Mc Lc

Phn Gii Thiu .......................................................................................................................................... 3

Chng 1:Tm hiu phn mm Wireshark .................................................................................................. 4
Gii thiu phn mm wireshark. ................................................................................................... 4

1.

1.1.

Cc giao thc c h tr bi wireshark. ............................................................................ 4

1.2.

Mt s tnh hung c bn. ...................................................................................................... 5

1.3.

Phn mm wireshark gip: ...................................................................................................... 10

1.4.

Cc tnh nng chnh ca wireshark gm: ............................................................................... 10

Chng 2: Tm hiu v giao thc DHCP ................................................................................................ 11

1.

Khi nim v DHCP..................................................................................................................... 11

2.

DHCP c to ra nh th no. .................................................................................................. 12

3.

Tng giao thc ca DHCP............................................................................................................ 12

3.1.

4.

Khi nim tng ng dng(applications) .............................................................................. 12

Nguyn l lm vic ca DHCP. ................................................................................................... 12

4.1. DHCP discover (DHCP request). ............................................................................................. 13
4.2. DHCP offer ................................................................................................................................. 13
4.3. DHCP request............................................................................................................................. 13
4.4. DHCP ACK or NACK. .............................................................................................................. 14

5.

6.

Nhng vn DHCP gii quyt................................................................................................... 14

5.1.

Qun l TCP/IP tp trung. ................................................................................................... 14

5.2.

Gim gnh nng cho cc nh qun tr h thng................................................................. 14

5.3.

Gip h thng mng lun c duy tr n nh. ................................................................ 14

5.4.

Linh hot v kh nng m rng .......................................................................................... 15

Cc khun dng d liu ca DHCP............................................................................................. 15

Chng 3: Phn tch gi tin DHCP bt c bng phn mm Wireshark. ........................................ 18

1.

Hnh nh bt c khi dng phn mm Wireshar .................................................................... 18

2.

Phn tch thng tin ca cc gi tin bt c. ............................................................................. 18

2.1.

Gi tin Frame 3: .................................................................................................................... 18

2.2.

Gi tin v Ethernet II: .......................................................................................................... 19

2.3.

Internet Protocol Version 4. ................................................................................................. 20

2.4.

User Datagram Protocol ....................................................................................................... 21

2.5.

Truy vn DHCP .................................................................................................................... 21

Phn Gii Thiu

Ngy nay, s pht trin cng ngh thng tin ang din ra mnh m, cc my
tnh cn phi kt ni li vi nhau, phc v i sng ca con ngi c hiu qu cao.
M hin nay b giao thc TCP/IP l mt b cc giao thc truyn thng ci
t chng giao thc m Internet v hu ht cc mng my tnh thng mi ang
chy trn . Cc my tnh trong mng nhn ra nhau nh vo a ch IP m trc
ngi qun tr mng phi gn cho tng my tnh mt. Mi thit b trn mng c
s TCP/IP phi c mt a ch IP duy nht truy cp mng v s dng cc ti
nguyn.DHCP tp trung vic qun l a ch IP cc my tnh trung tm chy
chng trnh DHCP.Mc d c th gn a ch IP vnh vin cho bt c my tnh
no trn mng, DHCP cho php gnt ng. khch c th nhn a ch IP t
my ch DHCP, ta khai bo cu hnh khch"nhn a ch t ng t mt my
ch". Ty chn ny xut hin trong vng khai bo cu hnhTCP/IP ca a s h
iu hnh. Mt khi ty chn ny c thit lp, khch c th "thu" m ta ch IP
t my ch DHCP bt c lc no. Phi c t nht mt my ch DHCP trn mng.
Sau khi ci t DHCP, ta to mt phm vi DHCP (scope), l vng cha cc a ch
IP trn my ch,v my ch cung cp a ch IP trong vng ny.
Do em chn lm ti Tm hiu v giao thc DHCP vi mc ch khi
tm hiu v DHCP server cho ta bit c ngha ca vic dng DHCP sever v
c vn ca dch v DHCP server, c ch hot ng, cch ci t cng nh sao
lu phc hi hay bo mt dch v DHCP.
Em xin trn trng gi li cm n su sc n Ths.on Vn Trung, ngi
tn tnh gip chng em trong sut qu trnh hc tp v thc hin bi tp ln.
Thc s khng ch trc tip hng dn, cung cp cho chng em nhng kin thc,
ti liu hu ch m cn dnh cho chng em s quan tm su sc.
B cc trnh by trong bo co ca em gm 2 phn:
- Chng 1: Tm hiu phn mm Wireshark
- Chng 2: Tm hiu v giao thc DHC
- Chng 3: Phn tch gi tin DHCP bt c bng phn mm Wireshark.

Chng 1:Tm hiu phn mm Wireshark

1. Gii thiu phn mm wireshark.
Wireshark l mt phn mm t do dng x l s c mng, pht trin nhng
giao thc thng tin mi v trong gio duc. N c th c s dng trn Linux v
Mac OS X v Windows. N ch yu cho ngi dng bit tt c giao thng trn
mng, tng cm tin mt. WireShark c mt b dy lch s. Gerald Combs l ngi
u tin pht trin phn mm ny. Phin bn u tin c gi l Ethereal c
pht hnh nm 1998. Lc u n mang tn l Ethereal nhng i tn l Wireshark
v c vn v nhn hiu. Tm nm sau k t khi phin bn u tin ra i, Combs
t b cng vic hin ti theo ui mt c hi ngh nghip khc. Tht khng
may, ti thi im , ng khng th t c tho thun vi cng ty thu ng
v vic bn quyn ca thng hiu Ethereal. Thay vo , Combs v phn cn li
ca i pht trin xy dng mt thng hiu mi cho sn phm Ethereal vo
nm 2006, d n tn lWireShark.
WireShark pht trin mnh m v n nay, nhm pht trin cho n nay
ln ti 500 cng tc vin. Sn phm tn ti di ci tn Ethereal khng c
pht trin thm.
Li ch Wireshark em li gip cho n tr nn ph bin nh hin nay. N
c th p ng nhu cu ca c cc nh phn tch chuyn nghip v nghip d v n
a ra nhiu tnh nng thu ht mi i tng khc nhau.

1.1. Cc giao thc c h tr bi wireshark.

WireShark vt tri v kh nng h tr cc giao thc (khong 850 loi), t
nhng loi ph bin nh TCP/IP n nhng loi c bit nh l AppleTalk v Bit
Torrent. V cng bi Wireshark c pht trin trn m hnh m ngun m nhng
giao thc mi s c thm vo. V c th ni rng khng c giao thc no m
Wireshark khng th h tr.
Thn thin vi ngi dng: Giao din ca Wireshark l mt trong nhng giao
din phn mm phn tch gi d dng nht. Wireshark l ng dng ho vi h
thng menu rt r rng v c b tr d hiu. Khng nh mt s sn phm s
dng dng

lnh phc tp nh TCPdump, giao din ho ca Wireshark tht tuyt vi cho

nhng ai tng nghin cu th gii ca phn tch giao thc.
Gi r: Wireshark l mt sn phm min ph GPL. Bn c th ti v v s
dng Wireshark cho bt k mc ch no, k c vi mc ch thng mi.
H tr: Cng ng ca Wireshark l mt trong nhng cng ng tt v nng
ng nht ca cc d n m ngun m.
H iu hnh h tr Wireshark: Wireshark h tr hu ht cc loi h iu hnh
hin nay.

1.2. Mt s tnh hung c bn.

Trong phn ny chng ta s cp n vn c th hn. S dng Wireshark
v phn tch gi tin gii quyt mt vn c th ca mng. Chng ti xin a ra
mt s tnh hung in hnh.
A Lost TCP Connection (mt kt ni TCP) Mt trong cc vn ph bin nht
l mt kt ni mng. Chng ta s b qua nguyn nhn ti sao kt ni b mt, v s
nhn hin tng r mc gi tin.
V d: Mt v d truyn file b mt kt ni: Bt u bng vic gi 4 gi TCP
ACK t 10.3.71.7 n 10.3.30.1.

Hnh 1.2: Vic nm bt ny ch n gin l vi mt gi ACK.

Li bt u t gi th 5, chng ta nhn thy xut hin vic gi li gi ca TCP.

Hnh 1.3: Nhng truyn li TCP l mt du hiu ca mt kt ni yu hoc gim.

Theo thit k, TCP s gi mt gi tin n ch, nu khng nhn c tr li
sau mt khong thi gian n s gi li gi tin ban u. Nu vn tip tc khng
nhn c phn hi, my ngun s tng gp i thi gian i cho ln gi li tip
theo.

Nh ta thy hnh trn, TCP s gi li 5 ln, nu 5 ln lin tip khng nhn

c phn hi th kt ni c coi l kt thc.
Hin tng ny ta c th thy trong Wireshark nh sau:

Hnh 1.4: Windows s truyn li ln n nm ln theo mc nh.

Kh nng xc nh gi tin b li i khi s gip chng ta c th pht hin ra
mu trt mng b mt l do u.Unreachable Destinations and ICMP Codes (khng
th chm ti im cui v cc mICMP). Mt trong cc cng c khi kim tra kt
ni mng l cng c ICMP ping. Nu may mn th pha mc tiu tr li li iu
c ngha l bn ping thnh cng, cn nu khng th s nhn c thng bo
khng th kt ni ti my ch. S dng cng c bt gi tin trong vic ny s cho
bn nhiu thng tin hn thay v ch dung ICMP ping bnh thng. Chng ta s nhn
r hn cc li ca ICMP.

Hnh 1.5: Mt tiu chun yu cu ping t 10.2.10.2 n 10.4.88.88.

Hnh di y cho thy thng bo khng th ping ti 10.4.88.88 t my
10.2.99.99.
Nh vy so vi ping thng thng th ta c th thy kt ni b t t 10.2.99.99.
Ngoi ra cn c cc m li ca ICMP, v d : code 1 (Host unreachable).

Hnh 1.6: 3 gi tin ICMP kiu ny khng phi l iu chng ti mong i.

Unreachable Port (khng th kt ni ti cng). Mt trong cc nhim v

thng thng khc l kim tra kt ni ti mt cng trn mt my ch.
Vic kim tra ny s cho thy cng cn kim tra c m hay khng, c sn
sang nhn cc yu cu gi n hay khng.
V d, kim tra dch v FTP c chy trn mt server hay khng, mc nh
FTP s lm vic qua cng 21 ch thng thng. Ta s gi gi tin ICMP n
cng 21 ca my ch, nu my ch tr li li gi ICMP loi 0 v m li 2 th c
ngha l khng th kt ni ti cng .
Fragmented Packets(phn mnh gi tin).
y c th thy kch thc gi tin ghi nhn c ln hn kch thc gi
tin mc nh gi i khi ping l 32 bytes ti mt my tnh chy Windows. Kch
thc gi tin y l 3,072 bytes.

Hnh 1.7: Yu cu ping ny i hi phi c ba gi ch khng phi l mt v cc d

liu c truyn i trn quy m trung bnh.

1.3. Phn mm wireshark gip:

- Ngi qun tr h thng phn tch v sa cha h thng
- Ngi pht trin chng trnh xy dng cc ng dng
- Sinh vin tm hiu hot ng ca cc giao thc mng

1.4. Cc tnh nng chnh ca wireshark gm:

-

Bt cc gi tin i qua 1 card mng

Lit k 1 cch chi tit cc gi tin bt c
Lu tr v m li cc thng ti bt c di dng file
Tin hnh lc ci gi tin bt c di nhiu tiu chun khc nhau
To ra cc biu thng k cc gi tin qua card mng

Chng 2: Tm hiu v giao thc DHCP

1. Khi nim v DHCP.
DHCP (Dynamic Host Configuration Protocol) l giao thc cu hnh Host
ng. Giao thc cung cp phng php thit lp cc thng s TCP/IP cn thit cho
h DHCP (Dynamic Host Configuration Protocol) l giao thc cu hnh Host ng.
Giao thc cung cp phng php thit lp cc thng s TCP/IP cn thit cho hot
ng ca mng, gip gim khi lng cng vic cho qun tr h thng mng. ot
ng ca mng, gip gim khi lng cng vic cho qun tr h thng mng.

Hnh 1.1

Mt m hnh n gin m t DHCP Server cp p Mt m hnh n gin m

t DHCP Server cp pht a ch IP cho DHCP Clients ht a ch IP cho DHCP
Clients
DHCP Server l mt my ch chy dch v DHCP Server. N c chc nng
qun l s cp pht a ch IP ng v cc d liu cu hnh TCP/IP. Ngoi ra cn
c nhim v tr li khi DHCP Client c yu cu v hp ng thu bao.

DHCP Client l mt my trm chy dch v DHCP Client. N dng ng k,

cp nht thng tin v a ch IP v cc bn ghi DNS cho chnh bn thn n. DHCP
Client s gi yu cu n DHCP Server khi n cn n 1 a ch IP v cc tham s
TCP/IP cn thit lm vic trong h thng mng ca t chc v trn Internet.

2. DHCP c to ra nh th no.
DHCP do nhm Dynamic Host Configuration Working Group ca Internet
Engineering Task Force (IETF: mt t chc tnh nguyn tng xc lp cc giao
thc s dng trn Internet).

3. Tng giao thc ca DHCP.

Giao thc DHCP nm tng ng dng trong cc by tng ng dng hc
mn mng my tnh (Applications)v khng ch c ring DHCP m c rt nhiu
cac giao thc khc nh: DNS, TFTP, TLS/SSL, FTP, Gopher, HTTP, IMAP, IRC,
NNTP, POP3, SIP, SMTP,SMPP, SNMP, SSH, Telnet, Echo, RTP, PNRP, rlogin,
ENRP.

3.1. Khi nim tng ng dng(applications)

y l tng cao nht trong cu trc phn lp ca TCP/IP. Tng ny bao gm tt
c cc chung trnh ng dng s dng cc dch v sn c thng qua mt chng
giao thc TCP/IP. Cc chng trnh ng dng tng tc vi mt trong cc giao
thc ca tng giao vn truyn hoc nhn d liu. Mi chng trnh ng dng
la chn mt kiu giao thc thch hp cho cng vic ca n. Chng trnh ng
dng chuyn d liu theo mu m tng giao vn yu cu.

4. Nguyn l lm vic ca DHCP.

Giao thc DHCP lm vic theo m hnh client/server. Giao thc DHCP lm
vic theo m hnh client/server. l mt qu trnh tng tc gia DHCP client v
DHCP server din ra theo 4 bc:
1.DHCP discover ( DHCP request ).
2. DHCP offer.
3. DHCP request.

4. DHCP ACK or NACK.

4.1. DHCP discover (DHCP request).

u tin t DHCP client s broadcast mt message tn l DHCP discover.
V lc ny client cha c a ch IP nn n s c source l 0.0.0.0 v cng ko bit
c ch n l server no nn n s gi 1 tin broadcast vi a ch
255.255.255.255. Lc ny gi tin DHCP discover s c broadcast ln ton
mng. Gi tin ny bao gm c a ch MAC , computer name, nh 1 thng bo :
vi a ch MAC, tn l client1 n cn thu 1 a ch IP.

4.2. DHCP offer

Khi DHCP discover c pht i gi s 1 DHCP c tn DHCP server1 thy
hp l ( tc l n s c th cp 1 a ch IP cho 1 client ) nhn gi tin DHCP
discover v gi tr li DHCP offer vi thng tin sau :
+. MAC ca client.
+. Mt IP address cp cho ( offer IP address).
+. Mt subnet mask.
+. Thi gian thu ( y default 8 ngy ).
+. a ch IP ca DHCP cp IP cho client.
ng thi sau khi gi i DHCP s gi li a ch offer cho client trnh
tnh trng ng thi cng lc y DHCP s cp cho 1 client khc, gy ra s trng
lp IP.

4.3. DHCP request.

DHCP client nhn c DHCP offer. N s phn hi broadcast li mt gi
tin DHCP request chp nhn ci offer . DHCP request bao gm cc thng tin
v DHCP cp a ch cho n. Ni 1 cch d hiu y DHCP client gi DHCP
request nh 1 thng bo tm thy v chp nhn thu 1 a ch IP t con DHCP
server1 v thi ko cho cc DCHP server khc gi cc DHCP offer trong trng
hp h thng mng c nhiu hn 1 DHCP server.

4.4. DHCP ACK or NACK.

Khi DHCP server nhn c DHCP request s tr li DHCP client 1 DHCP
ACK or NACK. cho bit l chp nhn cho DHCP client thu a ch IP.
Gi tin ny s bao gm a ch IP v cc thng tin cu hnh khc ( DNS server,
WINS ). Khi DHCP client nhn c DHCP ACK or NACK th chnh thc kt
thc qu trnh xin, tm kim a ch IP ca DHCP client.

5. Nhng vn DHCP gii quyt.

5.1. Qun l TCP/IP tp trung.
Thay v phi qun l a ch IP v cc tham s TCP/IP khc vo mt cun s
no (y l vic m qun tr mng phi lm khi cu hnh TCP/IP bng tay) th
DHCP Server s qun l tp trung trn giao din ca n. Gip cc nh qun tr va
d qun l, cu hnh, khc phc khi c li xy ra trn cc my trm.

5.2. Gim gnh nng cho cc nh qun tr h thng.

Th nht, trc y cc nh qun tr mng thng phi nh cu hnh IP bng
tay (gi l IP tnh) nhng nay nh c DHCP Server n s cp IP mt cch t ng
cho cc my trm. Nht l trong mi trng mng ln th s cn thit v hu ch
ca dch v mng ny mi thy r rng nht.
Th hai, trc y vi kiu cu hnh bng tay th ngi dng h c th thay i
IP. Anh th ty my thch vc chi, c anh thay i lung tung DNS Server sau
qun khng nh IP ca DNS server l g t li cho ng li i qun tr mng,
c anh t IP lm trng vi IP ca ngi khc, anh khc t IP trng vi Defaul
Gateway ... lm cho qun tr mng khn kh v phi chy. Nhng kiu ny khng
c IP ng u nh. Anh no thch thay i cng chu cht. Ch c ngi qun tr
DHCP Server h mi c quyn thch lm g th lm thi.

5.3. Gip h thng mng lun c duy tr n nh.

iu hin nhin ri. a ch IP cp pht ng cho cc my trm ly t di IP

cu hnh sn trn DHCP Server. Cc tham s (DG, DNS Server ...) cng cp cho
tt c cc my trm l chnh xc. S trng lp IP khng bao gi xy ra. Cc my
trm lun lun c mt cu hnh TCP/IP chun. Lm cho h thng hot ng lin

tc, va gim gnh nng cho ngi qun tr va tng hiu qu lm vic cho user
ni ring v doanh nghip ni chung.

5.4. Linh hot v kh nng m rng

Ngi qun tr c th thay i cu hnh IP mt cch d dng khi c s h tng
mng thay i. Do lm tng s linh hot cho ngi qun tr h thng mng.
Ngoi ra DHCP ph hp t mng nh n mng ln. N c th phc v 10 my
khch cho n hng ngn my khch.

6. Cc khun dng d liu ca DHCP.

Hnh 1.2. S cu trc cc nh dng ca DHCP

DHCP s dng UDP phn pht thng ip v broadcast. Nu DHCP
khng c mt trn mng, th mt tc nhn DHCP relay s nh hng thng ip
gia client v server.7 field u tin cha thng tin c dng cho vic thc thi
request.
Operation Code: Ch ra loi thng ip tng qut. Gi tr 1 ch ra thng ip
request, gi tr 2 ch ra thng ip response.
HTYPE :Ch ra loi phn cng mng.
HLEN: Ch ra chiu di ca a ch phn cng.
HOPS :Ch ra bao nhiu server nh hng yu cu. c lp ln 0 bi client
trc khi gi yu cu v c s dng bi cc tc nhn relay iu khin vic
nh hng ca cc thng ip DHCP hoc BOOTP.
TRANSACTION IDENTIFIER: c tng qut ho bi client, v cho php n
ph hp request vi s phc p nhn c t DHCP server.
SECONDS ELAPSED: Ch ra bao nhiu giy tri qua k t khi my tnh khi
ng.
FLAGS: iu khin ni dung ca trng OPTIONS .
+ Broadcast flag( B): Mt client khng bit a ch IP s hu ca n ti thi im
n gi yu cu th n lp c ny ln 1. Cc server ny nh cc ch bo tc thi i
vi cc DHCP server hoc tc nhn relay m nhn c request th n nn p li
(reply) bng hnh thc broadcast.
+Reserved: c lp gi tr 0 hoc khng s dng.
CLIENT IP ADDRESS: Trng ny c bit n nu client bit cc a ch IP
ca n.
YOUR IP ADDRESS: c dng bi server cung cp a ch IP ca n.
SERVER IP ADDRESS :Cha a ch IP cu server.
ROUTER IP ADDRESS: Cha a ch IP ca mt router mc nh.

 CLIENT HARDWARE ADDRESS: c bit n nu client bit a ch phn

cng ca n.
SERVER HOST NAME: Cha host name cu server.
BOOT FILE NAME: Cha tn file ca server m cha hnh nh khi ng hp
l.
OPTIONS : Bao gm nhiu tham s yu cu cho thao tc DHCP c bn. Trng
ny c ch nh 64 bytes chiu di trong BOOTP nhng n bin i v chiu di
trong DHCP.

Chng 3: Phn tch gi tin DHCP bt c bng

phn mm Wireshark.
1. Hnh nh bt c khi dng phn mm Wireshar
bt c gi tin Wireshark th u tin phi rt mng t my tnh khng cho
c mng.Sau ta bt phn mm Wireshark bt gi tin DHCP trc sau ta
mi cm mng vo.
Kt qu ta c hnh nh nh di y.

Hnh 3.1

2. Phn tch thng tin ca cc gi tin bt c.

2.1. Gi tin Frame 3:

Hnh 3.2
- Thi gian n:ngy 16 thng 12 nm 2012 vo lc 17 gi 33 pht 26
giy.
- Gi tin th: 3
- Dung lng: 590 bytes (4720 bits)
- Dung lng bt c: 590 bytes (4720 bits

2.2. Gi tin v Ethernet II:

Hnh 3.3
- ch n:b0:48:7a:d3:f6:6
- Ngun n:00:1b:b1:4f:34:d0

2.3. Internet Protocol Version 4.

- di header: 20 bytes

Tng di: 576

on b p: 0
Thi gian sng: 64
a ch ngun:192.168.2.1
a ch ch: 192.168.2.102

2.4. User Datagram Protocol

Hnh 3.4
- Cng ngun:67
- Cng ch:68
- di:556

2.5. Truy vn DHCP

-

Loi tin nhn: boot reply(2)

Loi phn cng: Ethernet
Chiu di a ch phn cng:6
Transaction ID:0x77b56f98
S bc nhy:0
Second elapsed:0