Scribd Logo
Upload

Welcome to Scribd!

  • Huong Dan Trace Ban Tin Bang Wireshark

    Uploaded by

    Ba Truong Huu
    67 views9 pages

    Original Title

    Huong dan trace ban tin bang Wireshark.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    67 views9 pages

    Huong Dan Trace Ban Tin Bang Wireshark

    Uploaded by

    Ba Truong Huu

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    HNG DN S TRACE

    I. Ci t Wireshark
    s dng wireshark th cn thc hin ci t 2 phn mm
    Phn mm 1: WinPcap
    Phn mm 2: Wireshark, ty vo Win 32 or 64 s dng phn mm Wireshark tng ng.
    2 phn mm ny u Free nn khng cn crack.
    II. Bt gi tin trn Wireshark (Capture packets)
    Cch 1: S dng trc tip phn mm Wireshark
    1. M Wireshark
    2. Trong tab Capture, click vo Interfaces (c th dng t hp phm tt: Ctrl + I)

    3. Ca s Capture Interfaces hin ra, thc hin cc bc sau c th capture bn tin
    Bc 1: Tick vo giao din cn capture bn tin

    Bc 2: Click vo Options
    Trn ca s Edit Interface Settings, thit lp nh hnh:

    - Double Click vo Interfaces ang capture, v d y l Wireless Network Connection
    - Tick chn vo Limit each packet to, in 200, ngha l ch capture mi bn tin 200
    bytes u tin gim kch thc bn tin (theo khuyn ngh th ch cn 200 bytes u tin l thng tin
    phn tch).
    - Xa trng trng trong Capture Filter.
    - Click OK.
    Bc 3: Click Start bt u bt bn tin, cc bn tin s hin ra nh sau:

    4. Click vo Stop (trong tab Capture) (hoc Ctrl + E) sau khi kt thc vic trace bn tin
    5. Lu log file
    File Save (hoc Ctrl + S)


    Cch 2: n gin hn v c th trnh c 1 s li Java, do trong 1 s trng hp Capture c nhiu bn
    tin s dn ti Java b treo.
    Bc 1: Open Command Prompt
    Bc 2: Chuyn ti th mc ang cha phn mm Wireshark, trong v d di l ang cha trong
    D:/Program Files/Wireshark

    Bc 3: Hin th cc giao din c th Capture c
    Trong ca s trn, g lnh: tshark D

    Bc 4: Capture bn tin
    G dng lnh: tshark i number of interface s limit of packets w name.pcap
    Trong :
    number of interface: s th t ca giao din mun capture bng wireshark. Trong trng hp
    ny ch c giao din Wireless nn chn 1.
    limit of packets: chn 200, nh gii thch trn.
    name.pcap: chn tn ca file s c lu, v d Troubleshoot_GGNH01_Test1.pcap
    logfile ny s c lu trong th mc cha Wireshark (trong trng hp ny l D:/Program
    Files/Wireshark.
    Sau khi thc hin capture, s c dng thng bo Capturing on Name of Interface, v s m bn tin
    s tng dn (nh hnh v)

    Bc 5: Sau khi hon thnh vic trace, g Ctrl + C kt thc vic trace, logfile t ng c lu.

    III. Lc cc bn tin TCP
    Bc 1: Open logfile
    File Open ng dn cha logfile
    Bc 2:
    1. Ko thanh trt trn ca s hin th log file n khong gia logfile ( chc chn rng ang
    phn tch TCP ca file cn o, do Wireshark s capture bn tin t lc bt u Start, do s c nhng
    bn tin tha)
    2. Tm v tick bn tin vi c cc thng tin sau:
    Protocol: FTP-DATA
    Info: FTP Data: bytes
    3. Trong ca s bn di, trong tab Transmission Control Protocol, tm Dst port.
    ngha ca bc ny: Tm ra port TCP m server cp trong qu trnh download TCP.

    Bc 3: Lc cc bn tin TCP
    Trong ca s Filter, g: tcp.port==number of port, trong trng hp ny l 16782.
    Sau nhn Enter lc c tt c cc bn tin TCP.

    Bc 4: Kim tra xem cc bn tin filter ra c ng l ca qu trnh download TCP khng??
    Do qu trnh TCP c khi to v bt u sau khi 2 pha thc hin xong cc th tc bt tay hand-
    shake. Do , sau khi filter, th ko con thanh trt ln u, kim tra xem 3 bn tin u tin c phi l
    3 bn tin SYN khng. Trong trng hp ny l gia FTP server v Firewall.

    IV. Phn tch mt s cc thng tin wireshark.
    1. Tm cc thi im c hin tng packet loss
    Bc 1: Statistics IO Graph
    Bc 2: Trong ca s Graph, g vo Filter: tcp.analysis.retransmission
    Bc 3: Tinh chnh cc hin th th (X Axis, Y Axis)
    Bc 4: Enter lc ra cc thi im c hin tng packet loss (retransmission)

    Phn tch:
    Hnh v trn th hin cc thi im m hin tng c retranmission (cc hnh mi kim)
    bit r cc thi im ny v bao nhiu bytes b retranmission, tick vo OK, sau paste ra
    excel cc thi im retranmission nh sau:
    Interval
    start Graph 1
    360 175
    367 176
    Ti thi im 360s v 367s c hin tng retranmission ln lt 175bytes v 176bytes.
    2. V th Throughput
    Statistics TCP StreamGraph Time-Sequence Graph (tcptrace)









    ngha:
    th l biu din mi tng quan gia s th t gi c truyn v thi gian Nu khng c
    hin tng truyn li hoc mt gi tin th s l tuyn tnh (ng thng)
    Vi logfile ny c cc thi im truyn li (cc im mi tn).
    3. V th Throughput
    Statistics TCP StreamGraph Throughput Graph

    ngha:
    th throughput th hin mi tng qua gia Throughtput (B/s) theo thi gian Nu khng c
    hin tng retranmission hoc mt gi th th ny s l 1 ng thng ngang.
    th throughput c mi tng quan vi th Packet loss, c th:
    - Nu th Packet loss l 1 ng tuyn tnh th throughput l cc im c
    phn b nm ngang v tng ng nhau (theo trc Y)
    - Ti cc im th Packet loss gy khc th Throughput s b tt gim.
    4. V th Round Trip Time (RTT)
    Statistics TCP StreamGraph Round Trip Time Graph

    ngha:
    th th hin mi tng quan khi truyn gi tin vi thi gian tr.

    You might also like