请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科服务支持社区 点击关注
思科服务支持社区

  
 找回密码
 立即注册

扫一扫,访问微社区

搜索
热搜: 邮件服务器
查看: 437|回复: 1

【原创】ethanalyzer工具确认到达CPU的数据包来自哪个物理接口

[复制链接]
发表于 2018-5-31 21:16:51 | 显示全部楼层 |阅读模式
本帖最后由 yondong 于 2018-5-31 21:19 编辑

注:本方法只适用于对到达CPU的数据包进行入向接口分析,无法对穿越流量进行分析。

操作分析示例如下:
一 部署ethanalyzer
N9K# ethanalyzer local interface inband decode-internal limit-captured-frames 0 detail

二 抓包示例
CPU-inbound Broadcom RCPU (88650)
    Signature: 0x5555
    Operation: TOCPU Packet (0x10)
    Flags: 0x04, modhdr
        .... ...0 = reply: False
        .... ..0. = minipkt: False
        .... .1.. = modhdr: True
        .... 0... = fail: False
        ...0 .... = parity_err: False
        ..0. .... = busy: False
        .0.. .... = truncated: False
        0... .... = jumbo: False
    Transaction
        TransID: 0x0000
        Datalen: 70
        Replen: 0
        Reserved: 0x00000000
    Reason High: 0x00000000
    Reason: 0x00080000
    .... .... = cpu opcode type: 0
    .... 0001 0010 1100 = outer_vid: 300
    .... 0111 1110 0010 = queue_num: 2018
    10.. .... = Hgi intf Indicator: 2
    ..00 0000 00.. .... = Match Rule: 0
    ..00 0000 0100 1010 = Packet Length: 74
    .001 1010 = Source Port: 26
    START: 0xfb
    0000 .... = Traffic Class: 0x00
    .... 0... = Multicast: 0x00
    .... .000 = Reserved 1: 0x00
    DST MODID/MGID_MSB: 28
    DST PORT/MGID_LSB: 17
    SRC MODID: 28
    SRC PORT: 17
    Load Balancing ID: 0
    000. .... = PPD Type: 0x00
    ...0 0... = Reserved 2: 0x00
    .... .0.. = EHV: 0x00
    .... ..00 = DP: 0x00
    0... .... = Mirror: 0x00
    .0.. .... = Mirror done: 0x00
    ..1. .... = Mirror only: 0x01
    ...0 .... = Ingress tagged: 0x00
    .... 000. = Dst tgid: 0x00
    .... ...0 = Dst t: 0x00
    0010 .... = vc_label_19_16: 0x02
    .... 0... = label_present: 0x00
    .... .0.. = l3: 0x00
    .... ..00 = rsvd3: 0x00
    vc_label_15_8: 0x00
    vc_label_0_7: 0x00
    .... 0001 = VLAN ID Hi: 0x01
    ...0 .... = VLAN CFI: 0x00
    000. .... = VLAN Priority: 0x00
    0010 1100 = VLAN ID Li: 0x2c
    00.. .... = OPCODE: 0x00
    ...0 0... = Reserved 5: 0x00
    .... .0.. = SRC_T: 0x00
    .... ..01 = Port Filtering Mode: 0x01
    0000 0... = Reserved 6: 0x00
    .... .000 = HDR Extension Len: 0
    PAD1: 1880752384
    PAD2: 67108992
    PAD3: 0
    PAD4: 2215247872
Ethernet II, Src: 00:24:ac:0e:f8:00 (00:24:ac:0e:f8:00), Dst: 00:00:0c:07:ac:fe (00:00:0c:07:ac:fe)
    Destination: 00:00:0c:07:ac:fe (00:00:0c:07:ac:fe)
        Address: 00:00:0c:07:ac:fe (00:00:0c:07:ac:fe)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Source: 00:24:ac:0e:f8:00 (00:24:ac:0e:f8:00)
        Address: 00:24:ac:0e:f8:00 (00:24:ac:0e:f8:00)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    Type: 802.1Q Virtual LAN (0x8100)
802.1Q Virtual LAN, PRI: 0, CFI: 0, ID: 300
    000. .... .... .... = Priority: 0
    ...0 .... .... .... = CFI: 0
    .... 0001 0010 1100 = ID: 300
    Type: IP (0x0800)
Internet Protocol, Src: 134.32.114.9 (134.32.114.9), Dst: 134.32.114.253 (134.32.114.253)
    Version: 4
    Header length: 20 bytes
    Differentiated Services Field: 0x10 (DSCP 0x04: Unknown DSCP; ECN: 0x00)
        0001 00.. = Differentiated Services Codepoint: Unknown (0x04)
        .... ..0. = ECN-Capable Transport (ECT): 0
        .... ...0 = ECN-CE: 0
    Total Length: 52
    Identification: 0x0000 (0)
    Flags: 0x02 (Don't Fragment)
        0.. = Reserved bit: Not Set
        .1. = Don't fragment: Set
        ..0 = More fragments: Not Set
    Fragment offset: 0
    Time to live: 62
    Protocol: TCP (0x06)
    Header checksum: 0x4b6d [correct]
        [Good: True]
        [Bad : False]
    Source: 134.32.114.9 (134.32.114.9)
    Destination: 134.32.114.253 (134.32.114.253)

三 查看端口映射表
N9K# show interface hardware-mappings
Legends:
       SMod  - Source Mod. 0 is N/A
       Unit  - Unit on which port resides. N/A for port channels
       HPort - Hardware Port Number or Hardware Trunk Id:
       FPort - Fabric facing port number. 255 means N/A
       NPort - Front panel port number
       VPort - Virtual Port Number. -1 means N/A
--------------------------------------------------------------------
Name       Ifindex  Smod Unit HPort FPort NPort VPort
--------------------------------------------------------------------
Eth10/1    1a480000 28   0    17    255   0     -1   
Eth10/2    1a480200 28   0    18    255   1     -1   
Eth10/3    1a480400 28   0    19    255   2     -1  
Eth10/4    1a480600 28   0    20    255   3     -1  
Eth10/5    1a480800 28   0    21    255   4     -1  

四 结论
上到CPU的,源目分别为134.32.114.9和134.32.114.253的数据包,入向端口为Eth10/1



  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分5 (3 评价)
发表于 2018-6-16 16:05:33 | 显示全部楼层
学习了,感谢楼主分享
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver | 思科服务支持社区  

GMT+8, 2018-6-25 21:42 , Processed in 0.084528 second(s), 31 queries .

京ICP备09041801号-187

版权所有 :copyright:1992-2019 思科系统  重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表