WIRESHARK

NI DUNG
1
Gii thiu

2
u im ca Wireshark

3
Ci t

4
Giao din tng tc

5
Tm kim v nh du gi tin

6
Lu tr v xut pcap file

7
nh dng thi gian

8
S dng chc nng Filter (lc)
 Gii thiu

c vit bi Gerald Combs vo nm 1998.

Phin bn u tin c s dng vi tn
Ethereal.
Mt trong nhng cng c phn tch giao thc
c s dng ph bin nht.
C 2 phin bn: min ph v thng mi
 c im

H tr a giao thc.
Giao din thn thin.
Min ph.
c h tr t cng ng.
H tr a nn tng (Linux, Unix, Windows,
Mac), a kin trc (32/64 bit)
Cho php tng tc vi ng dng bn th 3.
 Ci t
Yu cu h thng
CPU: > 400 MHz
HDD: > 60 MB
NIC: h tr ch promiscuous
Pcap driver
Trang ch
https://www.wireshark.org
 Ci trn Windows
Download theo link
https://www.wireshark.org/download.html
La chn cc thnh phn mun ci t
 Ci trn Windows
Ci t Winpcap
Ci trn Windows
 Ci trn Linux

S dng .rpm (Redhat, fedora)

rpm -ivh wireshark-xxx.rpm
S dung .deb (Debian, ubuntu)
apt-get install wireshark
Bin dch t m ngun
 Giao din tng tc

Capture d liu
Giao din chnh
Hp thoi tham chiu
Ty bin mu sc
Capture d liu

M wireshark
La chn NIC capture
Giao din chnh

Danh sch cc
gi tin

Chi tit gi tin

TCP/IP

Chi tit gi tin

dng hexa
Hp thoi tham chiu
Ty bin mu sc
 Tm kim gi tin
Edit -> Find Packet hoc Ctrl+F
nh du gi tin
 Lu file capture
File save (chn nh dng cn lu: pcap,
pcapng,dmp)
Xut d liu
nh dng thi gian
S dng chc nng Filter (lc)
Lc a ch ip
Lc giao thc