port Checksum

28 Trn Ngc Vit CNT46 H

29 Trn Ngc Vit CNT46 H

Chng I. C s l thuyt mng my tnh

30 Trn Ngc Vit CNT46 H

31 Trn Ngc Vit CNT46 H

Chng II. K thut chn bt

CHNG II. K THUT CHN BT

1.1 Cc khi nim lin quan

32 Trn Ngc Vit CNT46 H

1.2 ng dng ca sniffer

Chng II. K thut chn bt

1.3 Cc chng trnh sniffer hin c

802.11 wireless LANs. Cain & Anbel (http://www.oxid.it/)

Cch Thc Hot ng

34 Trn Ngc Vit CNT46 H