{"id":8988,"date":"2024-02-29T21:52:49","date_gmt":"2024-02-29T14:52:49","guid":{"rendered":"https:\/\/vacif.com\/?p=8988"},"modified":"2024-08-13T08:40:06","modified_gmt":"2024-08-13T08:40:06","slug":"huong-dan-tao-va-download-packet-capture-tren-sophos-firewall","status":"publish","type":"post","link":"https:\/\/vacif.com\/en\/huong-dan-tao-va-download-packet-capture-tren-sophos-firewall\/","title":{"rendered":"H\u01af\u1edaNG D\u1eaaN T\u1ea0O V\u00c0 DOWNLOAD PACKET CAPTURE TR\u00caN SOPHOS FIREWALL"},"content":{"rendered":"\n<p><strong>1.Gi\u1edbi thi\u1ec7u<\/strong><\/p>\n\n\n\n<p>Packet Capture l\u00e0 qu\u00e1 tr\u00ecnh b\u1eaft v\u00e0 ghi l\u1ea1i l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp, t\u1eeb \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 ph\u00e2n t\u00edch c\u00e1c g\u00f3i tin d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c truy\u1ec1n qua m\u1ed9t m\u1ea1ng, gi\u00fap \u0111i\u1ec1u tra s\u1ef1 c\u1ed1 m\u1ea1ng, gi\u00e1m s\u00e1t c\u0169ng nh\u01b0 qu\u1ea3n l\u00fd m\u1ea1ng. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd h\u01b0\u1edbng d\u1eabn c\u00e1ch b\u1eaft g\u00f3i v\u00e0 download PCAP t\u1eeb Sophos Firewall b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng PSCP.<\/p>\n\n\n\n<p><strong>2.C\u00e1c b\u01b0\u1edbc th\u1ef1c hi\u1ec7n<\/strong><\/p>\n\n\n\n<p>\u0110\u1ec3 t\u1ea1o Packet Capture (b\u1eaft g\u00f3i), ta ti\u1ebfn h\u00e0nh truy c\u1eadp v\u00e0o Sophos Firewall CLI th\u00f4ng qua s\u1eed d\u1ee5ng <strong>Putty<\/strong> ho\u1eb7c tr\u00ean trang <strong>Web Admin <\/strong>c\u1ee7a Sophos Firewall b\u1eb1ng c\u00e1ch ta ch\u1ecdn <strong>Console<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6137.png\" alt=\"\" class=\"wp-image-18883\" \/><\/figure>\n<\/div>\n\n\n<p>Sau \u0111\u00f3 b\u1ea1n s\u1ebd ph\u1ea3i nh\u1eadp m\u1eadt kh\u1ea9u d\u00f9ng \u0111\u1ec3 truy c\u1eadp v\u00e0o Web Admin c\u1ee7a Sophos Firewall.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6138.png\" alt=\"\" class=\"wp-image-18884\" \/><\/figure>\n<\/div>\n\n\n<p>\u1ede \u0111\u00e2y ta c\u1ea7n truy c\u1eadp v\u00e0o <strong>Device Console<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6139.png\" alt=\"\" class=\"wp-image-18885\" \/><\/figure>\n<\/div>\n\n\n<p>B\u1ea1n ti\u1ebfn h\u00e0nh nh\u1eadp d\u00f2ng l\u1ec7nh sau:  <code><strong>tcpdump filedump 'host x.x.x.x -s0<\/strong><\/code><\/p>\n\n\n\n<p><strong>L\u01b0u \u00fd:<\/strong> Thay<strong> x.x.x.x <\/strong>b\u1eb1ng \u0111\u1ecba ch\u1ec9 IP interface c\u1ee7a Sophos Firewall.<\/p>\n\n\n\n<p>Nh\u1ea5n <strong>Ctrl + C<\/strong> \u0111\u1ec3 d\u1eebng qu\u00e1 tr\u00ecnh Packet Capture.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6140.png\" alt=\"\" class=\"wp-image-18886\" \/><\/figure>\n<\/div>\n\n\n<p><strong>L\u01b0u \u00fd:<\/strong> Khi t\u1ea1o Packet Capture xong, file s\u1ebd&nbsp;\u0111\u01b0\u1ee3c l\u01b0u d\u01b0\u1edbi d\u1ea1ng <strong>tcpdump.pcap<\/strong> trong th\u01b0 m\u1ee5c <strong>\/tmp\/data\/<\/strong>. Khi b\u1ea1n b\u1eaft \u0111\u1ea7u t\u1ea1o 1 Packet Capture kh\u00e1c th\u00ec n\u00f3 s\u1ebd ghi \u0111\u00e8 l\u00ean file Packet Capture \u0111\u00e3 b\u1eaft tr\u01b0\u1edbc \u0111\u00f3. V\u00ec v\u1eady, b\u1ea1n c\u00f3 th\u1ec3 download xu\u1ed1ng ho\u1eb7c \u0111\u1ed5i t\u00ean file Packet Capture l\u1ea7n \u0111\u1ea7u ti\u00ean tr\u01b0\u1edbc khi b\u1ea1n b\u1eaft \u0111\u1ea7u t\u1ea1o 1 Packet Capture kh\u00e1c.<\/p>\n\n\n\n<p>\u0110\u1ec3 \u0111\u1ed5i t\u00ean b\u1eb1ng c\u00e1ch \u0111i v\u00e0o <strong>Device Management<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6141.png\" alt=\"\" class=\"wp-image-18887\" \/><\/figure>\n<\/div>\n\n\n<p>Sau \u0111\u00f3 ch\u1ecdn <strong>Advanced Shell<\/strong>.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6142.png\" alt=\"\" class=\"wp-image-18888\" \/><\/figure>\n<\/div>\n\n\n<p>Ch\u1ea1y v\u1edbi c\u00e2u l\u1ec7nh sau: &nbsp;<code><strong>cp \/tmp\/data\/tcpdump.pcap \/tmp\/data\/ tcpdump1.pcap<\/strong><\/code><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6143.png\" alt=\"\" class=\"wp-image-18889\" \/><\/figure>\n\n\n\n<p>Sau khi \u0111\u00e3 xong c\u00e1c b\u01b0\u1edbc tr\u00ean, ta s\u1ebd ti\u1ebfn h\u00e0nh download Packet Capture&nbsp;th\u00f4ng qua<strong> PSCP<\/strong>. C\u00f3 th\u1ec3 hi\u1ec3u \u0111\u01a1n gi\u1ea3n l\u00e0 ph\u1ea7n m\u1ec1m n\u00e0y s\u1ebd gi\u00fap b\u1ea1n di chuy\u1ec3n file trong h\u1ec7 th\u1ed1ng m\u1ed9t c\u00e1ch an to\u00e0n. \u0110\u1ec3 l\u00e0m \u0111\u01b0\u1ee3c \u0111i\u1ec1u n\u00e0y, b\u1ea1n c\u1ea7n v\u00e0o \u0111\u01b0\u1eddng link sau \u0111\u1ec3 download: <a href=\"https:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/latest.html\">https:\/\/www.chiark.greenend.org.uk\/~sgtatham\/putty\/latest.html<\/a><\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6144.png\" alt=\"\" class=\"wp-image-18890\" \/><\/figure>\n<\/div>\n\n\n<p>Ti\u1ebfp theo b\u1ea1n m\u1edf <strong>CMD (Command Prompt)<\/strong> l\u00ean v\u00e0 nh\u1eadp c\u00e1c l\u1ec7nh sau:<\/p>\n\n\n\n<p><strong>cd Desktop:<\/strong> l\u1ec7nh cd n\u00e0y s\u1ebd gi\u00fap di chuy\u1ec3n file c\u1ea7n l\u01b0u v\u00e0o v\u1ecb tr\u00ed m\u00ecnh mu\u1ed1n, \u1edf \u0111\u00e2y m\u00ecnh ch\u1ecdn Desktop, b\u1ea1n c\u00f3 th\u1ec3 ch\u1ecdn n\u01a1i ch\u1ee9a kh\u00e1c.<\/p>\n\n\n\n<p><code><strong>pscp.exe -scp admin@172.16.16.1:\/tmp\/data\/tcpdump.pcap \/Users\/CHAU\/Desktop\/<\/strong><\/code><\/p>\n\n\n\n<p>Cu\u1ed1i c\u00f9ng, b\u1ea1n nh\u1eadp m\u1eadt kh\u1ea9u admin c\u1ee7a Sophos Firewall.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6145.png\" alt=\"\" class=\"wp-image-18891\" \/><\/figure>\n<\/div>\n\n\n<p>Sau khi ch\u1ea1y l\u1ec7nh xong, b\u1ea1n ra <strong>Desktop<\/strong> s\u1ebd th\u1ea5y file Packet Capture \u0111\u00e3 \u0111\u01b0\u1ee3c download xu\u1ed1ng.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full is-resized\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6146.png\" alt=\"\" class=\"wp-image-18892\" style=\"width:654px;height:auto\" \/><\/figure>\n<\/div>\n\n\n<p>Sau khi c\u00f3 file, b\u1ea1n download th\u00eam ph\u1ea7n m\u1ec1m <strong>WireShark<\/strong>, \u0111\u00e2y l\u00e0 ph\u1ea7n m\u1ec1m s\u1ebd gi\u00fap b\u1ea1n \u0111\u1ecdc \u0111\u01b0\u1ee3c c\u0169ng nh\u01b0 ph\u00e2n t\u00edch c\u00e1c g\u00f3i tin m\u1ea1ng. <\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-full\"><img decoding=\"async\" src=\"https:\/\/uploads.thegioifirewall.com\/image-6147.png\" alt=\"\" class=\"wp-image-18893\" \/><\/figure>\n<\/div>\n\n\n<p>\u0110\u1ebfn \u0111\u00e2y th\u00ec m\u00ecnh xin k\u1ebft th\u00fac b\u00e0i vi\u1ebft, ch\u00fac c\u00e1c b\u1ea1n th\u1ef1c hi\u1ec7n th\u00e0nh c\u00f4ng.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>1.Gi\u1edbi thi\u1ec7u Packet Capture l\u00e0 qu\u00e1 tr\u00ecnh b\u1eaft v\u00e0 ghi l\u1ea1i l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp, t\u1eeb \u0111\u00f3 b\u1ea1n c\u00f3 th\u1ec3 ph\u00e2n t\u00edch c\u00e1c g\u00f3i tin d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c truy\u1ec1n qua m\u1ed9t m\u1ea1ng, gi\u00fap \u0111i\u1ec1u tra s\u1ef1 c\u1ed1 m\u1ea1ng, gi\u00e1m s\u00e1t c\u0169ng nh\u01b0 qu\u1ea3n l\u00fd m\u1ea1ng. B\u00e0i vi\u1ebft n\u00e0y s\u1ebd h\u01b0\u1edbng d\u1eabn c\u00e1ch b\u1eaft g\u00f3i v\u00e0 [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":8989,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","ocean_post_layout":"","ocean_both_sidebars_style":"","ocean_both_sidebars_content_width":0,"ocean_both_sidebars_sidebars_width":0,"ocean_sidebar":"","ocean_second_sidebar":"","ocean_disable_margins":"enable","ocean_add_body_class":"","ocean_shortcode_before_top_bar":"","ocean_shortcode_after_top_bar":"","ocean_shortcode_before_header":"","ocean_shortcode_after_header":"","ocean_has_shortcode":"","ocean_shortcode_after_title":"","ocean_shortcode_before_footer_widgets":"","ocean_shortcode_after_footer_widgets":"","ocean_shortcode_before_footer_bottom":"","ocean_shortcode_after_footer_bottom":"","ocean_display_top_bar":"default","ocean_display_header":"default","ocean_header_style":"","ocean_center_header_left_menu":"","ocean_custom_header_template":"","ocean_custom_logo":0,"ocean_custom_retina_logo":0,"ocean_custom_logo_max_width":0,"ocean_custom_logo_tablet_max_width":0,"ocean_custom_logo_mobile_max_width":0,"ocean_custom_logo_max_height":0,"ocean_custom_logo_tablet_max_height":0,"ocean_custom_logo_mobile_max_height":0,"ocean_header_custom_menu":"","ocean_menu_typo_font_family":"","ocean_menu_typo_font_subset":"","ocean_menu_typo_font_size":0,"ocean_menu_typo_font_size_tablet":0,"ocean_menu_typo_font_size_mobile":0,"ocean_menu_typo_font_size_unit":"px","ocean_menu_typo_font_weight":"","ocean_menu_typo_font_weight_tablet":"","ocean_menu_typo_font_weight_mobile":"","ocean_menu_typo_transform":"","ocean_menu_typo_transform_tablet":"","ocean_menu_typo_transform_mobile":"","ocean_menu_typo_line_height":0,"ocean_menu_typo_line_height_tablet":0,"ocean_menu_typo_line_height_mobile":0,"ocean_menu_typo_line_height_unit":"","ocean_menu_typo_spacing":0,"ocean_menu_typo_spacing_tablet":0,"ocean_menu_typo_spacing_mobile":0,"ocean_menu_typo_spacing_unit":"","ocean_menu_link_color":"","ocean_menu_link_color_hover":"","ocean_menu_link_color_active":"","ocean_menu_link_background":"","ocean_menu_link_hover_background":"","ocean_menu_link_active_background":"","ocean_menu_social_links_bg":"","ocean_menu_social_hover_links_bg":"","ocean_menu_social_links_color":"","ocean_menu_social_hover_links_color":"","ocean_disable_title":"default","ocean_disable_heading":"default","ocean_post_title":"","ocean_post_subheading":"","ocean_post_title_style":"","ocean_post_title_background_color":"","ocean_post_title_background":0,"ocean_post_title_bg_image_position":"","ocean_post_title_bg_image_attachment":"","ocean_post_title_bg_image_repeat":"","ocean_post_title_bg_image_size":"","ocean_post_title_height":0,"ocean_post_title_bg_overlay":0.5,"ocean_post_title_bg_overlay_color":"","ocean_disable_breadcrumbs":"default","ocean_breadcrumbs_color":"","ocean_breadcrumbs_separator_color":"","ocean_breadcrumbs_links_color":"","ocean_breadcrumbs_links_hover_color":"","ocean_display_footer_widgets":"default","ocean_display_footer_bottom":"default","ocean_custom_footer_template":"","ocean_post_oembed":"","ocean_post_self_hosted_media":"","ocean_post_video_embed":"","ocean_link_format":"","ocean_link_format_target":"self","ocean_quote_format":"","ocean_quote_format_link":"post","ocean_gallery_link_images":"on","ocean_gallery_id":[],"footnotes":""},"categories":[80],"tags":[374,334],"class_list":["post-8988","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-huong-dan-tai-lieu","tag-packet-capture","tag-sophos-firewall","entry","has-media"],"_links":{"self":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/8988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/comments?post=8988"}],"version-history":[{"count":1,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/8988\/revisions"}],"predecessor-version":[{"id":20116,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/posts\/8988\/revisions\/20116"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media\/8989"}],"wp:attachment":[{"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/media?parent=8988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/categories?post=8988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vacif.com\/en\/wp-json\/wp\/v2\/tags?post=8988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}