GIM ST MNG VI CNG C NETWORK MONITOR

Trong vai tr qun tr h thng hay l mt chuyn gia bo mt thng tin th cng tc gim st mng lun l mt cng vic cn thit. Gim st mng cho chng ta bit c tnh trng bng thng c s dng trn mng, xc nh c ngi dng no ang chy cc ng dng chia s file hay c virus/trojan no ang m thm hat ng trn mng hay khng. C kh nhiu cng c th dng cho qu trnh gim st mng nh ethereal, Sniffer Pro hay cng c gim st mng ca Microsft Network Monitor. C hai lai network monitor khc nhau trn h thng Microsoft Windows l Network Monitor i km vi cc ng dng Windows Server 2000/2003, cng c ny cho php chng ta gim st v phn tch c gi tin i vo v ra trn mt my no c chy Network Monitor. Cng c Network Monitor cn li c th c dng gim st tan b h thng mng i km vi sn phm SMS Server, vi cng c ny chng ta c th xc nh c phm trm bng thng c mt my tnh no ang s dng, giao thc no chim nhiu ng truyn nht Mt tnh nng khc ca Windows Network Monitor l bt gi, hiu chnh v restranmit (truyn li) cc gi tin. Tnh nng restranmit c th c s dng bi cc hacker trong cc trng hp replay attack, trong dng tn cng ny hacker thng bt gi cc thng tin nhy cm nh authentication packet, sau cc hacker s thay i a ch ngun ca cc gi tin ny v gi li cho server c th ng nhp vo h thng. Hnh minh ha replay attack

Ci t Network Monitor Tin trnh ci t Network Monitor kh n gin tng t nh ci cc dch v DNS/DHCP hay IIS. Hy m Control Panel v chn Add/Remove Programs sau chn Add/Remove Windows Components m giao din Windows Components wizard. Di chuyn thanh cun v chn vo phn ch ty chn Management and Monitoring Tools v chn Details (khng nh du vo check box v khi h thng s ci tt c cc thnh phn trong cng c Management and Monitoring Tools). Trn danh sch cc cng c cc bn hy chn Network Monitor Tools v click Next. By gi Windows s ci t cng c Network Monitor ln h thng. Qu trnh ci t s yu cu bn a a ci t Windows vo CD b sung cc tp tin cn thit. Cuic ng hy chn Finish han tt tin trnh ci t. S Dng Network Monitor Sau khi ci t Network Monitor cc bn c th chy chng trnh gim st mng ny thng qua Administrative Tools => Network Monitor. Qu trnh khi ng Network Monitor s yu cu chng ta xc nh card mng s dng, nu c nhiu card hy s dng lnh ipconfig /all xem a ch vt l ca card mng xc nh chnh xc card mng cn dng. Tip theo chng ta hy xem giao din chnh ca Network Monitor gm c cc thnh phn sau:

Giao din chnh ca Network Monitor

Thanh trn cng l menu bar gm cc menu dng qun l network monitor: Menu File c 3 menu con l Open dng m mt mt tp tin lu gi kt qu capture gi tin. Menu Save dng luu kt qu bt gi gi tin vi Network Monitor v Exit ng chng trnh. Ngai ra, menu Capture c nhng menu con l Start v Stop dng khi ng qu trnh bt gi gi tin v dng tin trnh. Menu Stop And View dng dng v xem kt qu, hay Pause tm ngng qu trnh bt gi gi tin v Continue tip tc. Trn giao din chnh cn c 5 khung hin th cc qu trnh gim st v kt qu l: Graph pane c 5 thanh tin trnh xc nh phn trm cc Frame (Frame Per Second) ,Byte (Byte Per Second) v tn hiu Broadcast/Multicast c bt gi vi Broadcasts Per Second/Multicasts Per Second. Thanh trn cng l Network Utilization hin th thng tin v bng thng mng c s dng. Khung Seesion Stat hin th cc gi tin b bt gi trong cc phin truyn thng v Station Stat s hin th chi tit phn trm cc gi tin broadcast, mylticast .. trn cc card mng ca my tnhc hy network monitor. Cui cng, khung Total Stat s cho chng ta bit tnh trng ca cc gi tin, tnh trng mng , cc tn hiu broadcast, multicast, li v hiu nng s dng mng

Capturing Data

 gim st lu lng mng v cc gi tin vi Network Monitor hy chn menu Capture => Start hoc nhn phm F10. Hy tin hnh mt s thao tc mng nh truy cp vo website http://www.hoctructuyen.org v chn Capture => Stop And View chng ta s thy rt nhiu gi tin i qua card mng b bt gi nh hnh sau:

Trn khung hin th chng ta s thy rt nhiu gi tin c sp xp theo thi gian lu gi, hy chn 1 gi tin no bnh cch double click cc bn s thy mt khung hin th chi tit nh sau:

Trong mn hnh hin th ny c 3 khung l Summary Pane vi cc thng tin v s th t ca Frame, thi gian gi tin b capture, a ch MAC address ngun v ch, giao thc s dng v a ch IP ngun v ch ca phin truyn. gia l khung chi tit hin th y cc thng tin v giao thc s dng khi truyn cc gi tin v cui cng l cc gi tr Hex ca gi tin c trnh bay Hex Pane. Network Monitor Filter Tuy nhin, kt qu cc gi tin b bt gi c rt nhiu do tt c cc truyn thng i v n card mng u b lu li v hin th cho nn khi chng ta ch mun tm kim cc gi tin tng ng vi mt giao thc no nh TCP, ICMP .. cc bn c th s dng b lc (filter) hin th nhng kt qu cn tm. Hy chn Capture => Filter, v ty theo c ch lc m cc bn chn lc theo giao thc hay theo a ch.

LAB. A. Ci t Network Monitor : cc bn c th ci trc tip trn my tnh chy h iu hnh Windows Server 2003 ca mnh hay s dng cng c Windows Server 2003 MCSE Simulator

1.M Add or Remove Programs

2. Chn Add/Remove Windows Components

3.Ko thanh cun v chn Management and Monitoring Tools sau click Details

4. nh du chn vo check box Network Monitor Tools v click OK

5. Tip tc nhn Next v a a ci t h thng vo khi xut hin thng bo.

6.Cui cng click finish han tt. By gi cc bn c th capture cc gi tin vi cng c Network Monitor mnh m.

B. Capture Packet capture packet vi hy m ng dng gam st mng network monitor thng qua Administrative Tools:

Ln u khi ng chng ta cn chn card mng d tin hnh capture packet, hy click OK v chn card mng thch hp, trong v d ny s l Local Area Connection. Nu h thng co 1nhiu card mng hy xem a ch MAC ca chn chnh xc NIC cn s dng:

Trn thanh menu hy chn Capture -> Start tin hnh qu trnh capture gi tin, ngai ra cc bn c th click vo cc icon khi ng nhanh cc tin trnh.

Sau khi tin hnh capture packet cc bn c th chn Capture -> Stop hay Capture->Stop and View xem cc kt qu, lu li thnh cc tp tin xem li sau ny bng chng trnh Network Monitor hay cc chng trnh gim st mng khc nh Ethereal

To cc Display Filter:

 ngng tin trnh v lc cc kt qu cn thit cc bn c th chn Capture -> Display Capture Data, tip theo trn giao din hin th cc gi tin b bt gi hy chn Display -> FIlter

Trn khung Display Filter chn Protocol == Any v click Edit Expression

Tip theo chn Disable All v trong danh sch Disabled Protocols hy chn giao thc cn xem v d HTTP

Lc ny trn danh sch Enabled Protocols s thy giao thc HTTP xut hin, nu mun chn thm cc giao thc khc th ch cn chn chng trn danh sch Disbaled Protocols v clik Enable, sau click OK (2 ln) xem kt qu c lc.

Kt qu lc giao thc HTTP vi Network Monitor Filter.