Chinaunix首页 | 论坛 | 博客
  • 博客访问: 43860
  • 博文数量: 15
  • 博客积分: 350
  • 博客等级: 一等列兵
  • 技术积分: 180
  • 用 户 组: 普通用户
  • 注册时间: 2011-03-12 20:37
文章分类

全部博文(15)

文章存档

2011年(15)

我的朋友

分类: 系统运维

2011-08-22 17:02:18

一、ASA的inside,outside接口抓包
1、打开syslog
logging on
logging timestamp
logging trap information
logging host inside X.X.X.X(日志服务器)
Clear conn
Clear xlate
 
2、配置要抓包的数据流
点对点抓包
access-list cap permit ip host X.X.X.X host X.X.X.X
access-list cap permit ip host X.X.X.X host X.X.X.X
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
全局抓包
access-list cap permit ip any any
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
3、查看相关信息
show clock
show conn address X.X.X.X
show local-host X.X.X.X
show asp drop
show xlate
show capture
d)拷贝capture到tftp服务器上
copy /pcap capture:asa_cap_inside tftp://X.X.X.X/asa_inside.cap
copy /pcap capture:asa_cap_outside tftp://X.X.X.X/asa_outside.cap
 
4、取消capture
no capture asa_capture_inside_1
no capture asa_capture_outside_1
clear capture asa_capture_inside_1
clear capture asa_capture_outside_1
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host any any
二、交换机上抓包
1、交换机做span
configure terminal
monitor session 1 source interface fastethernet X/X/X
monitor session 1 destination interface fastethernet X/X/X
no monitor session X
show monitor

三、主机上抓包(linux)
tcpdump -s 0 -w /tmp/X.cap -i 网口 host X.X.X.X
tcpdump -nn -f host X.X.X.X and ! X.X.X.X
tcpdump -w test.cap -i 网口 tcp port 端口 or udp \( 端口 or 端口 \)
阅读(2778) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~