标签:capture service SUCCESS -- trex 详解 x00 抓包
trex在service模式下提供了几种抓包分析的方式,其抓包原理如下图所示:
- 通过console的方式来抓包
- 方式一:
trex>service
Enabling service mode on port(s): [0, 1] [SUCCESS]
6.72 [ms]
trex(service)>capture monitor start --rx 1 -v
Starting stdout capture monitor - verbose: 'high' [SUCCESS]
*** use 'capture monitor stop' to abort capturing... ***
trex(service)>arp -p 3
arp - port(s) [3]: invalid port IDs
trex(service)>arp -p 1
Resolving destination on port(s) [1]: [SUCCESS]
Port 1 - Recieved ARP reply from: 20.20.20.1, hw: 00:50:56:c0:00:02
459.79 [ms]
trex(service)>
#1 Port: 1 ◀── RX
trex(service)>
Type: ARP, Size: 60 B, TS: 16.03 [sec]
trex(service)> ###[ Ethernet ]###
dst = 00:0c:29:69:39:76
src = 00:50:56:c0:00:02
type = ARP
###[ ARP ]###
hwtype = 0x1
ptype = IPv4
hwlen = 6
plen = 4
op = is-at
hwsrc = 00:50:56:c0:00:02
psrc = 20.20.20.1
hwdst = 00:0c:29:69:39:76
pdst = 20.20.20.2
###[ Padding ]###
load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
停止抓包:
trex(service)>capture monitor stop
Stopping capture monitor [SUCCESS]
trex(service)>
- 方式二:
trex(service)>capture monitor start --rx 1 -f udp -p (1)
Starting pipe capture monitor [SUCCESS]
Trying to locate Wireshark [SUCCESS]
Checking permissions on '/usr/bin/dumpcap' [SUCCESS]
Launching '/usr/bin/wireshark -k -i /tmp/tmputa4jf3c' [SUCCESS] (2)
Waiting for Wireshark pipe connection [SUCCESS] (3)
*** Capture monitoring started *** (4)
trex(service)>arp (5)
Resolving destination on port(s) [0, 1]: [SUCCESS]
Port 0 - Recieved ARP reply from: 4.4.4.4, hw: 90:e2:ba:af:13:89
Port 1 - Recieved ARP reply from: 3.3.3.3, hw: 90:e2:ba:af:13:88
Port 2 - Recieved ARP reply from: 2.2.2.2, hw: 90:e2:ba:ae:88:b9
Port 3 - Recieved ARP reply from: 1.1.1.1, hw: 90:e2:ba:ae:88:b8
- 方式三:
trex(service)>capture record start --rx 3 --limit 200 (1)
Starting packet capturing up to 200 packets [SUCCESS]
*** Capturing ID is set to '4' *** (2)
*** Please call 'capture record stop --id 4 -o <out.pcap>' when done ***
trex(service)>capture (3)
Active Recorders
ID | Status | Packets | Bytes | TX Ports | RX Ports
------------------------------------------------------------------------------------------------------
4 | ACTIVE | [0/200] | 0 B | - | 3
trex(service)>start -f stl/imix.py -m 1kpps -p 0 --force (4)
Removing all streams from port(s) [0]: [SUCCESS]
Attaching 3 streams to port(s) [0]: [SUCCESS]
Starting traffic on port(s) [0]: [SUCCESS]
20.42 [ms]
trex(service)>capture (5)
Active Recorders
ID | Status | Packets | Bytes | TX Ports | RX Ports
------------------------------------------------------------------------------------------------------
4 | ACTIVE | [200/200] | 74.62 KB | - | 3
trex(service)>capture record stop --id 4 -o /tmp/rx_3.pcap (6)
Stopping packet capture 4 [SUCCESS]
Writing 200 packets to '/tmp/rx_3.pcap' [SUCCESS]
Removing PCAP capture 4 from server [SUCCESS]
trex(service)>
添加filter的方式抓包
trex(service)>capture record start --rx 3 --limit 0 -f udp and src 5000
Starting packet capturing up to 0 packets [SUCCESS]
*** Capturing ID is set to '14' ***
*** Please call 'capture record stop --id 14 -o <out.pcap>' when done ***
trex(service)>capture
Active Recorders
ID | Status | Matched | Packets | Bytes | RX Ports | BPF Filter
-------------------------------------------------------------------------------------------------------
14 | ACTIVE | 0 | [0/0] | 0 B | 3 | udp and src 5000
trex(service)>
标签:capture,service,SUCCESS,--,trex,详解,x00,抓包 来源: https://www.cnblogs.com/liudf0716/p/16177729.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。