请选择 进入手机版 | 继续访问电脑版

设为首页 收藏本站
思科社区 关注
思科社区

搜索
热搜: 邮件服务器
查看: 495|回复: 1

【原创】Cisco Nexus设备使用命令进行抓包排错

[复制链接]
发表于 2021-2-28 21:52:09 | 显示全部楼层 |阅读模式
本帖最后由 liu.zhimin 于 2021-2-28 21:52 编辑

     提到抓包想毕大家不陌生,很多时候通过借助wireshark旁路镜像进行SPAN抓包,通过Cisco Nexus设备本身的命令也可以进行抓包,今天就分享给大家方法,以便大家在实际工作排错中使用。
1、Cisco Nexus Ethanalyzer介绍
2、Cisco Nexus Ethanalyzer命令
  1. DC188(config)# ethanalyzer local ?
  2.   <CR>                  
  3.   brief                  display only protocol summary
  4.   capture-filter         Filter on ethanalyzer capture
  5.   decode-internal        Include internal system header decoding
  6.   display-filter         Display filter on frames captured
  7.   limit-captured-frames  maximum number of frames to be captured (default is 100)
  8.   limit-frame-size       capture only a subset of a frame
  9.   write                  filename to save capture to
  10.   read                   filename to read capture from

  11. DC188(config)# ethanalyzer local brief
  12. Capturing on eth0
  13. 00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d  Cost = 7 Port = 0x8030
  14. 00:09:e9:bb:84:08 -> ab:00:00:02:00:00 0x6002 DEC DNA Remote Console
  15. 00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41  Cost = 0 Port = 0x812c
  16. 00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d  Cost = 7 Port = 0x8030
  17. 00:0f:b5:08:21:2a -> ff:ff:ff:ff:ff:ff ARP Who has 172.25.45.17?  Tell 172.25.45.48
  18. 00:18:ba:d8:37:41 -> 01:00:0c:cc:cc:cc CDP Device ID: TBM11124708  Port ID: Ethernet2/48  
  19. 00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41  Cost = 0 Port = 0x812c
复制代码
  1. DC3(config)# ethanalyzer local limit-captured-frames 1
  2. Frame 1 (60 bytes on wire, 60 bytes captured)
  3.     Arrival Time: Nov 11, 2007 12:27:44.73
  4.     [Time delta from previous captured frame: 0.12 seconds]
  5.     Frame Number: 5
  6.     Frame Length: 60 bytes
  7.     Capture Length: 60 bytes
  8.     [Frame is marked: False]
  9.     [Protocols in frame: eth:arp]
  10. Ethernet II, Src: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
  11.     Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
  12.         Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
  13.         .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
  14.         .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
  15.     Source: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
  16.         Address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
  17.         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
  18.         .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
  19.     Type: ARP (0x0806)
  20.     Trailer: 4B58EA4A50140000DE8F0000020405B40101
  21. Address Resolution Protocol (request)
  22.     Hardware type: Ethernet (0x0001)
  23.     Protocol type: IP (0x0800)
  24.     Hardware size: 6
  25.     Protocol size: 4
  26.     Opcode: request (0x0001)
  27.     Sender MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
  28.     Sender IP address: 172.25.45.41 (172.25.45.41)
  29.     Target MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
  30.     Target IP address: 172.25.45.1 (172.25.45.1)
复制代码
  1. DC3(config)# ethanalyzer local capture-filter “ip.src == 192.168.1.0/24”
  2. Capturing on eth0
  3. 192.168.1.101 -> 192.168.1.163 ICMP Echo (ping) request
  4. 192.168.1.163 -> 192.168.1.101 ICMP Echo (ping) reply
  5. 192.168.1.154 -> 192.168.1.163 ICMP Echo (ping) request
  6. 192.168.1.163 -> 192.168.1.154 ICMP Echo (ping) reply
  7.    
  8. DC3(config)# ethanalyzer local display-filter “ip.src == 192.168.1.162 and icmp.type eq 8 ”
  9. Capturing on eth0
  10. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  11. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  12. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  13. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  14. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  15. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  16. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  17. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  18. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
  19.    
复制代码
  1. DC3(config)#ethanalyzer local decode-internal display-filter "arp" limit-captured-frames 1
  2. Capturing on eth0
  3. Seq no. is 6
  4. Class of service is 0
  5. Cos field is defaut
  6. Type of Frame: Ethernet
  7. Frame recieved is not a 802.1Q Token Ring encaptulation
  8. IP Field Overwrite(IPO) FALSE
  9. Central Rewrite: Packet was sourced by a central rewrite engine
  10. Trusted: From a QoS perspective
  11. vlan_id is 0
  12. ignore_qoso: Output QoS should not be applied to this frame
  13. ignore_acli: input ACLs should not be applied to this frame
  14. Port_qos: QoS for this frame should be based on source index rather than VLAN
  15. Source index is: 92
  16. Bundle Port: 0
  17. Frame Length(including CRC of frame and excluding first header word in bytes): 46312
  18. Ethernet V2.0
  19. <snip>

复制代码



本帖子中包含更多资源

您需要 思科 CCO 登录 才可以下载或查看,没有帐号?思科 CCO 注册   

x
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分5 (1 评价)
发表于 2021-3-10 20:57:08 | 显示全部楼层
好资料,学习了
  • 1
  • 2
  • 3
  • 4
  • 5
  • 1
  • 2
  • 3
  • 4
  • 5
平均得分0 (0 评价)
您需要登录后才可以回帖 思科 CCO 登录 | 思科 CCO 注册   

本版积分规则

Archiver | 思科社区  

GMT+8, 2021-4-13 15:52 , Processed in 0.072533 second(s), 31 queries .

京ICP备11014401号-17

© 2020 思科系统.版权所有 重要声明 | 保密声明 | 隐私权政策 | 商标 |

快速回复 返回顶部 返回列表