HP-UX下的抓包工具nettl
当我们搞不清unix/linux下的某个工具怎么用时最可靠也最有效的办法就是:看工具的联机手册,man nettl。
使用nettl抓包工具必须在root用户下执行。简单列个小的抓包例子:
# cd /tmp # nettl -start Initializing Network Tracing and Logging... Done. # nettl -tn all -e ns_ls_tcp -tm 60M -f /tmp/net1
参数: -tn (-traceon的简写,开始在指定的subsystems类型上捕获报文)
-e (-entity的简写,后接subsystems类型,这里我们要抓取的是tcp报文)
-tm (-tracemax的简写,后接maxsize,指定抓包大小)
-f (-file的简写,后接抓取后的数据包的名字)
# nettl -status all Logging Information: Log Filename: /var/adm/nettl.LOG0* Max Log file size(Kbytes): 1000 Console Logging: On User's ID: 0 Buffer Size: 8192 Messages Dropped: 0 Messages Queued: 0 Subsystem Name: Log Class: NS_LS_LOGGING ERROR DISASTER NS_LS_NFT ERROR DISASTER NS_LS_LOOPBACK ERROR DISASTER NS_LS_NI ERROR DISASTER NS_LS_IPC ERROR DISASTER NS_LS_SOCKREGD ERROR DISASTER NS_LS_TCP ERROR DISASTER NS_LS_PXP ERROR DISASTER NS_LS_UDP ERROR DISASTER NS_LS_IP ERROR DISASTER NS_LS_PROBE ERROR DISASTER NS_LS_DRIVER ERROR DISASTER NS_LS_RLBD ERROR DISASTER NS_LS_BUFS ERROR DISASTER NS_LS_CASE21 ERROR DISASTER NS_LS_ROUTER21 ERROR DISASTER NS_LS_NFS ERROR DISASTER NS_LS_NETISR ERROR DISASTER NS_LS_NSE ERROR DISASTER NS_LS_STRLOG ERROR DISASTER NS_LS_TIRDWR ERROR DISASTER NS_LS_TIMOD ERROR DISASTER NS_LS_ICMP ERROR DISASTER FILTER ERROR DISASTER NAME ERROR DISASTER NS_LS_IGMP ERROR DISASTER FC ERROR DISASTER FORMATTER ERROR DISASTER STREAMS ERROR DISASTER BASE100 ERROR DISASTER PCI100BT ERROR DISASTER SPP100BT ERROR DISASTER Tracing Information: Trace Filename: /tmp/net1.TRC* Max Trace file size(Kbytes): 61440 User's ID: 0 Buffer Size: 69632 Messages Dropped: 0 Messages Queued: 0 Subsystem Name: Trace Mask: NS_LS_TCP 0xFFFF0000 # ls -l net* -rw------- 1 root sys 82708 Mar 4 14:21 net1.TRC0 # nettl -traceoff -e all # nettl -stop #
抓完包后就要开始解析了,我们用netfmt工具来查看捕获到的包。我们用netfmt工具解析抓到的包的结果重定向到一个文件里,然后用vi查看:
# netfmt -N -l -f /tmp/net1.TRC* > net1.log
# vi net1.log
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ARPA/9000 NETWORKING^^^^^^^^^^^^^^^^^^^^^^^^^^@#%
Timestamp : Mon Mar 04 EAT 2013 14:20:31.574886
Process ID : [ICS] Subsystem : NS_LS_TCP
User ID ( UID ) : -1 Trace Kind : PDU IN TRACE
Device ID : -1 Path ID : 0
Connection ID : 0
Location : 00123
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------------------------- TCP Header ----------------------------------
sport: 22 --> dport: 64329 flags: PUSH ACK
seq: 0xf3d150c6 urp: 0x0 chksum: 0x5f1e data len: 272
ack: 0x7042bcdd win: 0x60f4 optlen: 0
-------------------------------- User Data -----------------------------------
0: 2f 73 e5 c8 9a f9 04 43 76 bc 4a cd 8e 43 24 15 /s.....Cv.J..C$.
16: f0 ab 62 d6 7a 65 ce b7 11 44 43 ce 1a 94 a7 13 ..b.ze...DC.....
32: 97 85 57 3d 6e bf bf ed 21 e2 ed 44 b3 35 d2 02 ..W=n...!..D.5..
48: f9 ea f1 d1 22 83 6c c2 90 90 78 c1 d4 9c 5a 32 ....".l...x...Z2
64: 0e b3 87 11 70 0b d2 79 de d3 1e 75 f8 ec c7 92 ....p..y...u....
80: 5b d3 d2 06 15 7e 14 83 38 22 3f 74 6b 07 11 c0 [....~..8"?tk...
96: 84 77 37 b5 9d 58 63 01 85 85 d6 53 2e 54 c4 68 .w7..Xc....S.T.h
112: 89 ab 09 a1 e2 0c 0b 6b ee 10 c9 d4 cf 2c ba 49 .......k.....,.I
128: cc 40 a0 4c 1e 7a 48 bb 00 b6 d9 b5 61 40 44 bd [email protected]@D.
144: 08 fd a7 f9 ff d4 87 8c b0 7b e7 a6 12 b2 0c a6 .........{......
160: a5 15 5f 06 4d 32 dc 2f 0b 28 5d 54 9d 3e b8 4f .._.M2./.(]T.>.O
176: 52 c3 4c 9b 39 4f eb 65 c4 33 27 44 7b 34 97 40 R.L.9O.e.3'D{4.@
192: 0d 03 3f 5d 22 5e 5e 04 92 3e a5 18 32 54 2a 44 ..?]"^^..>..2T*D
208: 30 c3 7e f9 4b 20 93 22 40 16 b8 6a 72 7f 35 79 0.~.K ."@..jr.5y
224: a7 35 b2 79 09 31 c5 b7 48 d0 e8 ee 04 a6 32 db .5.y.1..H.....2.
240: 96 46 62 6e 19 6b c7 3d bc 43 f9 d2 0d c8 cd 06 .Fbn.k.=.C......
256: 94 0d b2 9a e1 3d df 56 d9 49 c6 54 fe 03 9c e5 .....=.V.I.T....