tcpdump 抓包对报文编码设置和查看定位
转载注明出处:
1.监测是否有上报
root@controller176:~# tcpdump -i ens160 src host 192.168.118.13 and udp port 60162 -vv -X tcpdump: listening on ens160, link-type EN10MB (Ethernet), capture size 262144 bytes 01:42:23.228987 IP (tos 0xfc, ttl 255, id 25193, offset 0, flags [none], proto UDP (17), length 217) 192.168.118.13.38732 > tsdn1.60162: [udp sum ok] UDP, length 189 0x0000: 45fc 00d9 6269 0000 ff11 e99f c0a8 760d E...bi........v. 0x0010: c0a8 76b0 974c eb02 00c5 e1a3 3081 ba02 ..v..L......0... 0x0020: 0101 0406 7075 626c 6963 a781 ac02 0404 ....public...... 0x0030: d9e3 0002 0100 0201 0030 819d 3010 0608 .........0..0... 0x0040: 2b06 0102 0101 0300 4304 6548 c1c3 3019 +.......C.eH..0. 0x0050: 060a 2b06 0106 0301 0104 0100 060b 2b06 ..+...........+. 0x0060: 0102 010a 8126 0200 0230 3606 312b 0601 .....&...06.1+.. 0x0070: 0201 0a81 2602 010a 010a 0c05 0000 812c ....&.........., 0x0080: 1015 6120 0000 015a 0501 0006 8172 815e ..a....Z.....r.^ 0x0090: 0c05 0000 812c 1015 6120 0000 015a 0201 .....,..a....Z.. 0x00a0: 0230 3606 312b 0601 0201 0a81 2602 010a .06.1+......&... 0x00b0: 010a 0c05 0000 812c 1015 6120 0000 015a .......,..a....Z 0x00c0: 0501 0006 8172 815e 0c05 0000 812c 1015 .....r.^.....,.. 0x00d0: 6120 0000 015a 0201 02
-X
-
作用:以16进制和ASCII格式显示包内容
-
说明:同时显示16进制和对应的ASCII字符
2.将上报写入pcap,查看上报报文内容
tcpdump -i ens160 src host 192.168.118.11 and udp port 162 -vv -X -w r1.pcap
tcpdump -r r3.pcap
通过 tcpdump -r 读取抓包得内容,可以看到编码之后得抓包消息:
root@controller176:/zeng/logs# tcpdump -r r1.pcap reading from file r1.pcap, link-type EN10MB (Ethernet) 16:02:31.714953 IP 192.168.118.11.48017 > tsdn1.snmp-trap: V2Trap(626) system.sysUpTime.0=1689229564 S:1.1.4.1.0=192.0.1 192.1.2.1.2.12769912=23 192.1.2.1.3.12769912=4 192.1.2.1.4.12769912=1 192.1.2.1.5.12769912=07_e9_08_05_03_3a_11_00_00_00_2b_08_00 192.1.2.1.6.12769912="NJ-SCT-R01" 192.1.2.1.7.12769912="RM" 192.1.2.1.8.12769912="-" 192.1.2.1.9.12769912="RM_ADD_DEFAULTRT" 192.1.2.1.10.12769912=2 192.1.2.1.11.12769912="The default route is added.(AddrFamily=IPv4, VPN=default-vrf, ProcessID=10, Protocol=ISIS, SubProtocol=IS_L2(0x2), Interface=HundredGigE2/1/1, Nexthop=172.16.11.34, Neighbor=0.0.0.0, Preference=15, Cost=28030, NibID=0x14000024)." 192.1.3.1.4.12769912.1.12.83.121.115.76.111.99.64.50.53.53.48.54.4.83.108.111.116="0" 192.1.3.1.4.12769912.2.12.83.121.115.76.111.99.64.50.53.53.48.54.3.77.68.67="1"
3.只指定端口抓包:
root@controller176:/zeng/logs# tcpdump -nl -i any port 60162 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 01:55:04.225746 IP 192.168.111.31.9832 > 192.168.118.176.60162: UDP, length 749 01:55:04.325453 IP 192.168.118.200.161 > 192.168.118.176.60162: [len1468<asnlen1474] 01:55:04.327873 IP 192.168.118.200.161 > 192.168.118.176.60162: [len1468<asnlen1477] 01:55:04.331073 IP 192.168.118.176.60162 > 192.168.118.200.161: [len1468<asnlen1477] 01:55:04.457781 IP 192.168.111.31.9832 > 192.168.118.176.60162: UDP, length 637 01:55:04.493171 IP 192.168.118.200.161 > 192.168.118.176.60162: V2Trap(126) .1.3.6.1.2.1.1.3.0=2494166300 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.2.1.138.0.7 .1.3.6.1.2.1.138.1.10.1.1=2 .1.3.6.1.2.1.138.1.10.1.2=8273 .1.3.6.1.2.1.138.1.10.1.3=31_37_32_30_31_36_30_32_30_30_36_36_30_30_30_31_00 01:55:04.495203 IP 192.168.118.200.161 > 192.168.118.176.60162: Inform(129) .1.3.6.1.2.1.1.3.0=2494166300 .1.3.6.1.6.3.1.1.4.1.0=.1.3.6.1.2.1.138.0.7 .1.3.6.1.2.1.138.1.10.1.1=2 .1.3.6.1.2.1.138.1.10.1.2=8273 .1.3.6.1.2.1.138.1.10.1.3=31_37_32_30_31_36_30_32_30_30_36_36_30_30_30_31_00
4.只抓取前100个包:
tcpdump -nl -i any port 161 -c 100
5.显示ASCII格式内容:
tcpdump -nl -i any port 161 -A
浙公网安备 33010602011771号