Professional Documents
Culture Documents
Huong Dan Su Dung Wireshark 9292
Huong Dan Su Dung Wireshark 9292
Gii thiu
Hng ngy, c hng triu vn li trong mt mng my tnh, t vic n gin l nhim Spyware
cho n vic phc tp nh li cu hnh router, v cc vn ny khng th c x l tt c lp tc.
Tt nht l chng ta c th hi vng thc hin cng vic bng cch chun b y cc kin thc
v cc cng c tng ng vi cc vn . Tt c cc vn trn mng u xut pht mc gi, ni
m khng c g c che du i vi chng ta, ni m khng c th g b n i bi cc cu trc
menu, cc hnh nh bt mt hoc l cc nhn vin khng ng tin cy. Khng c g b mt y, v
chng ta c th iu khin c mng v gii quyt cc vn . y chnh l th gii ca phn tch
gi tin.
1. Th no l phn tch gi tin?
Phn tch gi tin, thng thng c quy vo vic nghe cc gi tin v phn tch giao thc, m t qu
trnh bt v phin dch cc d liu sng nh l cc lung ang lu chuyn trong mng vi mc tiu
hiu r hn iu g ang din ra trn mng. Phn tch gi tin thng c thc hin bi mt packet
sniffer, mt cng c c s dng bt d liu th trn ang lu chuyn trn ng dy. Phn tch
gi tin c th gip chung ta hiu cu to mng, ai ang trn mng, xc nh ai hoc ci g ang s
dng bng thng, ch ra nhng thi im m vic s dng mng t cao im, ch ra cc kh nng
tn cng v cc hnh vi ph hoi, v tm ra cc ng dng khng c bo mt.
C mt vi kiu chng trnh nghe gi tin, bao gm c min ph v sn phm thng mi. Mi
chng trnh c thit k vi cc mc tiu khc nhau. Mt vi chng trnh nghe gi tin ph bin
nh l tcpdump (a command-line program), OmniPeek, v Wireshark (c hai u l chng trnh c
giao din ho). Khi la chn chng trnh nghe gi tin, ta cn phi quan tm n mt s vn :
cc giao thc m chng trnh cn h tr, tnh d s dng, chi ph, h tr k thut v chng trnh
h tr cho h iu hnh no.
2. Cc bc nghe gi tin:
Qu trnh nghe gi tin c chia lm 3 bc: thu thp d liu, chuyn i d liu v phn tch.
Thu thp d liu: y l bc u tin, chng trnh nghe gi tin chuyn giao din mng c la
chn sang ch Promiscuous. Ch ny cho php card mng c th nghe tt c cc gi tin
ang lu chuyn trn phn mng ca n. Chng trnh nghe gi s dng ch ny cng vi
vic truy nhp mc thp bt cc d liu nh phn trn ng truyn.
Chuyn i d liu: trong bc ny, cc gi tin nh phn trn c chuyn i thnh cc khun
dng c th c c.
C vi chng trnh khc nhau v nghe gi tin, trong tiu lun ny, chng ti xin gii thiu mt
chng trnh in hnh vi nhiu tnh nng mnh h tr vic bt v phn tch gi tin. l
WireShark.
Ni dung cc phn chnh:
Mt mi trng switched l kiu mng ph bin m bn lm vic. Switch cung cp mt phng thc
hiu qu vn chuyn d liu thng qua broadcast, unicast, multicast. Switch cho php kt ni
song cng (full-duplex), c ngha l my trm c th truyn v nhn d liu ng thi t switch. Khi
bn cm mt my nghe vo mt cng ca switch, bn ch c th nhn thy cc broadcast traffic v
nhng gi tin gi v nhn ca my tnh m bn ang s dng.
C 3 cch chnh bt c cc gi tin t mt thit b mc tiu trn mng switch: port mirroring,
ARP cache poisoning v hubbing out.
Port Mirroring
Port mirroring hay cn gi l port spanning c th l cch n gin nht bt cc lu lng t thit
b mc tiu trn mng switch. Vi cch ny, bn phi truy cp c giao din dng lnh ca switch
m my mc tiu cm vo. Tt nhin l switch ny phi h tr tnh nng port mirroring v c mt
port trng bn c th cm my nghe vo. Khi nh x cng, bn copy ton b lu lng i qua
cng ny sang mt cng khc.
Hubbing Out
Mt cch n gin khc bt cc lu lng ca thit b mc tiu trong mt mng switch l hubbing
out. Hubbing out l k thut m trong bn t thit b mc tiu v my nghe vo cng mt phn
mng bng cch t chng trc tip vo mt hub.
Rt nhiu ngi ngh rng hubbing out l la di, nhng n tht s l mt gii php hon ho trong
cc tnh hung m bn khng th thc hin port mirroring nhng vn c kh nng truy cp vt l ti
switch m thit b mc tiu cm vo.
Trong hu ht cc tnh hung, hubbing out s gim tnh nng song cng ca thit b mc tiu (full to
haft). Trong khi phng thc ny khng phi l cch sch s nht nghe, v n thng c bn
s dng nh l mt la chn khi m switch khng h tr port mirroring.
Design by MrQu - Mobile: 0983127983 Email:Quynx.hnue.hut@gmail.com;Quynx@IT4r.net
Khi hubbing out, chc chn rng bn s dng mt ci hub ch khng phi l mt switch b gn nhm
nhn. Khi m bn s dng hub, hy kim tra chc chn rng n l mt hub bng cch cm 2 my
tnh vo n v nhn xem ci mt my c th nhn thy lu lng ca ci cn li khng.
ARP Cache Poisoning
a ch tng 2 (a ch MAC) c s dng chung vi h thng h thng a ch tng 2. Tt c cc
thit b trong mt mng lin lc vi nhau thng qua a ch IP. Do switch lm vic ti tng 2, v vy
n phi c kh nng phin dch a ch tng 2 (MAC) sang a ch tng 3 (IP) hoc ngc li c
th chuyn tip gi tin ti thit b tng ng. Qu trnh phin dch c thc hin thng qua mt
giao thc tng 3 l ARP (Address Resolution Protocol). Khi mt my tnh cn gi d liu cho mt
my khc, n gi mt yu cu ARP ti switch m n kt ni. Switch s gi mt gi ARP
broadcast ti tt c cc my ang kt ni vi n hi. Khi m my ch nhn c gi tin ny, n
s thng bo cho switch bng cch gi a ch MAC ca n. Sau khi nhn c gi tin phn hi,
Switch nh tuyn c kt ni ti my ch. Thng tin nhn c c lu tr trong ARP cache
ca switch v switch s khng cn phi gi mt thng ip ARP broadcast mi mi ln n cn gi
d liu ti my nhn.
ARP cache poisoning l mt k thut nng cao trong vic nghe ng truyn trong mt mng
switch. N c s dng ph bin bi hacker gi cc gi tin a ch sai ti my nhn vi mc tiu
nghe trm ng truyn hin ti hoc tn cng t chi dch v, nhng ARP cache poisoning ch
c th phc v nh l mt cch hp php bt cc gi tin ca my mc tiu trong mng switch.
ARP cache poisoning l qu trnh gi mt thng ip ARP vi a ch MAC gi mo ti switch hoc
router nhm mc ch nghe lu lng ca thit b mc tiu. C th s dng chng trinh Cain &
Abel thc hin vic ny (http://www.oxid.it).
Khi m bn nghe lu lng ca mt thit b trong phn mng D. Khi , bn c th nhn thy r rng
lu lng truyn ti phn mng A, nhng khng c bin nhn (ACK) no c gi li. Khi bn
Design by MrQu - Mobile: 0983127983 Email:Quynx.hnue.hut@gmail.com;Quynx@IT4r.net
nghe lung lu lng phn mng cp trn tm ra nguyn nhn vn , bn tm ra rng lu lng
b hu bi router phn mng B. Cui cng dn n vic bn kim tra cu hnh ca router, nu
ng, hy gii quyt vn ca bn. l mt v d in hnh l do v sao cn nghe lu lng
ca nhiu thit b trn nhiu phn mng vi mc tiu xc nh chnh xc vn .
Network Maps
quyt nh vic t my nghe u, cch tt nht l bn phi bit c mt cch r rng mng
m bn nh phn tch. Nhiu khi vic xc nh vn chim na khi lng cng vic trong vic
x l s c.
II. Gii thiu WireShark
WireShark c mt b dy lch s. Gerald Combs l ngi u tin pht trin phn mm ny. Phin
bn u tin c gi l Ethereal c pht hnh nm 1998. Tm nm sau k t khi phin bn u
tin ra i, Combs t b cng vic hin ti theo ui mt c hi ngh nghip khc. Tht khng
may, ti thi im , ng khng th t c tho thun vi cng ty thu ng v vic bn quyn
ca thng hiu Ethereal. Thay vo , Combs v phn cn li ca i pht trin xy dng mt
thng hiu mi cho sn phm Ethereal vo nm 2006, d n tn l WireShark.
WireShark pht trin mnh m v n nay, nhm pht trin cho n nay ln ti 500 cng tc
vin. Sn phm tn ti di ci tn Ethereal khng c pht trin thm.
Li ch Wireshark em li gip cho n tr nn ph bin nh hin nay. N c th p ng nhu cu
ca c cc nh phn tch chuyn nghip v nghip d v n a ra nhiu tnh nng thu ht mi
i tng khc nhau.
Cc giao thc c h tr bi WireShark:
WireShark vt tri v kh nng h tr cc giao thc (khong 850 loi), t nhng loi ph bin nh
TCP, IP n nhng loi c bit nh l AppleTalk v Bit Torrent. V cng bi Wireshark c pht
trin trn m hnh m ngun m, nhng giao thc mi s c thm vo. V c th ni rng khng
c giao thc no m Wireshark khng th h tr.
Thn thin vi ngi dng: Giao din ca Wireshark l mt trong nhng giao din phn mm
phn tch gi d dng nht. Wireshark l ng dng ho vi h thng menu rt r rng v c
b tr d hiu. Khng nh mt s sn phm s dng dng lnh phc tp nh TCPdump, giao din
ho ca Wireshark tht tuyt vi cho nhng ai tng nghin cu th gii ca phn tch giao
thc.
10
MAC Name Resolution: phn gii a ch MAC tng 2 sang a ch IP tng 3. Nu vic phn gii
ny li, Wireshark s chuyn 3 byte u tin ca a ch MAC sang tn hng sn xut c
IEEE c t, v d: Netgear_01:02:03.
2. Protocol Dissection
Mt protocol dissector cho php Wireshark phn chia mt giao thc thnh mt s thnh phn
phn tch. ICMP protocol dissector cho php Wireshark phn chia d liu bt c v nh dng
chng nh l mt gi tin ICMP. Bn c th ngh rng mt dissector nh l mt b phin dch gia
dng d liu trn ng truyn v chng trnh Wireshark. Vi mc ch h tr mt giao thc
no , mt dessector cho giao thc phi c tch hp trong Wireshark. Wireshark s dng ng
thi vi dissector phin dch mi gi tin. N quyt nh dissector no c s dng bng cch s
dng phn tch lgic c ci t sn v thc hin vic d on. Tht khng may l Wireshark
khng phi lc no cng ng trong vic la chn dissector ph hp cho mt gi tin. Tuy nhin, ta
c th thay i vic la chn ny trong tng trng hp c th.
3. Following TCP Streams
Mt trong nhng tnh nng hu ch nht ca Wireshark l kh nng xem cc dng TCP nh l tng
ng dng. Tnh nng ny cho php bn phi hp tt c cc thng tin lin quan n cc gi tin v ch
cho bn d liu m cc gi tin ny hm cha ging nh l ngi dng cui nhn thy trong ng
dng. Cn hn c vic xem cc d liu ang c truyn gia my trm v my ch trong mt m
hn n, tnh nng ny sp xp d liu c th xem mt cch n gin. Bn c th s dng cng
c ny bt v gii m mt phin instant messages c gi bi mt ngi lm thu (ngi ny
ang b nghi ng pht tn cc thng tin ti chnh ca cng ty).
4. Ca s thng k phn cp giao thc
11
Khi bt c mt file c kch thc ln, chng ta cn bit c phn b cc giao thc trong file ,
bao nhiu phn trm l TCP, bao nhiu phn trm l IP v DHCP l bao nhiu phn trm,... Thay v
phi m tng gi tin thu c kt qu, chng ta c th s dng ca s thng k phn cp giao
thc ca Wireshark. y l cch tuyt vi kim th mng ca bn. V d, nu bn bit rng 10%
lu lng mng ca bn c s dng bi cc lu lng ARP, v mt ngy no , bn thy lu
lng ARP ln ti 50%, bn hon ton c th hiu rng ang c mt ci g khng n xy ra.
5. Xem cc Endpoints
Mt Endpoint l ch m kt ni kt thc trn mt giao thc c th. V d, c hai endpoint trong kt
ni TCP/IP: cc a ch IP ca cc h thng gi v nhn d liu, 192.168.1.5 v 192.168.0.8. Mt v
d tng 2 c th l kt ni gia hai NIC vt l v a ch MAC ca chng. Cc NIC gi v nhn d
liu, cc MAC to nn cc endpoint trong kt ni.
Khi thc hin phn tch gi tin, bn c th nhn ra rng bn khoanh vng vn ch cn l mt
enpoint c th trong mng. Hp thoi Wireshark endpoints ch ra mt vi thng k hu ch cho mi
endpoint, bao gm cc a ch ca tng my cng nh l s lng cc gi tin v dung lng c
truyn nhn ca tng my.
12
13
6. Ca s th IO
Cch tt nht hnh dung hng gii quyt l xem chng di dng hnh nh. Ca s th IO ca
Wireshark cho php bn v th lu lng d liu trn mng. Bn c th s dng tnh nng ny
tm kim cc t bin hoc nhng thi im khng c d liu truyn ca cc giao thc c th m bn
ang quan tm. Bn c th v ng thi 5 ng trn cng mt th cho tng giao thc m bn
quan tm bng cc mu khc nhau. iu ny gip bn d dng hn thy s khc nhau ca cc
th.
14
Hnh 3.1-1: This capture begins simply enough with a few ACK packets.
Li bt u t gi th 5, chng ta nhn thy xut hin vic gi li gi ca TCP.
Hnh 3.1-2: These TCP retransmissions are a sign of a weak or dropped connection.
Theo thit k, TCP s gi mt gi tin n ch, nu khng nhn c tr li sau mt khong thi gian n
s gi li gi tin ban u. Nu vn tip tc khng nhn c phn hi, my ngun s tng gp i thi
gian i cho ln gi li tip theo.
Nh ta thy hnh trn, TCP s gi li 5 ln, nu 5 ln lin tip khng nhn c phn hi th kt ni
c coi l kt thc.
Hin tng ny ta c th thy trong Wireshark nh sau:
15
16
17
Mt trong cc nhim v thng thng khc l kim tra kt ni ti mt cng trn mt my ch. Vic
kim tra ny s cho thy cng cn kim tra c m hay khng, c sn sang nhn cc yu cu gi n hay
khng.
V d, kim tra dch v FTP c chy trn mt server hay khng, mc nh FTP s lm vic qua cng
21 ch thng thng. Ta s gi gi tin ICMP n cng 21 ca my ch, nu my ch tr li li gi
ICMP loi o v m li 2 th c ngha l khng th kt ni ti cng .s
18
Fragmented Packets
Hnh 3.1-7: This ping request requires three packets rather than one because the data being transmitted is
above average size.
y c th thy kch thc gi tin ghi nhn c ln hn kch thc gi tin mc nh gi i khi ping l
32 bytes ti mt my tnh chy Windows.
Kch thc gi tin y l 3,072 bytes.
Determining Whether a Packet Is Fragmented (xc nh v tr gi tin b phn on)
No Connectivity (khng kt ni)
Vn : chng ta c 2 nhn vin mi Hi v Thanh v c sp ngi cnh nhau v ng nhin l c
trang b 2 my tnh. Sauk hi c trang b v lm cc thao tc a 2 my tnh vo mng, c mt vn
xy ra l my tnh ca Hi chy tt, kt ni mng bnh thng, my tnh ca Thanh khng th truy nhp
Internet.
Mc tiu : tm hiu ti sao my tnh ca Thanh khng kt ni c Internet v sa li .
19
C 2 my tnh u mi
Hnh 3.1-12: His computer completes a handshake, and then HTTP data transfer begins.
Trng hp my tnh ca Thanh
Hnh 3.1-13: Thanhs computer appears to be sending an ARP request to a different IP address.
Hnh trn cho thy yu cu ARP khng ging nh trng hp trn. a ch gateway c tr v l
192.168.0.11.
Nh vy c th thy NetBIOS c vn .
20
NetBIOS l giao thc c n s c thay th TCP/IP khi TCP/IP khng hot ng. Nh vy l my ca
Thanh khng th kt ni Internet vi TCP/IP.
Chi tit yu cu ARP trn 2 my :
My Hi
My Thanh
21
Hin tng : my tnh ca A c hin tng nh sau, khi s dng trnh duyt IE, trnh duyt t ng tr
n rt nhiu trang qung co. Khi A thay i bng tay th vn b hin tng thm ch kh ng li
my cng vn b nh th.
Thng tin chng ta c
Tin hnh
V hin tng ny ch xy ra trn my ca A v trang home page ca A b thay i khi bt IE nn chng
ta s tip hnh bt gi tin t my ca A. Chng ta khng nht thit phi ci Wireshark trc tip t my
ca A. Chng ta c th dng k thut
Hubbing Out .
Phn tch
Hnh 3.1-16: Since there is no user interaction happening on As computer at the time of this capture, all
of these packets going across the wire should set off some alarms.
Hnh 3.1-17: Looking more closely at packet 5, we see it is trying to download data from the Internet.
22
Hnh 3.1-18: A DNS query to the weatherbug.com domain gives a clue to the culprit.
Gi tin tr li bt u c vn : th t cc phn b thay i.
Mt s gi tip theo c s lp ACK.
23
24
Li kt ni FTP
Tnh hung : c ti khon FTP trn Windows Server 2003 update service packs va ci t xong,
phn mm FTP Server hon ton bnh thng, khon ng nhng khng truy nhp c.
Thng tin chng ta c
Tin hnh
Ci t Wireshark trn c 2 my.
Phn tch
Client:
Hnh 3.1-19: The client tries to establish connection with SYN packets but gets no response; then it sends
a few more.
Client gi cc gi tin SYN bt tay vi server nhng khng c phn hi t server.
Server :
25
Hnh 3.1-20: The client and server trace files are almost identical.
C 3 l do c th dn n hin tng trn
FTP server cha chy, iu ny khng ng v FTP server ca chng ta chy nh kim tra lc
u
Cng 21 b cm pha clien hoc pha server hoc c 2 pha. Sau khi kim tra v thy rng
pha Server cm cng 21 c chiu Incoming v Outgoing trong Local Security Policy
26
Kt lun
i khi bt gi tin khng cho ta bit trc tip vn nhng n hn ch c rt nhiu trng hp v
gip ta a ra suy on chnh xc vn l g.
2. X l cc tnh hung v bng thng mng
Anatomy of a Slow Download (ct li ca vic download chm)
Tnh hung: c mng download rt chm
Tin hnh : t wireshark lng nghe ton b u ra ca mng
Phn thch : hnh nh di y cho thy c rt nhiu kt ni TCP,HTTP iu ny c ngha l c rt
nhiu kt ni HTTP download d liu v nn chim bng thng ca mng.
Hnh 3.2-1: We need to filter out all of this HTTP and TCP traffic.
M ca s Alalyze->Expert Infos thy thm thng tin.
27
28
Hnh 3.2-2: The Expert Infos window shows us chats, warnings, errors, and notes.
Mc nh Expert Infos hin th tt c cc thng tin. Nu ch hin th Error+Warn+Note th ta s c cc
thng tin sau.
29
Hnh 3.2-3: The Expert Infos window (sans chats) summarizes all of the problems with this download.
Hnh trn cho thy:
C hin tng TCP Previous segment lost packets v cc gi tin TCP gi i b lp ACK v b
drop, khin TCP phi gi li gi tin.
30
31
Hnh 3.2-6: The round trip time graph for this capture
Cc hnh cho thy d on bc trn l chnh xc. Cc file s khng th c download v nu thi
gian ln hn 0.1 s, thi gian l tng l 0,04s.
Kt lun : nguyn nhn do download chm l c nhiu chng trnh Windows update (c th cc my
auto update) v hin tng mt gi tin. Nh vy cn tt bt cc chng trnh Windows update.
Did That Server Flash Me?
Tnh hung : anh Thanh phn nn rng khng th truy cp vo mt phn website Novell download
mt s phn mm cn thit. Mi ln truy cp vo site trnh duyt u ti vi ti nhng c g hn th
na. Mng c vn g khng ?
Thng tin chng ta c: sau khi kim tra s b th tt c cc my tnh u bnh thng tr my tnh ca
anh Thanh. Nh vy vn nm my tnh ca anh Thanh.
Tin hnh: ci Wireshark v bt gi tin khi truy cp website Novell trn my ca Thanh
Phn thch:
Thng tin nhn c khi bt u c kt ni HTTP n website Novell:
32
33
Tin hnh:
Bt gi tin ti my mail server
Phn thch:
Thng tin v giao thc POP qua Wireshark
34
Hnh 3.2-26: Changing the time display format gives us an idea of how much data we are receiving in
what amount of time.
S dng Follow TCP Stream xem ni dung th c file nh km th nhn thy nh sau:
35
Hnh 3.2-27: The details of packet 1 show information about the email being sent.
File nh km c chn rt nhiu k t ging nhau vo tng kch thc file nh km, kim tra tip s
lng mail nh th ny th thy s lng ln.
C th i n kt lun mail server b spam lm cho nng lc x l cc yu cu gi n b gim xung,
tng t nh tn cng t chi dch v.
Hng gii quyt : tm v pht hin ngun ca th rc, c th dng blacklist cm cc a ch gi th
rc.
Kt lun : spam mail vi file attach ln
3. Mt s tnh hung an ninh mng c bn
OS Fingerprinting (Nhn dng OS)
OS Fingerprinting l mt k thut ph bin c cc haker s dng thu thp cc thng tin v server
t xa, t c nhng thng tin hu ch thc hin cc bc tn cng tip theo.
36
S dng traffic like Timestamp request/reply, Address mask request, Information request khng
ph bin lm.
Hnh 3.3-1: This is the kind of ICMP traffic you dont want to see.
Dng cc ICMP request khng ph bin nh trn i khi s nhn c nhng thng tin t mc tiu phn
hi li.
Nu cc request c chp nhn th c th dng ICMP-based OS fingerprinting scans qut th.
X l : v cc traffic thng thng s khng bao gi thy cc gi ICMP loi 13,15,17 do chng ta c
th to ra b lc lc cc gi ny.
V d : icmp .type==13 || icmp .type==15 || icmp .type==17.
A Simple Port Scan (qut cng dng n gin)
Mt trong cc chng trnh qut port nhanh v ph bin nht l : nmap
Mc tiu ca ngi tn cng:
tm cc port m
xc nh cc tunnel b mt
Chng ta c th nhn dng vic qut cng bng cch t my nghe trn my ch cn bo v theo
di.
37
Hnh 3.3-2: A port scan shows multiple connection attempts on various ports.
Nh trn hnh c th nhn ra rng c nhng kt ni rt ng nghi ng gia my 10.100.25.14 (local
machine) v my 10.100.18.12 (remote computer).
Log file cho thy my tnh t xa (remote computer) gi gi tin n rt nhiu cng khc nhau trn my
local v d cng 21,1028
Nhng c bit l nhng cng nhy cm nh telnet (22), microsoft-ds, FTP (21), v SMTP (25) nhng
cng ny c gi s lng gi tin ln hn v y l nhng cng c kh nng xm nhp cao do li ca
nhng ng dng s dng cng ny. Cc gi tin c th l cc on m khai thc.
38
Tin hnh:
Ci t Wireshark trn my c virus.
Phn tch:
Mn hnh Wireshark th hin cc hnh vi c nguy hi n my tnh ca virus Blaster, c th hin
bng mu , en.
Hnh 3.3-9: We shouldnt see this level of network activity with only the timer running on this machine.
Mt trong cc kinh nghim pht hin virus l xem d liu cc gi tin dng th (raw), rt c th s c
nhng thng tin hu ch.
39
Hnh 3.3-11: The reference to C:\WINNT\System32 means something might be accessing our system
files.
Tip tc tm thng tin theo cch trn, pht hin ra tn chng trnh ca su Blaster nh hnh 3.3-12.
40
Ph lc
Ti liu tham kho
41
[1]. Chris Sanders, PRACTICAL PACKET ANALYSIS, Using Wireshark to Solve Real-World Network
Problems- No Startch Press,2007
[2]. Angela Orebaugh,Gilbert Ramirez,Josh Burke,Larry Pesce,Joshua Wright,Greg Morris, Wireshark &
Ethereal Network Protocol Analyzer Toolkit- Syngress Publishing,2007