trex抓包过程详解
trex在service模式下提供了几种抓包分析的方式,其抓包原理如下图所示:
- 通过console的方式来抓包
- 方式一:
trex>service
Enabling service mode on port(s): [0, 1] [SUCCESS]
6.72 [ms]
trex(service)>capture monitor start --rx 1 -v
Starting stdout capture monitor - verbose: 'high' [SUCCESS]
*** use 'capture monitor stop' to abort capturing... ***
trex(service)>arp -p 3
arp - port(s) [3]: invalid port IDs
trex(service)>arp -p 1
Resolving destination on port(s) [1]: [SUCCESS]
Port 1 - Recieved ARP reply from: 20.20.20.1, hw: 00:50:56:c0:00:02
459.79 [ms]
trex(service)>
#1 Port: 1 ◀── RX
trex(service)>
Type: ARP, Size: 60 B, TS: 16.03 [sec]
trex(service)> ###[ Ethernet ]###
dst = 00:0c:29:69:39:76
src = 00:50:56:c0:00:02
type = ARP
###[ ARP ]###
hwtype = 0x1
ptype = IPv4
hwlen = 6
plen = 4
op = is-at
hwsrc = 00:50:56:c0:00:02
psrc = 20.20.20.1
hwdst = 00:0c:29:69:39:76
pdst = 20.20.20.2
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
第一步,启用service模式
第二步,启用port 1上抓接收包,如果要抓发送包则用如下命令:
trex(service)>capture monitor start --tx 1 -v
停止抓包:
trex(service)>capture monitor stop
Stopping capture monitor [SUCCESS]
trex(service)>
- 方式二:
trex(service)>capture monitor start --rx 1 -f udp -p (1)
Starting pipe capture monitor [SUCCESS]
Trying to locate Wireshark [SUCCESS]
Checking permissions on '/usr/bin/dumpcap' [SUCCESS]
Launching '/usr/bin/wireshark -k -i /tmp/tmputa4jf3c' [SUCCESS] (2)
Waiting for Wireshark pipe connection [SUCCESS] (3)
*** Capture monitoring started *** (4)
trex(service)>arp (5)
Resolving destination on port(s) [0, 1]: [SUCCESS]
Port 0 - Recieved ARP reply from: 4.4.4.4, hw: 90:e2:ba:af:13:89
Port 1 - Recieved ARP reply from: 3.3.3.3, hw: 90:e2:ba:af:13:88
Port 2 - Recieved ARP reply from: 2.2.2.2, hw: 90:e2:ba:ae:88:b9
Port 3 - Recieved ARP reply from: 1.1.1.1, hw: 90:e2:ba:ae:88:b8
- 方式三:
trex(service)>capture record start --rx 3 --limit 200 (1)
Starting packet capturing up to 200 packets [SUCCESS]
*** Capturing ID is set to '4' *** (2)
*** Please call 'capture record stop --id 4 -o <out.pcap>' when done ***
trex(service)>capture (3)
Active Recorders
ID | Status | Packets | Bytes | TX Ports | RX Ports
------------------------------------------------------------------------------------------------------
4 | ACTIVE | [0/200] | 0 B | - | 3
trex(service)>start -f stl/imix.py -m 1kpps -p 0 --force (4)
Removing all streams from port(s) [0]: [SUCCESS]
Attaching 3 streams to port(s) [0]: [SUCCESS]
Starting traffic on port(s) [0]: [SUCCESS]
20.42 [ms]
trex(service)>capture (5)
Active Recorders
ID | Status | Packets | Bytes | TX Ports | RX Ports
------------------------------------------------------------------------------------------------------
4 | ACTIVE | [200/200] | 74.62 KB | - | 3
trex(service)>capture record stop --id 4 -o /tmp/rx_3.pcap (6)
Stopping packet capture 4 [SUCCESS]
Writing 200 packets to '/tmp/rx_3.pcap' [SUCCESS]
Removing PCAP capture 4 from server [SUCCESS]
trex(service)>
添加filter的方式抓包
trex(service)>capture record start --rx 3 --limit 0 -f udp and src 5000
Starting packet capturing up to 0 packets [SUCCESS]
*** Capturing ID is set to '14' ***
*** Please call 'capture record stop --id 14 -o <out.pcap>' when done ***
trex(service)>capture
Active Recorders
ID | Status | Matched | Packets | Bytes | RX Ports | BPF Filter
-------------------------------------------------------------------------------------------------------
14 | ACTIVE | 0 | [0/0] | 0 B | 3 | udp and src 5000
trex(service)>
浙公网安备 33010602011771号