ASA、交换机、主机设备抓包
来源:互联网 发布:剑灵人女捏脸数据下载 编辑:程序博客网 时间:2024/05/17 04:05
一、ASA的inside,outside接口抓包
1、打开syslog
logging on
logging timestamp
logging trap information
logging host inside X.X.X.X(日志服务器)
Clear conn
Clear xlate
2、配置要抓包的数据流
点对点抓包
access-list cap permit ip host X.X.X.X host X.X.X.X
access-list cap permit ip host X.X.X.X host X.X.X.X
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
全局抓包
access-list cap permit ip any any
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
1、打开syslog
logging on
logging timestamp
logging trap information
logging host inside X.X.X.X(日志服务器)
Clear conn
Clear xlate
2、配置要抓包的数据流
点对点抓包
access-list cap permit ip host X.X.X.X host X.X.X.X
access-list cap permit ip host X.X.X.X host X.X.X.X
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
全局抓包
access-list cap permit ip any any
capture asa_cap_inside type raw-data access-list tac_capture buffer 10000000 interface inside
capture asa_cap_outside type raw-data access-list tac_capture buffer 10000000 interface outside
3、查看相关信息
show clock
show conn address X.X.X.X
show local-host X.X.X.X
show asp drop
show xlate
show capture
d)拷贝capture到tftp服务器上
copy /pcap capture:asa_cap_inside tftp://X.X.X.X/asa_inside.cap
copy /pcap capture:asa_cap_outside tftp://X.X.X.X/asa_outside.cap
4、取消capture
no capture asa_capture_inside_1
no capture asa_capture_outside_1
clear capture asa_capture_inside_1
clear capture asa_capture_outside_1
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host any any
show clock
show conn address X.X.X.X
show local-host X.X.X.X
show asp drop
show xlate
show capture
d)拷贝capture到tftp服务器上
copy /pcap capture:asa_cap_inside tftp://X.X.X.X/asa_inside.cap
copy /pcap capture:asa_cap_outside tftp://X.X.X.X/asa_outside.cap
4、取消capture
no capture asa_capture_inside_1
no capture asa_capture_outside_1
clear capture asa_capture_inside_1
clear capture asa_capture_outside_1
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host X.X.X.X host X.X.X.X
no access-list cap permit ip host any any
二、交换机上抓包
1、交换机做span
configure terminal
monitor session 1 source interface fastethernet X/X/X
monitor session 1 destination interface fastethernet X/X/X
1、交换机做span
configure terminal
monitor session 1 source interface fastethernet X/X/X
monitor session 1 destination interface fastethernet X/X/X
no monitor session X
show monitor
三、主机上抓包(linux)
tcpdump -s 0 -w /tmp/X.cap -i 网口 host X.X.X.X
tcpdump -nn -f host X.X.X.X and ! X.X.X.X
tcpdump -w test.cap -i 网口 tcp port 端口 or udp \( 端口 or 端口 \)
from:
http://blog.chinaunix.net/uid-14628842-id-2353656.html
- ASA、交换机、主机设备抓包
- ios设备抓包
- 嵌入式设备抓包
- ios设备抓包方法
- ios设备抓包方法
- ios设备抓包方法
- Android设备抓包方法
- 交换机与HUB的区别 及 hub抓包记录
- 交换机安全——抓包及配置攻击溯源
- 未越狱苹果设备抓包方法
- Wireshark手机等移动设备抓包
- ios设备使用tcpdump抓包
- 在iOS设备上进行抓包
- Android设备抓包命令及分析
- Charles:移动端设备网络抓包
- Android设备的网络抓包方案
- Wireshark手机等移动设备抓包
- catos与IOS 各种设备cisco抓包
- (转)Android中ListView分页加载数据
- MySQL 数据类型
- ERROR: libstagefright_h264 not found
- 判断客户端是否是手机
- CHtmlView 和 Webbrowser 控件中超链接点击事件的获取与检测
- ASA、交换机、主机设备抓包
- 开发小技巧:jQuery处理自适应内容高度的iframe
- php计算月份差
- android开发环境配置
- 在列表中添加值后,无法检索出来
- 关于cisco日志的配置
- Java基于XML+FreeMarker导出Word
- 从摄像头获得图片并存储感兴趣区变化大的图片
- php按照单词截取子串