|
- <p>solaris自带snoop抓包工具,抓所有数据流</p><p>
- </p><p># snoop</p><p>Using device /dev/pcn0 (promiscuous mode)</p><p>192.168.8.18 -> 192.168.255.255 NBT NS Query Request for WORKGROUP[1c], Success</p><p>192.168.253.35 -> solaris TELNET C port=1246</p><p>solaris -> 192.168.253.35 TELNET R port=1246 Using device /dev/pc</p><p>solaris -> 192.168.253.35 TELNET R port=1246 Using device /dev/pc</p><p>192.168.4.150 -> (broadcast) ARP C Who is 192.168.4.200, 192.168.4.200 ?</p><p>192.168.4.200 -> (broadcast) ARP C Who is 192.168.4.150, 192.168.4.150 ?</p><p>#</p><p>
- </p><p>抓源地址或目的为 202.101.98.55的数据流:</p><p>
- </p><p># snoop 202.101.98.55</p><p>Using device /dev/pcn0 (promiscuous mode)</p><p>192.168.253.35 -> dns.fz.fj.cn DNS C http://www.163.com/. Internet Addr ?</p><p>dns.fz.fj.cn -> 192.168.253.35 DNS R http://www.163.com/. Internet CNAME http://www.cache.split.netease.com/.</p><p>
- </p><p>#</p><p>
- </p><p>说明:internet cname 后的为解析http://www.163.com/的名字时,代表http://www.163.com/回答的主机的域名。</p><p>
- </p><p>抓 192.168.253.35和202.101.98.55之间的数据流(双向都抓)</p><p>
- </p><p># snoop 192.168.253.35 202.101.98.55</p><p>Using device /dev/pcn0 (promiscuous mode)</p><p>192.168.253.35 -> dns.fz.fj.cn DNS C http://www.google.com/. Internet Addr ?</p><p>dns.fz.fj.cn -> 192.168.253.35 DNS R http://www.google.com/. Internet CNAME http://www.l.google.com/.</p><p>#</p><p>
- </p><p>抓完存在当前目录下的cap文件中并查看</p><p>
- </p><p># snoop -o cap1 -P -P表示处在非混杂模式抓数据,只抓广播、主播、目的为本机的数据</p><p>Using device /dev/pcn0 (non promiscuous)</p><p>15 ^C 15的含义是:显示目前抓了多少个数据流</p><p>#</p><p>
- </p><p># snoop -i cap1</p><p>1 0.00000 192.168.253.35 -> solaris TELNET C port=1246</p><p>2 0.18198 192.168.253.35 -> solaris TELNET C port=1246</p><p>3 0.37232 192.168.4.199 -> 192.168.255.255 NBT Datagram Service Type=17 Source=WB-200[20]</p><p>4 0.00016 ? -> (multicast) ETHER Type=EF08 (Unknown), size = 180bytes</p><p>5 0.62546 192.168.253.35 -> solaris TELNET C port=1246</p><p>6 0.13822 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes</p><p>7 0.06283 192.168.253.35 -> solaris TELNET C port=1246</p><p>8 0.90301 192.168.253.35 -> solaris TELNET C port=1246</p><p>9 0.19781 192.168.253.35 -> solaris TELNET C port=1246</p><p>10 0.81493 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes</p><p>11 0.07018 192.168.253.35 -> solaris TELNET C port=1246</p><p>12 0.19939 192.168.253.35 -> solaris TELNET C port=1246</p><p>13 0.90151 192.168.253.35 -> solaris TELNET C port=1246</p><p>14 0.18904 192.168.253.35 -> solaris TELNET C port=1246</p><p>15 0.68422 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes</p><p>#snoop -i cap1 -p 10,12 只看10-12条记录</p><p>
- </p><p>#snoop -i cap1 -p10 只看第10条记录</p><p>
- </p><p># snoop -i cap1 -v -p101 查看第10条数据流的包头的详细内容</p>
复制代码
|
|