Scribd Logo
Upload

Welcome to Scribd!

  • Traloi

    Uploaded by

    Nguyên Trực
    8 views9 pages

    Original Title

    traloi

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOC, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views9 pages

    Traloi

    Uploaded by

    Nguyên Trực

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOC, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 9

    ICMP l g?

    ICMP (Internet Control Message Protocol) - Giao thc iu khin truyn tin trn mng. Vic nh tuyn qua cc mng s dng giao thc iu khin truyn tin ICMP gi thng bo lm nhng cng vic sau: iu khin , thng bo li v chc nng thng tin cho TCP/IP. ICMP thuc tng vn chuyn - Transpoort

    Layer
    Thng thng ICMP c gi khi mt gi tin khng th i ti ch, hoc mt Router khng cn ch nh nhn thm gi tin hay mt Router hng dn my tnh s dng Router khc truyn thng tin theo mt con ng ti u hn. Ta s xt tng trng hp c th .

    iu khin dng d liu


    Khi trm ngun gi d liu ti qu nhanh, trm ch khng kp x l, trm ch - hay mt thit b dn ng gi tr trm ngun mt thng bo trm ngun tm ngng vic truyn thng tin. Thng bo li Khi khng tm thy trm ch, mt thng bo li Destination Unreachable c Router gi tr li trm ngun. Nu mt s hiu cng khng ph hp trm ch gi thng bo li li cho trm ngun . Kim tra trm lm vic Khi mt my tnh mun kim tra mt my khc c tn ti v ang hot ng hay khng, n gi mt thng bo Echo Request. Khi trm ch nhn c thng bo , n gi li mt Echo Reply. Lnh ping s dng cc thng bo ny. Ping l mt lnh ph bin v thng c s dng kim tra kt ni

    .....IP khng c c ch bit data m n gi c n c ch cha, nn mi sinh ra ci gi l Internet Control Message Protocol (ICMP). ICMP khng phi gii quyt ci thuc tnh unreliability vn c ca IP m ICMP message c nhim v n gin l bo cho sender bit vic gi data i c vn . .....V d: host A gi mt datagram ti host Z, nhng trn ng ti ch, c th do mt trong s cc nguyn nhn sau s lm cho gi tin khng n c ng ch: ..... + Cc thit b trung gian nh routing protocol cha ng ... chng c gi l unreachable network ..... + Cu hnh TCP/IP cha ng v a ch, subnetmask hay default gateway... chng c gi l unreachable host ..... + Host dch khng h tr upper-layer protocol. c gi l unreachable protocol ..... + Host ich khng h tr loi dch v cn truy cp. Gi l unreachable port/socket .....Khi thit b trung gian (router) ni sy ra vn s gi li mt gi tin trong c ICMP message ch dnh cho sender thng bo v nguyn nhn. Cc thit b trung gian khc khng nhn c message trn v hon ton khng bit l c vn trn ng truyn. ..... l mt message c chuyn i trong mng th n cng phi i qua cc lp pha di. V d liu (ni dung chnh ca message ) s c encap cng nh cc loi data khc (ngha l cng phi c Frame header, IP datagram header...) sau n s c chuyn i. ..... trnh trng hp khi truyn ICMP message li sy ra li v li sinh ra mt ci error report na (v lm tng congestion) ICMP s khng c error report na. .....C nhiu loi ICMP message v mi loi mang mt thng ip li c th khc nhau. Kiu message c nhn ra nh format d liu ca message . .....Cc loi ICMP message c encap vi header u c 3 trng chung: .....+Type (8bit): Ch kiu ca ICMP message - tc l problem cn gi n sender (v d: Type = 0 ->

    Echo request message, Type = 8 -> Echo reply message 2 ci ny dng cho ping ) .....+Code (8bit): B sung thng tin thm cho Type (v d vi Type = 0/8 code=0 -> echo message) .....+Checksum (16bit) Sau l cc trng option khc. V sau header l data. I. Cc loi ICMP message thng thy: (c th dng cc trnh bt gi tin kim tra) .....1. ICMP echo messages C hai loi l echo request v echo reply message tng ng vi Vi cc trng: .....Type = 0 -> echo request, code = 0 .....Type = 8 -> echo reply, code = 0 Ngoi ra cn c 2 trng (size l 16bit/field) l ID v sequence Number dng nhn bit gi cc cp reply/request. Chi tit v echo message v ping s c bn phn sau. .....2. ICMP Destination Unreachable message .....Nh ni v Destination Unreachable. Nu b Destination Unreachable, thit b trung gian s gi mt Destination Unreachable message v sender. .....Destination Unreachable c nhiu loi ng vi cc nghuyn nhn khc nhau v chng s c cc cp gi tr code khc nhau: V d: .....Type = 3, code = 0 -> Network Unreachable .....Type = 3, code = 1 -> Host Unreachable .....Type = 3, code = 2 -> Protocol Unreachable .....Type = 3, code = 3 -> Port Unreachabl ......... .....3. ICMP Parameter Problem message .....Vn sy ra khi c mt vi error trong header ca datagram ( mt vi octet) v khng th chuyn n i tip c. Khi thit b trung gian gi mt ICMP Parameter Problem message cho sender vi cc trng nh sau. .....Type = 12 .....Code = 0 - 2 (ci ny tui cng khng r c th l cho loi no) .....Thm mt trng Poiter (8bit) ch v tr ca octet li Control Messages Control Messages, khng mang cc thng bo v lost packet hoc error conditions. Control Message bo cho host bit cc iu kin nh ang c congestion hoc l c gateway hp l hn cho host. .....4. ICMP Redirect/Change Request message .....L mt loi Control Messages, n ch c gi i bi mt default gateway v n bo cho host nhn bit l c best path cho mi nu c cc iu sau sy ra (hi vng phn ny c bc no by t quan im vi tui): .....+Ti Interface m packet i vo sau li c routed i ra. .....+Ti subnet/network ca a ch IP ngun cnd subnet/network vi nexthop. .....+Khi host c mc nh l gi ICMP Redirect message. C th b default ny bng command: "no ip redirects" C cc loi Redirec Require Message ng vi cc type v code sau: .....Type = 5 code = 0 -> Ridirect datagram for the network .....Type = 5 code = 1 -> Ridirect datagram for the host .....Type = 5 code = 2 -> Ridirect datagram for the type of service and the network .....Type = 5 code = 3 -> Ridirect datagram for the type of service and the host

    .....5. ICMP Timestamp Request message .....Dng n b thi gian cho cc ng dng gia ni chuyn v ni nhn: .....Type = 13, code = 0 -> ICMP Timestamp Request message .....Type = 14, code = 0 -> ICMP Timestamp reply message .....Ngoi ra cn c 2 trng c size l 16 bit l ID v sequence Number dng nhn bit gi cc cp reply/request. .....6. ICMP Information Request and Reply message ..... xc nh s network c s dng (?) .....Type = 15, code = 0 -> ICMP Information Request message .....Type = 16, code = 0 -> ICMP Information reply message .....Ngoi ra cn c 2 trng c size l 16 bit l ID v sequence Number dng nhn bit gi cc cp reply/request. .....7. ICMP Address Mask Request message ..... host tm subnetmask ca mnh khi khng c cu hnh bng tay. .....Type = 17, code = 0 -> ICMP Address Mask Request message .....Type = 118, code = 0 -> ICMP Address Mask reply message .....Ngoi ra cn c 2 trng c size l 16 bit l ID v sequence Number dng nhn bit gi cc cp reply/request. V thm 1 trng 32 bit dnh cho Address Mask (vi request message th n c cho v not use vi reply mesage th n l Address Mask correct ca host) .....8. .... Type .....8. c Type dng = ICMP = ICMP khi 10 Router 9 Router sender Discover Code Solicitation mt default Code = message =0 message gateway 0

    .....9. ICMP Source Quench message .....c dng bo cho sender bit l c congestion v hi sender xem c gim tc gi packet i khng. N thuc loi Flow-Control Message Type = 4 Code = 0

    Hi: Ping l g?
    Ping la mt tin ich i kem trong UNIX, Internet va cac h thng mang TCP/IP. Bi vi hu ht cac h iu hanh mang may tinh hin nay u h tr TCP/IP, trong o cung bao gm tin tich Ping. Ping tng ng vi mt ting la trong hem nui va lng nghe ting vong lai cua no. Ban ping mt may chu khac trn h thng mang xem host o co th tin n c t host cua ban hay khng. Cu lnh co dang ping ipaddress, y ipaddress la ia chi IP cua host ma ban mun lin lac. Ping s dung giao thc ICMP (Internet Control Message Protocol: Giao thc iu khin thng bao trn Internet) giai quyt cng vic cua no. Noi mt cach cu th, no gi i mt thng bao kiu ting vang ICMP n host c chi inh. Nu co th tin n thit bi trc khi ht khoang thi gian cho phep, host cua ban se nhn c mt ting vang ICMP thng bao ap lai. Ping co th c s dung nh mt cng cu giai quyt cac s c v truyn thng. Vic u tin phai lam la ping ia chi cua h thng ban ang lam vic. iu ny chc rng phn mm mang may tinh cua ban ang lam vic. K n, ping n h thng

    ich. Nu ban khng thy mt tra li nao, hay th ping n mt h thng khac xem h thng ny co th tin n c khng. Nu h thng khac o ap ng lai, h thng cua ban co le la tt ri con mang hay host ich co th la co vn . Nu co th, ban hay n h thng ich va ping vao may o xem h thng lin kt mang cua no co ang hoat ng hay khng. Nu khng, hay kim tra lai cu hinh cai t, cac ni kt va ngay ca i vi cac card giao tip mang. Ping, vit tt ca Packet Internet Grouper (Groper), l mt cng c cho mng my tnh s dng trn cc mng TCP/IP (chng hn nh Internet) kim tra xem c th kt ni ti mt my ch c th no hay khng, v c lng khong thi gian tr trn vng gi gi d liu cng nh t l cc gi d liu c th b mt gia hai my. Cng c ny thc hin nhim v trn bng cch gi mt s gi tin ICMP n my kia v lng nghe tr li. Tc gi ca cng c ny l ng Mike Muuss. Kt xut ca ping thng thng bao gm kch c gi d liu, a ch host truy vn, dy s ICMP, thi gian sng (time to live), thi gian tr trn vng (round-trip time), n v thi gian l miligiy (1/1000 ca giy), v thi gian di 10 giy thng c chnh xc thp T muc lin quan ICMP (Internet Control Message Protocol); IP (Internet Protocol) Vo cmd g lnh : ipconfig /? ping /? Ipconfig : dng xem v chnh sa a ch IP Ping : kim tra s khai thng ca cc my tnh trong mng ( thy nhau cha?) Thng th dng : ipconfig /all : xem ton b thng tin ping : th d hn nhiu, nhp thm a ch IP hoc tn my, hoc domain (tn min) cn kim tra s khai thng l c. V d IP ca bn l 192.168.1.100 bn mun kim tra my 19 (tn my tnh l may19, IP l 192.168.1.19) th bn g nh sau : ping may19 hoc : ping 192.168.1.19 Nu thng bo Reply th thy nhau trong mng

    TCP Flag?
    TCP Flag: trong qua trnh truyn thng ca mnh, giao thc TCP s dng cc c gi l nhng TCP Flag l SYN, ACK, FIN, RESET, PUSH v URGENT. Cc c ny thng c xc nh bng nhng k t u ca chng nh S, A, F, R, P v urg.

    - SYN c sng dng trong giai on u ca qu trnh khi tp lin kt nhm ng b ha hai my tnh trc khi d liu c truyn. - ACK dng gi thng bo xc nhn sau khi nhn c d liu t my gi. Thng c s dng trong giai on 2 ca qu trnh khi to lin kt. - FIN gi bi my truyn yu cu chm dt lin kt. - RESET: dng reset li phin truyn. - PUSH c p dng khi bn truyn yu cu d liu c gi trc tip n ng dng m khng cn thng qua vng m. - URGENT c s dng truyn d liu khn c mc u tin cao nht.

    Bt tay ba bc ( Three Way Handshake) ?


    lp Transport c 2 giao thc quan trng l UDP v TCP. - TCP l giao thc thuc dng connection-oriented (hng kt ni). C ngha l n thit lp knh kt ni trc khi truyn data i. - UDP l giao thc thuc dng connectionless (ngha l khng hng kt ni). N khng cn thit lp knh truyn trc khi truyn d liu i. TCP thit lp kt ni bng 3 bc bt tay (3-way handshake) sender ___________ receiver SYN seq=X ----------> SYN received (step 1) SYN received <--------send ACK X+1 and SYN Y (step 2) Send ACK Y+1 --------> (step 3)
    Mt gi d liu TCP cha cc bit c (flag bits) m t ni dung v mc ch ca gi d liu. V d: * Gi d liu vi c SYN (synchronization) dng bt u mt connection. * ACK (acknowledgement). * FIN (finish) dng ngt mt connection. * ... 1.SYN: cc chng trnh my con (v d yu cu t browser, ftp client) bt u connection vi my ch bng cch gi mt packet vi c "SYN" n my ch. SYN packet ny thng c gi t cc cng cao (1024 - 65535) ca my con n nhng cng trong vng thp (1 - 1023) ca my ch. Chng trnh trn my con s hi h iu hnh cung cp

    cho mt cng m connection vi my ch. Nhng cng trong vng ny c gi l "cng my con" (client port range). Tng t nh vy, my ch s hi HH nhn c quyn ch tn hiu trong my ch, vng cng 1 - 1023. Vng cng ny c gi l "vng cng dch v" (service port). V d (mc nh): - Web Server s lun ch tn hiu cng 80 v Web browser s connect vo cng 80 ca my ch. - FTP Server s lng port 21. Ngoi ra trong gi d liu cn c thm a ch IP ca c my con v my ch. 2. SYN/ACK: khi yu cu m connection c my ch nhn c ti cng ang m, server s gi li packet chp nhn vi 2 bit c l SYN v ACK. SYN/ACK packet c gi ngc li bng cch i hai IP ca server v client, client IP s thnh IP ch v server IP s thnh IP bt u. Tng t nh vy, cng cng s thay i, server nhn c packet cng no th cng s dng cng gi li packet vo cng m client gi. Server gi li packet ny thng bo l server nhn c tn hiu v chp nhn connection, trong trng hp server khng chp nhn connection, thay v SYN/ACK bits c bt, server s bt bit RST/ACK (Reset Acknowledgement) v gi ngc li RST/ACK packet. Server bt buc phi gi thng bo li bi v TCP l chun tin cy nn nu client khng nhn c thng bo th s ngh rng packet b lc v gi li thng bo mi. 3. ACK: khi client nhn c SYN/ACK packet th s tr li bng ACK packet. Packet ny c gi vi mc ch duy bo cho my ch bit rng client nhn c SYN/ACK packet v lc ny connection c thit lp v d liu s bt u lu thng t do. y l tin trnh bt buc phi thc hin khi client mun trao i d liu vi server thng qua giao thc TCP. Mt s th thut da vo c im ny ca TCP tn cng my ch (v d DOS).

    Con ngi to ra viruts v:


    Trc y, virus thng c vit bi mt s ngi am hiu v lp trnh mun chng t kh nng ca mnh nn thng virus c cc hnh ng nh: cho mt chng trnh khng hot ng ng, xa d liu, lm hng cng,... hoc gy ra nhng tr a kh chu. Nhng virus mi c vit trong thi gian gn y khng cn thc hin cc tr a hay s ph hoi i my tnh ca nn nhn b ly nhim na, m a phn hng n vic ly cp cc thng tin c nhn nhy cm (cc m s th tn dng) m ca sau cho tin tc t nhp chim quyn iu khin hoc cc hnh ng khc nhm c li cho ngi pht tn virus.

    3. C ch nghe trm
    hiu qu trnh cn hiu c nguyn tc chuyn ti cc gi tin (packet) gi cc my qua 2 loi thit b tp trung cc node mng s dng ph bin hin nay l Hub v Switch trn h thng mng Ethernet, bit c cc im yu b li dng lc truyn dn nghe trm. Trong mi trng Hub Khi gi tin c chuyn t my A sang my B th ng thi n c gi n tt c cc my khc ang kt ni cng Hub. Cc my khc nhn c gi tin ny v tin hnh so snh vi frame ca gi tin kim tra a ch ch. Nu trng lp th s nhn, cn khng th cho qua. Do gi tin t A c gi n B nn khi so snh th ch c B mi ging a ch ch n nn ch c B mi thc hin tip nhn. Da vo nguyn tc , my c ci t chng trnh nghe trm s t nhn bt c gi tin c lu chuyn trong mng qua Hub, k c khi ch n gi tin c ch n khng phi l n, nh card mng c t ch hn tp (promiscuous mode). Promiscuous mode l ch c bit m khi card mng c t di ch ny, n c th nhn tt c cc gi tin m khng b rng buc kim tra a ch ch n. Trong mi trng Switch Khc vi Hub, Switch ch chuyn ti cc gi tin n nhng a ch xc nh trc nn nghe trm kiu t nhn nh Hub khng thc hin c. My A khi truyn d liu cho my B thng qua switch th s ch chuyn ti A, khng qua C ch c (1) v (4), khng c bc 2,3. tng y l nu my C mun nghe trm d liu truyn gia A v B th n tm cch ng vai tr nh mt gateway n v tip vn d liu. Theo hnh trn, d liu t my A n switch, ri n my C, sau tr li switch ri mi n B. Lc my C ni vi my A n l B A truyn d liu cho n, sau ni vi B n l A truyn d liu n B. M rng ra, nu my C s nhn d liu trung gian i vi tt c cc my trong cng kt ni n switch. V nh vy d liu qua C s b ghi li, tc b nghe ln. Cc k thut p dng ch yu trong mi trng Switch gm ARP spoofing, MAC flooding, MAC duplicating,

    Khc nhau gia HUB v SWITCH


    No chng ta hy bt u vi hub v switch bi c hai thit b ny u c nhng vai tr tng t trn mng. Mi thit b du ng vai tr kt ni trung tm cho tt c cc thit b mng, v x l mt dng d liu c gi l "frame" (khung). Mi khung u mang theo d liu. Khi khung c tip nhn, n s c khuych i v truyn ti cng ca PC ch. S khc bit ln nht gia hai thit b ny l phng php phn phi cc khung d liu. Vi hub, mt khung d liu c truyn i hoc c pht ti tt c cc cng ca thit b m khng phn bit cc cng vi nhau. Vic chuyn khung d liu ti tt c cc cng ca hub chc rng d liu s c chuyn ti ch cn n. Tuy nhin, kh nng ny li tiu tn rt nhiu

    lu lng mng v c th khin cho mng b chm i (i vi cc mng cng sut km). Ngoi ra, mt hub 10/100Mbps phi chia s bng thng vi tt c cc cng ca n. Do vy khi ch c mt PC pht i d liu (broadcast) th hub vn s dng bng thng ti a ca mnh. Tuy nhin, nu nhiu PC cng pht i d liu, th vn mt lng bng thng ny c s dng, v s phi chia nh ra khin hiu sut gim i. Trong khi , switch lu li bn ghi nh a ch MAC ca tt c cc thit b m n kt ni ti. Vi thng tin ny, switch c th xc nh h thng no ang ch cng no. Khi nhn c khung d liu, switch s bit ch xc cng no cn gi ti, gip tng ti a thi gian phn ng ca mng. V khng ging nh hub, mt switch 10/100Mbps s phn phi y t l 10/100Mbps cho mi cng thit b. Do vy vi switch, khng quan tm s lng PC pht d liu l bao nhiu, ngi dng vn lun nhn c bng thng ti a. l l do ti sao switch c coi l la chn tt hn so vi hub. Cn router th khc hon ton so vi hai thit b trn. Trong khi hub hoc switch lin quan ti vic truyn khung d liu th chc nng chnh ca router l nh tuyn cc gi tin trn mng cho ti khi chng n ch cui cng. Mt trong nhng c tnh nng quan trng ca mt gi tin l n khng ch cha d liu m cn cha a ch ch n. im ging nhau ca HUB v SWITCH: C hai thit b u lm nhim v m thm Port nhm kt ni nhiu my tnh li vi nhau, im ging th hai l c hai u c chc nng khuch i tn hiu ng vo. - im khc nhau gia HUB v SWITCH. HUB c 3 loi l + Passive Hub: (Hub th ng) + Active Hub: (Hub ch ng) + Intelligent Hub: (Hub thng minh) + Ngoi tr HUB thng minh lm vic tng 2 trong m hnh OSI ging vi SWITCH th HUB ch lm vic tng 1 tng t nh thit b Repeater. Ngoi ra thit b Passive HUB khng dng n ngun in ph nn n hot ng rt km v s port rt thp. + Switch c mt b nh c bit nh l buffer lm nhim v lu tr thng tin cc Host m n qun l bao gm IP v Physical Address, c ch ny gip cho Switch thc hin c tnh nng chuyn mch. Switch ch yu lm vic trn tng 2 OSI, mt s Switch chuyn dng lm vic trn tng 3 OSI, hay cn gi l Switch Layer 3. + im khc nhau quan trng trong qa trnh chuyn Frame ca HUB v SWITCH. Trong khi HUB lun lun chuyn frame theo dng Broadcast (gi thng tin i ton b cc Note trong mng) th ngc li Switch ch gi Broadcart ln u tin cp nht thng tin vo b nh cn t v sau n lun chuyn thng tin theo kiu end to end ch khng gi Broadcast na. Switch layer 3 c thm phn nh tuyn tng t nh Router v chc nng V-LAN (mng LAN o) cn HUB hon ton ko c chc nng ny.

    You might also like