16. You are logged on as the rootuser and issue the command:
# snoop v i filename
What two statements about the effect of the output of this command are true? (Choose two.)
A. snoopdisplays packets from filename instead of the network
B. snoopdisplays one line for each packet.
C. snoopdisplays multiple lines for each packet.
D. snoopverifies each packet.
E. snoopis launched in interactive mode.
Answer: AC
===================================================
bash-3.00# touch /wd/snoop3
bash-3.00# snoop -v -i snoop3
snoop: couldn't mmap snoop3: Invalid argument
bash-3.00# snoop -v -i /wd/snoop
=================
bash-3.00# snoop -q -o /wd/snoop
Using device /dev/e1000g (promiscuous mode)
^C
bash-3.00#
这边就是把snoop输出到/wd/snoop
===================
查看/wd/snoop
bash-3.00# snoop -v -i /wd/snoop
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 17:50:13.30834
ETHER: Packet size = 62 bytes
ETHER: Destination = 0:e3:74:27:1b:63,
ETHER: Source = 0:21:5:37:90:2a,
ETHER: Ethertype = 8864 (PPPoE Session)
ETHER:
PPPoE: ----- PPP Over Ethernet -----
PPPoE:
PPPoE: Version = 1
PPPoE: Type = 1
PPPoE: Code = 0 (Session)
PPPoE: Session Id = 1
PPPoE: Length = 42 bytes
PPPoE:
PPP: ----- Point-to-Point Protocol -----
PPP:
PPP: Protocol = 0x21 (IP)
PPP:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x40
IP: xxx. .... = 2 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 40 bytes
IP: Identification = 47665
IP: Flags = 0x0
IP: .0.. .... = may fragment
-------------------------------------------------------------------------------------------
root@wkst01 # man snoop
Reformatting page. Please Wait... done
System Administration Commands snoop(1M)
NAME
snoop - capture and inspect network packets
SYNOPSIS
snoop [-aqrCDNPSvV] [-t [r | a | d]] [-c maxcount]
[-d device] [-i filename] [-n filename] [-o filename]
[-p first [, last]] [-s snaplen] [-x offset [, length]]
[expression]
DESCRIPTION
snoop captures packets from the network and displays their
contents. snoop uses both the network packet filter and
streams buffer modules to provide efficient capture of pack-
ets from the network. Captured packets can be displayed as
they are received, or saved to a file (which is RFC 1761-
compliant) for later inspection.
snoop can display packets in a single-line summary form or
in verbose multi-line forms. In summary form, with the
exception of certain VLAN packets, only the data pertaining
to the highest level protocol is displayed. If a packet has
a VLAN header and its VLAN ID is non-zero, then snoop will
show that the packet is VLAN tagged. For example, an NFS
packet will have only NFS information displayed. Except for
VLAN information under the condition just described, the
underlying RPC, UDP, IP, and Ethernet frame information is
suppressed, but can be displayed if either of the verbose
options are chosen.
In the absence of a name service, such as LDAP or NIS, snoop
displays host names as numeric IP addresses.
snoop requires an interactive interface.
snoop简单的说就是 能从网络上抓包,并且查看包的内容,然后分析包的内容。
我是这么理解的。
阅读(1445) | 评论(0) | 转发(0) |