Chinaunix首页 | 论坛 | 博客
  • 博客访问: 3387936
  • 博文数量: 631
  • 博客积分: 10716
  • 博客等级: 上将
  • 技术积分: 8397
  • 用 户 组: 普通用户
  • 注册时间: 2008-04-01 22:35
文章分类

全部博文(631)

文章存档

2020年(2)

2019年(22)

2018年(4)

2017年(37)

2016年(22)

2015年(1)

2013年(12)

2012年(20)

2011年(19)

2010年(20)

2009年(282)

2008年(190)

分类:

2008-05-24 11:42:19

2 packets captured
#

# snoop host1 host2
host1 -> host2 ICMP Echo request
host2 -> host1 ICMP Echo reply
使用snoop实用程序判定系统间实际上传送的什么信,判断网络畅通

# snoop -a dhcp
 Snoop 的使用

Snoop
Solaris 系统中自带的工具, 是一个用于显示网络通讯的程序,

可捕获IP 包并将其显示或保存到指定文件. (限超级用户使用
snoop)
Snoop
可将捕获的包以一行的形式加以总结或用多行加以详细的描述(有调用不同的参数-v -V来实现). 在总结方式下(-V ) , 将仅显示最高层的相关协

, 例如一个NFS 包将仅显示NFS 信息, 其低层的RPC, UDP, IP, Ethernet 帧信息将不会显示, 但是当加上相应的参数(-v ), 这些信息都能被显示出来
.
参数简介:

[ -a ] # Listen to packets on audio
[ -d device ] # settable to le?, ie?, bf?, tr?
[ -s snaplen ] # Truncate packets
[ -c count ] # Quit after count packets
[ -P ] # Turn OFF promiscuous mode
[ -D ] # Report dropped packets
[ -S ] # Report packet size
[ -i file ] # Read previously captured packets
[ -o file ] # Capture packets in file
[ -n file ] # Load addr-to-name table from file
[ -N ] # Create addr-to-name table
[ -t r|a|d ] # Time: Relative, Absolute or Delta
[ -v ] # Verbose packet display
[ -V ] # Show all summary lines
[ -p first[,last] ] # Select packet(s) to display
[ -x offset[,length] ] # Hex dump from offset for length
[ -C ] # Print packet filter code
由于snoop 的使用非常灵活, 希望能通过下面一些例子的学习来其常见用法
.
1.
监听所有以本机为源和目的的包并将其显示出来
.
# snoop
2.
监听所有以主机A为源和目的的包并将其显示出来. ( A为主机名, 下同
)
- 2 -
# snoop A
3.
监听所有AB之间的包并将其保存到文件
file.
# snoop -o file A B
4.
显示文件file 中指定的包
(99-108)
# snoop - i file -p 99,108
99 0.0027 boutique -> sunroof NFS C GETATTR FH=8E6C
100 0.0046 sunroof -> boutique NFS R GETATTR OK
101 0.0080 boutique -> sunroof NFS C RENAME FH=8E6C MTra00192
to .nfs08
102 0.0102 marmot -> viper NFS C LOOKUP FH=561E screen.r.13.i386
103 0.0072 viper -> marmot NFS R LOOKUP No such file or directory
104 0.0085 bugbomb -> sunroof RLOGIN C PORT=1023 h
105 0.0005 kandinsky -> sparky RSTAT C Get Statistics
106 0.0004 beeblebrox -> sunroof NFS C GETATTR FH=0307
107 0.0021 sparky -> kandinsky RSTAT R
108 0.0073 office -> jeremiah NFS C READ FH=2584 at 40960 for 8192
5.
详细查看文件file 中第101 个包
:
# snoop - i file - v -p101
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 101 arrived at 16:09:53.59
ETHER: Packet size = 210 bytes
ETHER: Destination = 8:0:20:1:3d:94, Sun
ETHER: Source = 8:0:69:1:5f:e, Silicon Graphics
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: ..0. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 196 bytes
IP: Identification 19846
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = more fragments
?
- 3 -
?
6.
查看主机A和主机B之间的NFS (命令中的and or 为相应的逻辑运

)
# snoop - i file rpc nfs and A and B
1 0.0000 A -> B NFS C GETATTR FH=8E6C
2 0.0046 B -> A NFS R GETATTR OK
3 0.0080 A -> B NFS C RENAME FH=8E6C MTra00192 to .nfs08
7.
将这些符合条件的包保存到另一文件file2
:
# snoop - i file -o file2 rpc nfs A B
8.
监听主机A和主机B间所有TCP 80 端口或UDP80端口的包

# snoop A and B and (tcp or udp) and port 80
9.
监听所有的广播包

# snoop broadcast
Using device /dev/hme (promiscuous mode)
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.
监听所有的多播包, 并显示详细内容
.
#snoop -v multicast
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 12:33:2.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
- 4 -
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14658
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ed38
IP: Source address = 10.10.10.50, 10.10.10.50
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 12:33:12.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14985
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ebf1
IP: Source address = 10.10.10.50, 10.10.10.50
- 5 -
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
11
.监听所有的NTP 协议包

# snoop |grep - i NTP
Using device /dev/hme (promiscuous mode)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:48:50 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:49:54 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:50:58 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:52:02 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:53:06 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:54:10 2002)
这里我们也可看到NTP server 每隔约一分钟即向多播地址广播一次
.

date
# date
2003
1012 星期日 100416
CST
CSTChinese Standard Time的缩写)

# date 10121003
设置时间为10121003


设备管理


软盘

#volcheck
fdformat [-dDeEfHlLmMUqvx] [-b label] [-B filename] [-t dos-
type] [devname] //
格式化


prtconf
# prtconf //
配置信息

System Configuration: Sun Microsystems i86pc
Memory size: 128 Megabytes //
内存

System Peripherals (Software Nodes):

i86pc
+boot (driver not attached)
memory (driver not attached)
aliases (driver not attached)
chosen (driver not attached)
i86pc-memory (driver not attached)
i86pc-mmu (driver not attached)
openprom (driver not attached)
options, instance #0
packages (driver not attached)
delayed-writes (driver not attached)
itu-props (driver not attached)
isa, instance #0
motherboard (driver not attached)
asy, instance #0
asy, instance #1
lp (driver not attached)
fdc, instance #0
fd, instance #0
fd, instance #1 (driver not attached)
i8042, instance #0
keyboard, instance #0
mouse, instance #0
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
bios (driver not attached)
bios (driver not attached)
bios (driver not attached)
pci, instance #0
pci15ad,1976 (driver not attached)
pci8086,7191 (driver not attached)
pci15ad,1976 (driver not attached)
pci-ide, instance #0
ide, instance #0
cmdk, instance #0
ide, instance #1
sd, instance #0
pci15ad,1976, instance #0
pci15ad,1976 (driver not attached)
display, instance #0
pci1022,2000, instance #0
pci1274,1371 (driver not attached)
used-resources (driver not attached)
objmgr, instance #0
cpus (driver not attached)
cpu, instance #0 (driver not attached)
pseudo, instance #0
#
# prtconf | grep Memory //
查看内存

Memory size: 128 Megabytes





arch
# arch -k //
了解体系结构

i86pc
uname
# uname -m
i86pc
# uname
SunOS
# uname -a
SunOS wing 5.9 Generic_112234-03 i86pc i386 i86pc


eject
#eject floppy

eeprom
#eeprom selftest -#megs=64 //
修改系统自检到的内存数


sysdef
#sysdef //
更详细的体系机构


df
# df -k //
显示当前所有已安装的文件系统上的文件数目和空闲块的数目

文件系统 千字节 用了 可用 容量 挂接在

/dev/dsk/c0d0s0 63127 36143 20672 64% /
/dev/dsk/c0d0s6 1201014 768820 372144 68% /usr
/proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
/dev/dsk/c0d0s3 55047 25258 24285 51% /var
swap 651040 24 651016 1% /var/run
swap 651016 0 651016 0% /tmp
/dev/dsk/c0d0s5 24239 15 21801 1% /opt
/dev/dsk/c0d0s7 2691830 122 2637872 1% /export/home
/dev/dsk/c0d0s1 462639 306816 109560 74% /usr/openwin
# df -a //
打印所有文件系统的信息

/ (/dev/dsk/c0d0s0 ): 53968
30100 文件

/usr (/dev/dsk/c0d0s6 ): 864388
261705 文件

/proc (/proc ): 0
1878 文件

/etc/mnttab (mnttab ): 0
0 文件

/dev/fd (fd ): 0

阅读(1115) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~