【原创】Cisco Nexus设备使用命令进行抓包排错

liu.zhimin

     提到抓包想毕大家不陌生，很多时候通过借助wireshark旁路镜像进行SPAN抓包，通过Cisco Nexus设备本身的命令也可以进行抓包，今天就分享给大家方法，以便大家在实际工作排错中使用。
1、Cisco Nexus Ethanalyzer介绍
2、Cisco Nexus Ethanalyzer命令

1. DC188(config)# ethanalyzer local ?
   
2.   <CR>                  
   
3.   brief                  display only protocol summary
   
4.   capture-filter         Filter on ethanalyzer capture
   
5.   decode-internal        Include internal system header decoding
   
6.   display-filter         Display filter on frames captured
   
7.   limit-captured-frames  maximum number of frames to be captured (default is 100)
   
8.   limit-frame-size       capture only a subset of a frame
   
9.   write                  filename to save capture to
   
10.   read                   filename to read capture from
    
11. 
    
12. DC188(config)# ethanalyzer local brief
    
13. Capturing on eth0
    
14. 00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d  Cost = 7 Port = 0x8030
    
15. 00:09:e9:bb:84:08 -> ab:00:00:02:00:00 0x6002 DEC DNA Remote Console
    
16. 00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41  Cost = 0 Port = 0x812c
    
17. 00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d  Cost = 7 Port = 0x8030
    
18. 00:0f:b5:08:21:2a -> ff:ff:ff:ff:ff:ff ARP Who has 172.25.45.17?  Tell 172.25.45.48
    
19. 00:18:ba:d8:37:41 -> 01:00:0c:cc:cc:cc CDP Device ID: TBM11124708  Port ID: Ethernet2/48  
    
20. 00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41  Cost = 0 Port = 0x812c
    

复制代码

1. DC3(config)# ethanalyzer local limit-captured-frames 1
   
2. Frame 1 (60 bytes on wire, 60 bytes captured)
   
3.     Arrival Time: Nov 11, 2007 12:27:44.73
   
4.     [Time delta from previous captured frame: 0.12 seconds]
   
5.     Frame Number: 5
   
6.     Frame Length: 60 bytes
   
7.     Capture Length: 60 bytes
   
8.     [Frame is marked: False]
   
9.     [Protocols in frame: eth:arp]
   
10. Ethernet II, Src: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    
11.     Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    
12.         Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
    
13.         .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    
14.         .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
    
15.     Source: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
    
16.         Address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
    
17.         .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    
18.         .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    
19.     Type: ARP (0x0806)
    
20.     Trailer: 4B58EA4A50140000DE8F0000020405B40101
    
21. Address Resolution Protocol (request)
    
22.     Hardware type: Ethernet (0x0001)
    
23.     Protocol type: IP (0x0800)
    
24.     Hardware size: 6
    
25.     Protocol size: 4
    
26.     Opcode: request (0x0001)
    
27.     Sender MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
    
28.     Sender IP address: 172.25.45.41 (172.25.45.41)
    
29.     Target MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
    
30.     Target IP address: 172.25.45.1 (172.25.45.1)
    

复制代码

1. DC3(config)# ethanalyzer local capture-filter “ip.src == 192.168.1.0/24”
   
2. Capturing on eth0
   
3. 192.168.1.101 -> 192.168.1.163 ICMP Echo (ping) request
   
4. 192.168.1.163 -> 192.168.1.101 ICMP Echo (ping) reply
   
5. 192.168.1.154 -> 192.168.1.163 ICMP Echo (ping) request
   
6. 192.168.1.163 -> 192.168.1.154 ICMP Echo (ping) reply
   
7.    
   
8. DC3(config)# ethanalyzer local display-filter “ip.src == 192.168.1.162 and icmp.type eq 8 ”
   
9. Capturing on eth0
   
10. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
11. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
12. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
13. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
14. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
15. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
16. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
17. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
18. 192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
    
19.    
    

复制代码

1. DC3(config)#ethanalyzer local decode-internal display-filter "arp" limit-captured-frames 1
   
2. Capturing on eth0
   
3. Seq no. is 6
   
4. Class of service is 0
   
5. Cos field is defaut
   
6. Type of Frame: Ethernet
   
7. Frame recieved is not a 802.1Q Token Ring encaptulation
   
8. IP Field Overwrite(IPO) FALSE
   
9. Central Rewrite: Packet was sourced by a central rewrite engine
   
10. Trusted: From a QoS perspective
    
11. vlan_id is 0
    
12. ignore_qoso: Output QoS should not be applied to this frame
    
13. ignore_acli: input ACLs should not be applied to this frame
    
14. Port_qos: QoS for this frame should be based on source index rather than VLAN
    
15. Source index is: 92
    
16. Bundle Port: 0
    
17. Frame Length(including CRC of frame and excluding first header word in bytes): 46312
    
18. Ethernet V2.0
    
19. <snip>
    
20. 
    

复制代码

LHuangHuang9664

好资料，学习了