Chinaunix首页 | 论坛 | 博客
  • 博客访问: 885314
  • 博文数量: 339
  • 博客积分: 3151
  • 博客等级: 中校
  • 技术积分: 3425
  • 用 户 组: 普通用户
  • 注册时间: 2010-10-10 14:47
文章分类

全部博文(339)

文章存档

2023年(43)

2022年(44)

2021年(3)

2020年(13)

2019年(39)

2018年(25)

2015年(2)

2014年(18)

2013年(12)

2012年(48)

2011年(79)

2010年(13)

16

分类: 系统运维

2011-07-06 17:53:49

16. You are logged on as the rootuser and issue the command: 
# snoop ­v ­i    filename 
What two statements about the effect of the output of this command are true? (Choose two.) 
A. snoopdisplays packets from    filename      instead of the network 
B. snoopdisplays one line for each packet. 
C. snoopdisplays multiple lines for each packet. 
D. snoopverifies each packet. 
E. snoopis launched in interactive mode. 
Answer: AC 
===================================================
bash-3.00# touch /wd/snoop3
bash-3.00# snoop -v -i snoop3
snoop: couldn't mmap snoop3: Invalid argument
 
bash-3.00# snoop -v -i /wd/snoop
=================
bash-3.00# snoop -q -o /wd/snoop
Using device /dev/e1000g (promiscuous mode)
^C
bash-3.00#
这边就是把snoop输出到/wd/snoop
===================
查看/wd/snoop
bash-3.00# snoop -v -i /wd/snoop
ETHER:  ----- Ether Header -----
ETHER: 
ETHER:  Packet 1 arrived at 17:50:13.30834
ETHER:  Packet size = 62 bytes
ETHER:  Destination = 0:e3:74:27:1b:63,
ETHER:  Source      = 0:21:5:37:90:2a,
ETHER:  Ethertype = 8864 (PPPoE Session)
ETHER: 
PPPoE:  ----- PPP Over Ethernet -----
PPPoE: 
PPPoE:  Version = 1
PPPoE:  Type = 1
PPPoE:  Code = 0 (Session)
PPPoE:  Session Id = 1
PPPoE:  Length = 42 bytes
PPPoE: 
PPP:    ----- Point-to-Point Protocol -----
PPP:   
PPP:    Protocol = 0x21 (IP)
PPP:   
IP:   ----- IP Header -----
IP:  
IP:   Version = 4
IP:   Header length = 20 bytes
IP:   Type of service = 0x40
IP:         xxx. .... = 2 (precedence)
IP:         ...0 .... = normal delay
IP:         .... 0... = normal throughput
IP:         .... .0.. = normal reliability
IP:         .... ..0. = not ECN capable transport
IP:         .... ...0 = no ECN congestion experienced
IP:   Total length = 40 bytes
IP:   Identification = 47665
IP:   Flags = 0x0
IP:         .0.. .... = may fragment

-------------------------------------------------------------------------------------------

root@wkst01 # man snoop
Reformatting page.  Please Wait... done

System Administration Commands                          snoop(1M)

NAME
     snoop - capture and inspect network packets


SYNOPSIS
     snoop  [-aqrCDNPSvV] [-t [r |  a |  d]] [-c maxcount]
     [-d device] [-i filename] [-n filename] [-o filename]
     [-p first [, last]] [-s snaplen] [-x offset [, length]]
     [expression]

DESCRIPTION
     snoop captures packets from the network and  displays  their
     contents.  snoop  uses  both  the  network packet filter and
     streams buffer modules to provide efficient capture of pack-
     ets  from  the network. Captured packets can be displayed as
     they are received, or saved to a file (which  is  RFC  1761-
     compliant) for later inspection.

     snoop can display packets in a single-line summary  form  or
     in  verbose  multi-line  forms.  In  summary  form, with the
     exception of certain VLAN packets, only the data  pertaining
     to  the highest level protocol is displayed. If a packet has
     a VLAN header and its VLAN ID is non-zero, then  snoop  will
     show  that  the  packet  is VLAN tagged. For example, an NFS
     packet will have only NFS information displayed. Except  for
     VLAN  information  under  the  condition just described, the
     underlying RPC, UDP, IP, and Ethernet frame  information  is
     suppressed,  but  can  be displayed if either of the verbose
     options are chosen.

     In the absence of a name service, such as LDAP or NIS, snoop
     displays host names as numeric IP addresses.

     snoop requires an interactive interface.

snoop简单的说就是 能从网络上抓包,并且查看包的内容,然后分析包的内容。
我是这么理解的。


阅读(1445) | 评论(0) | 转发(0) |
0

上一篇:15

下一篇:35

给主人留下些什么吧!~~