网络反常时抓包操作说明
<div style="color: black; text-align: left; margin-bottom: 10px;">
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>源服务器<span style="color: black;">拜访</span><span style="color: black;">目的</span>服务器<span style="color: black;">显现</span><span style="color: black;">反常</span>,<span style="color: black;">况且</span>参阅文档 ping 丢包或不通时链路测试明 和 能 ping 通但端口不通时端口可用性探测说明排查分析处理后,还是未能<span style="color: black;">处理</span>问题,则需要<span style="color: black;">经过</span>抓包获取最原始的交互数据做进一步排查分析。本文先介绍了常用的抓包工具,<span style="color: black;">而后</span>对抓包的操作<span style="color: black;">过程</span>进行了简要说明。本文不<span style="color: black;">触及</span>抓包数据的分析处理说明。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">常用抓包工具介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">按照</span>操作系统类型的<span style="color: black;">区别</span>,常用抓包工具分别简要介绍如下:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Linux 环境下的抓包工具介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Windows 环境下的抓包工具介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Linux 环境下的抓包工具介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Linux 环境下,<span style="color: black;">一般</span><span style="color: black;">经过</span> tcpdump 来进行抓包和分析。它是几乎所有 Linux 发行版本预装的数据包抓取和分析工具。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">tcpdump 工具的获取和安装<span style="color: black;">能够</span>参阅相应操作系统的官方文档,本文<span style="color: black;">再也不</span>详述。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">tcpdump </strong><strong style="color: blue;">的用法如下:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a790004dadf4d371eec~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=kjWVI0J8pRc7PL%2FnEA7QoHVYHDw%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">平常</span>参数说明(区分<span style="color: black;">体积</span>写):</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">-s 设置数据包抓取长度。<span style="color: black;">倘若</span>置为0,则<span style="color: black;">暗示</span>自动<span style="color: black;">选取</span>合适的长度来抓取数据包。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">-w将抓包结果导出到文件,而不是在<span style="color: black;">掌控</span>台进行分析和打印输出。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">-i 指定需要监听的接口(网卡)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">-vvv 输出<span style="color: black;">仔细</span>的数据交互信息。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">expression 一个正则表达式,用作过滤报文的<span style="color: black;">要求</span>。<span style="color: black;">重点</span><span style="color: black;">包括</span>如下几类:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">关于类型的关键字:<span style="color: black;">包含</span> host(主机),net(网络),port(端口)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">确定传输方向的关键字:<span style="color: black;">包含</span> src(源),dst(<span style="color: black;">目的</span>),dst or src(源或<span style="color: black;">目的</span>),dst and src(源和<span style="color: black;">目的</span>)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">运用</span>协议的关键字:<span style="color: black;">包含</span> icmp,ip,arp,rarp,tcp,udp等类型。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">更加多</span>参数说明及用法,<span style="color: black;">能够</span>参阅 tcpdump 的 man <span style="color: black;">帮忙</span>。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;"><span style="color: black;">平常</span>用法和示例输出:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1、抓取指定网卡指定端口的交互数据</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a770004e1c4cf5b0e2d~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=MItzoTqfndGIlG87E5iLdM2fsW8%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。示例输出</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a770004e1c5c7377acd~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=QQLIHOajhTNqeyKRO%2FIVZB6cVnE%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2、抓取指定网卡发送给指定 IP 上指定端口的交互数据,并在控制台输出<span style="color: black;">仔细</span>交互信息</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。操作指令</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a780004dce6e9e0652a~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=6iHaa0zoZESMZ8CWBAgOhbiCdjc%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。示例输出</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a790004dae0cc082eb5~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=QN4V%2FWEZY4fxLZxe7vnTkj3ZzMw%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3、抓取发送至指定 IP 的 ping 交互数据,并在<span style="color: black;">掌控</span>台输出<span style="color: black;">仔细</span>交互信息</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。操作指令</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a780004dce7d01dcd18~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=E%2FTppwHhvSY9171p%2Fgdhkn4SXz0%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。示例输出</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a780004dce91642e3c5~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=BRv8fQgbauZ9OU31y%2F4gDfu78Lg%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">4、抓取系统内所有接口数据并<span style="color: black;">保留</span>到指定文件</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。操作指令</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a780004dce84e4948fb~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=a375nz1FM%2FOstwR%2BxlGPivmJCX0%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">。示例输出</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a790004dae1902fc2a0~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=yVKaG6nsaZnTCdozyRRNU8JNeDc%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Windows 环境下的抓包工具介绍</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Windows 环境下,<span style="color: black;">一般</span><span style="color: black;">经过</span> Wireshark 来进行抓包和分析。它是 Windows下最流行的免费开源的数据包抓取和分析工具。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">Wireshark 工具的获取和安装说明<span style="color: black;">能够</span>参阅其官方网站,本文<span style="color: black;">再也不</span>详述。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><strong style="color: blue;">Wireshark</strong><strong style="color: blue;">抓包<span style="color: black;">过程</span>:</strong></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">1.安装后打开软件。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">2.<span style="color: black;">选取</span>菜单 <strong style="color: blue;"><span style="color: black;">捕捉</span></strong> > <strong style="color: blue;">选项,</strong>弹出如下图所示WireShark <span style="color: black;">捕捉</span>接口配置图:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><img src="https://p3-sign.toutiaoimg.com/a770004e1c88c59cb0d~noop.image?_iz=58558&from=article.pc_detail&lk3s=953192f4&x-expires=1722990395&x-signature=5nkyHaTGL5Er2DfprmmMwbayYcM%3D" style="width: 50%; margin-bottom: 20px;"></p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">3.如上图所示,<span style="color: black;">按照</span>接口名<span style="color: black;">叫作</span>或对应的 IP <span style="color: black;">位置</span>选定需要进行抓包的网卡,<span style="color: black;">而后</span>点击<strong style="color: blue;"><span style="color: black;">起始</span></strong> <span style="color: black;">起步</span>抓包。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">4.一段时间后,<span style="color: black;">选取</span>菜单 <strong style="color: blue;"><span style="color: black;">捕捉</span></strong> > <strong style="color: blue;">停止</strong>,停止抓包。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">5.<span style="color: black;">选取</span>菜单 <strong style="color: blue;">文件</strong> > <strong style="color: blue;"><span style="color: black;">保留</span></strong>,将抓包结果<span style="color: black;">保留</span>到指定文件。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"> <span style="color: black;">更加多</span>关于 Wireshark 工具的<span style="color: black;">运用</span>和数据分析<span style="color: black;">办法</span><span style="color: black;">能够</span>参阅其官方文档,本文<span style="color: black;">再也不</span>详述。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">抓包操作<span style="color: black;">过程</span>及工单提交须知</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">抓包应该在<span style="color: black;">显现</span><span style="color: black;">反常</span>时,从源服务器和<span style="color: black;">目的</span>服务器<span style="color: black;">同期</span>并发操作,以便于对比分析。其操作<span style="color: black;">过程</span>如下:</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">知道</span>源服务器和<span style="color: black;">目的</span>服务器<span style="color: black;">经过</span><span style="color: black;">自己</span>哪个网卡进行数据交互。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>源服务器<span style="color: black;">经过</span> NAT 共享方式<span style="color: black;">拜访</span>公网,则<span style="color: black;">拜访</span>ip.taobao.com 等网站,获取本地网络对应的公网 IP。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">显现</span><span style="color: black;">反常</span>时,参阅前文说明,<span style="color: black;">经过</span><span style="color: black;">关联</span>工具从源服务器对<span style="color: black;">目的</span>服务器<span style="color: black;">位置</span>的<span style="color: black;">目的</span>端口,进行抓包。<span style="color: black;">或</span>进行完整抓包,<span style="color: black;">而后</span><span style="color: black;">保留</span>抓包数据。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">显现</span><span style="color: black;">反常</span>时,参阅前文说明,<span style="color: black;">经过</span><span style="color: black;">关联</span>工具从<span style="color: black;">目的</span>服务器对源服务器<span style="color: black;">位置</span>进行抓包。<span style="color: black;">或</span>进行完整抓包,<span style="color: black;">而后</span><span style="color: black;">保留</span>抓包数据。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;"><span style="color: black;">倘若</span>抓包数据可能很大,超出工单系统附件<span style="color: black;">体积</span>限制(当前为 2M)。则需要先将前述抓包结果<strong style="color: blue;">打包压缩</strong>,再上传到第三方网盘并获取外链分享<span style="color: black;">位置</span>,<span style="color: black;">或</span>通过 OSS 管理<span style="color: black;">掌控</span>台上传文件并获取<span style="color: black;">拜访</span><span style="color: black;">位置</span>(<span style="color: black;">倘若</span>用户购买了阿里云对象存储 OSS 服务)。</p>
<p style="font-size: 16px; color: black; line-height: 40px; text-align: left; margin-bottom: 15px;">联系售后技术支持,反馈<span style="color: black;">以上</span>抓包数据获取<span style="color: black;">位置</span>,以便阿里云工程师做进一步排查分析。</p>
</div>
论坛外链网http://www.fok120.com/ 回顾历史,我们不难发现:无数先辈用鲜血和生命铺就了中华民族复兴的康庄大道。 感谢楼主分享,祝愿外链论坛越办越好! 你的话语如春风拂面,温暖了我的心房,真的很感谢。 “板凳”(第三个回帖的人) 太棒了、厉害、为你打call、点赞、非常精彩等。
页:
[1]