HP-UX下的抓包工具nettl

当我们搞不清unix/linux下的某个工具怎么用时最可靠也最有效的办法就是：看工具的联机手册，man nettl。

使用nettl抓包工具必须在root用户下执行。简单列个小的抓包例子：

# cd /tmp# nettl -startInitializing Network Tracing and Logging...Done. # nettl -tn all -e ns_ls_tcp -tm 60M -f /tmp/net1

参数： -tn （-traceon的简写，开始在指定的subsystems类型上捕获报文）

-e （-entity的简写，后接subsystems类型，这里我们要抓取的是tcp报文）

-tm （-tracemax的简写，后接maxsize，指定抓包大小）

-f （-file的简写，后接抓取后的数据包的名字）

# nettl -status allLogging Information:Log Filename:                           /var/adm/nettl.LOG0*Max Log file size(Kbytes):   1000       Console Logging:        OnUser's ID:                   0          Buffer Size:            8192Messages Dropped:            0          Messages Queued:        0Subsystem Name:                 Log Class:NS_LS_LOGGING                                              ERROR DISASTERNS_LS_NFT                                                  ERROR DISASTERNS_LS_LOOPBACK                                             ERROR DISASTERNS_LS_NI                                                   ERROR DISASTERNS_LS_IPC                                                  ERROR DISASTERNS_LS_SOCKREGD                                             ERROR DISASTERNS_LS_TCP                                                  ERROR DISASTERNS_LS_PXP                                                  ERROR DISASTERNS_LS_UDP                                                  ERROR DISASTERNS_LS_IP                                                   ERROR DISASTERNS_LS_PROBE                                                ERROR DISASTERNS_LS_DRIVER                                               ERROR DISASTERNS_LS_RLBD                                                 ERROR DISASTERNS_LS_BUFS                                                 ERROR DISASTERNS_LS_CASE21                                               ERROR DISASTERNS_LS_ROUTER21                                             ERROR DISASTERNS_LS_NFS                                                  ERROR DISASTERNS_LS_NETISR                                               ERROR DISASTERNS_LS_NSE                                                  ERROR DISASTERNS_LS_STRLOG                                               ERROR DISASTERNS_LS_TIRDWR                                               ERROR DISASTERNS_LS_TIMOD                                                ERROR DISASTERNS_LS_ICMP                                                 ERROR DISASTERFILTER                                                     ERROR DISASTERNAME                                                       ERROR DISASTERNS_LS_IGMP                                                 ERROR DISASTERFC                                                         ERROR DISASTERFORMATTER                                                  ERROR DISASTERSTREAMS                                                    ERROR DISASTERBASE100                                                    ERROR DISASTERPCI100BT                                                   ERROR DISASTERSPP100BT                                                   ERROR DISASTERTracing Information:Trace Filename:                         /tmp/net1.TRC*Max Trace file size(Kbytes): 61440   User's ID:                   0          Buffer Size:            69632Messages Dropped:            0          Messages Queued:        0Subsystem Name:      Trace Mask:NS_LS_TCP            0xFFFF0000 # ls -l net*-rw-------   1 root       sys          82708 Mar  4 14:21 net1.TRC0# nettl -traceoff -e all# nettl -stop#

抓完包后就要开始解析了，我们用netfmt工具来查看捕获到的包。我们用netfmt工具解析抓到的包的结果重定向到一个文件里，然后用vi查看：

# netfmt -N -l -f /tmp/net1.TRC* > net1.log

# vi net1.log^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ARPA/9000 NETWORKING^^^^^^^^^^^^^^^^^^^^^^^^^^@#%  Timestamp            : Mon Mar 04 EAT 2013 14:20:31.574886  Process ID           : [ICS]              Subsystem        : NS_LS_TCP  User ID ( UID )      : -1                 Trace Kind       : PDU IN TRACE  Device ID            : -1                 Path ID          : 0  Connection ID        : 0  Location             : 00123~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-------------------------------- TCP Header ----------------------------------sport:   22   -->   dport:  64329     flags: PUSH ACK       seq: 0xf3d150c6  urp: 0x0      chksum: 0x5f1e   data len: 272       ack: 0x7042bcdd  win: 0x60f4   optlen: 0-------------------------------- User Data -----------------------------------   0: 2f 73 e5 c8 9a f9 04 43 76 bc 4a cd 8e 43 24 15  /s.....Cv.J..C$.  16: f0 ab 62 d6 7a 65 ce b7 11 44 43 ce 1a 94 a7 13  ..b.ze...DC.....  32: 97 85 57 3d 6e bf bf ed 21 e2 ed 44 b3 35 d2 02  ..W=n...!..D.5..  48: f9 ea f1 d1 22 83 6c c2 90 90 78 c1 d4 9c 5a 32  ....".l...x...Z2  64: 0e b3 87 11 70 0b d2 79 de d3 1e 75 f8 ec c7 92  ....p..y...u....  80: 5b d3 d2 06 15 7e 14 83 38 22 3f 74 6b 07 11 c0  [....~..8"?tk...  96: 84 77 37 b5 9d 58 63 01 85 85 d6 53 2e 54 c4 68  .w7..Xc....S.T.h 112: 89 ab 09 a1 e2 0c 0b 6b ee 10 c9 d4 cf 2c ba 49  .......k.....,.I 128: cc 40 a0 4c 1e 7a 48 bb 00 b6 d9 b5 61 40 44 bd  .@.L.zH.....a@D. 144: 08 fd a7 f9 ff d4 87 8c b0 7b e7 a6 12 b2 0c a6  .........{...... 160: a5 15 5f 06 4d 32 dc 2f 0b 28 5d 54 9d 3e b8 4f  .._.M2./.(]T.>.O 176: 52 c3 4c 9b 39 4f eb 65 c4 33 27 44 7b 34 97 40  R.L.9O.e.3'D{4.@ 192: 0d 03 3f 5d 22 5e 5e 04 92 3e a5 18 32 54 2a 44  ..?]"^^..>..2T*D 208: 30 c3 7e f9 4b 20 93 22 40 16 b8 6a 72 7f 35 79  0.~.K ."@..jr.5y 224: a7 35 b2 79 09 31 c5 b7 48 d0 e8 ee 04 a6 32 db  .5.y.1..H.....2. 240: 96 46 62 6e 19 6b c7 3d bc 43 f9 d2 0d c8 cd 06  .Fbn.k.=.C...... 256: 94 0d b2 9a e1 3d df 56 d9 49 c6 54 fe 03 9c e5  .....=.V.I.T....