取消
显示结果 
搜索替代 
您的意思是: 
cancel
3345
查看次数
10
有帮助
1
评论
liu_zhimin
Spotlight
Spotlight
本帖最后由 liu.zhimin 于 2021-2-28 21:52 编辑
提到抓包想毕大家不陌生,很多时候通过借助wireshark旁路镜像进行SPAN抓包,通过Cisco Nexus设备本身的命令也可以进行抓包,今天就分享给大家方法,以便大家在实际工作排错中使用。
1、Cisco Nexus Ethanalyzer介绍
214925v1edge7083eidd1x.png214925u3im7pvprrai7q4f.png214926r3a43292yhsfxak4.png2、Cisco Nexus Ethanalyzer命令
DC188(config)# ethanalyzer local ?

brief display only protocol summary
capture-filter Filter on ethanalyzer capture
decode-internal Include internal system header decoding
display-filter Display filter on frames captured
limit-captured-frames maximum number of frames to be captured (default is 100)
limit-frame-size capture only a subset of a frame
write filename to save capture to
read filename to read capture from
DC188(config)# ethanalyzer local brief
Capturing on eth0
00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d Cost = 7 Port = 0x8030
00:09:e9:bb:84:08 -> ab:00:00:02:00:00 0x6002 DEC DNA Remote Console
00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41 Cost = 0 Port = 0x812c
00:14:69:2b:df:8f -> 01:80:c2:00:00:00 STP Conf. Root = 8192/00:11:5d:cf:50:2d Cost = 7 Port = 0x8030
00:0f:b5:08:21:2a -> ff:ff:ff:ff:ff:ff ARP Who has 172.25.45.17? Tell 172.25.45.48
00:18:ba:d8:37:41 -> 01:00:0c:cc:cc:cc CDP Device ID: TBM11124708 Port ID: Ethernet2/48
00:18:ba:d8:37:41 -> 01:80:c2:00:00:00 STP RST. Root = 33020/00:18:ba:d8:37:41 Cost = 0 Port = 0x812c
DC3(config)# ethanalyzer local limit-captured-frames 1
Frame 1 (60 bytes on wire, 60 bytes captured)
Arrival Time: Nov 11, 2007 12:27:44.73
[Time delta from previous captured frame: 0.12 seconds]
Frame Number: 5
Frame Length: 60 bytes
Capture Length: 60 bytes
[Frame is marked: False]
[Protocols in frame: eth:arp]
Ethernet II, Src: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55), Dst: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Destination: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address: ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
.... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
.... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
Source: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
Address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
.... ...0 .... .... .... .... = IG bit: Individual address (unicast)
.... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
Type: ARP (0x0806)
Trailer: 4B58EA4A50140000DE8F0000020405B40101
Address Resolution Protocol (request)
Hardware type: Ethernet (0x0001)
Protocol type: IP (0x0800)
Hardware size: 6
Protocol size: 4
Opcode: request (0x0001)
Sender MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
Sender IP address: 172.25.45.41 (172.25.45.41)
Target MAC address: 00:c0:b7:78:d7:55 (00:c0:b7:78:d7:55)
Target IP address: 172.25.45.1 (172.25.45.1)
DC3(config)# ethanalyzer local capture-filter “ip.src == 192.168.1.0/24”
Capturing on eth0
192.168.1.101 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.163 -> 192.168.1.101 ICMP Echo (ping) reply
192.168.1.154 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.163 -> 192.168.1.154 ICMP Echo (ping) reply

DC3(config)# ethanalyzer local display-filter “ip.src == 192.168.1.162 and icmp.type eq 8 ”
Capturing on eth0
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request
192.168.1.162 -> 192.168.1.163 ICMP Echo (ping) request

DC3(config)#ethanalyzer local decode-internal display-filter "arp" limit-captured-frames 1
Capturing on eth0
Seq no. is 6
Class of service is 0
Cos field is defaut
Type of Frame: Ethernet
Frame recieved is not a 802.1Q Token Ring encaptulation
IP Field Overwrite(IPO) FALSE
Central Rewrite: Packet was sourced by a central rewrite engine
Trusted: From a QoS perspective
vlan_id is 0
ignore_qoso: Output QoS should not be applied to this frame
ignore_acli: input ACLs should not be applied to this frame
Port_qos: QoS for this frame should be based on source index rather than VLAN
Source index is: 92
Bundle Port: 0
Frame Length(including CRC of frame and excluding first header word in bytes): 46312
Ethernet V2.0


评论
LHuangHuang9664
Level 1
Level 1
好资料,学习了
入门指南

使用上面的搜索栏输入关键字、短语或问题,搜索问题的答案。

我们希望您在这里的旅程尽可能顺利,因此这里有一些链接可以帮助您快速熟悉思科社区:









快捷链接