solaris自带snoop抓包工具,抓所有数据流

solaris自带snoop抓包工具,抓所有数据流

# snoop
Using device /dev/pcn0 (promiscuous mode)
192.168.8.18 -> 192.168.255.255 NBT NS Query Request for WORKGROUP[1c], Success
192.168.253.35 -> solaris TELNET C port=1246
solaris -> 192.168.253.35 TELNET R port=1246 Using device /dev/pc
solaris -> 192.168.253.35 TELNET R port=1246 Using device /dev/pc
192.168.4.150 -> (broadcast) ARP C Who is 192.168.4.200, 192.168.4.200 ?
192.168.4.200 -> (broadcast) ARP C Who is 192.168.4.150, 192.168.4.150 ?
#

抓源地址或目的为 202.101.98.55的数据流：

# snoop 202.101.98.55
Using device /dev/pcn0 (promiscuous mode)
192.168.253.35 -> dns.fz.fj.cn DNS C http://www.163.com/. Internet Addr ?
dns.fz.fj.cn -> 192.168.253.35 DNS R http://www.163.com/. Internet CNAME http://www.cache.split.netease.com/.

#

说明：internet cname 后的为解析http://www.163.com/的名字时，代表http://www.163.com/回答的主机的域名。

抓 192.168.253.35和202.101.98.55之间的数据流（双向都抓）

# snoop 192.168.253.35 202.101.98.55
Using device /dev/pcn0 (promiscuous mode)
192.168.253.35 -> dns.fz.fj.cn DNS C http://www.google.com/. Internet Addr ?
dns.fz.fj.cn -> 192.168.253.35 DNS R http://www.google.com/. Internet CNAME http://www.l.google.com/.
#

抓完存在当前目录下的cap文件中并查看

# snoop -o cap1 -P -P表示处在非混杂模式抓数据，只抓广播、主播、目的为本机的数据
Using device /dev/pcn0 (non promiscuous)
15 ^C 15的含义是：显示目前抓了多少个数据流
#

# snoop -i cap1
1 0.00000 192.168.253.35 -> solaris TELNET C port=1246
2 0.18198 192.168.253.35 -> solaris TELNET C port=1246
3 0.37232 192.168.4.199 -> 192.168.255.255 NBT Datagram Service Type=17 Source=WB-200[20]
4 0.00016 ? -> (multicast) ETHER Type=EF08 (Unknown), size = 180bytes
5 0.62546 192.168.253.35 -> solaris TELNET C port=1246
6 0.13822 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
7 0.06283 192.168.253.35 -> solaris TELNET C port=1246
8 0.90301 192.168.253.35 -> solaris TELNET C port=1246
9 0.19781 192.168.253.35 -> solaris TELNET C port=1246
10 0.81493 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
11 0.07018 192.168.253.35 -> solaris TELNET C port=1246
12 0.19939 192.168.253.35 -> solaris TELNET C port=1246
13 0.90151 192.168.253.35 -> solaris TELNET C port=1246
14 0.18904 192.168.253.35 -> solaris TELNET C port=1246
15 0.68422 ? -> (multicast) ETHER Type=0000 (LLC/802.3), size = 52 bytes
#snoop -i cap1 -p 10,12 只看10-12条记录

#snoop -i cap1 -p10 只看第10条记录

# snoop -i cap1 -v -p101 查看第10条数据流的包头的详细内容