tcpdump实战-----------抓取vlan中的arp报文

来源：互联网发布：如何访问google 知乎编辑：程序博客网时间：2024/05/14 20:21

组网图:

配置信息:

# ip --s link
12: br1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 0a:4c:c7:ba:a1:49 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    113631     2154     0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    5429       37       0       0       0       0
13: br2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 46:62:a7:0b:e2:a8 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    114255     2156     0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    4777       35       0       0       0       0
16: veth-2@veth-1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP mode DEFAULT group default qlen 1000
    link/ether be:e7:f9:c6:d8:cd brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    131533     2066     0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    22344      158      0       0       0       0
17: veth-1@veth-2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP mode DEFAULT group default qlen 1000
    link/ether 26:c7:ce:69:a7:31 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    22344      158      0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    131533     2066     0       0       0       0
18: veth-4@veth-3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 3e:14:01:10:e5:2d brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    19210      132      0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    121443     1996     0       0       0       0
19: veth-3@veth-4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br1 state UP mode DEFAULT group default qlen 1000
    link/ether 46:94:ba:97:f3:20 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    121443     1996     0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    19210      132      0       0       0       0
20: veth-4.100@veth-4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 3e:14:01:10:e5:2d brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    3882       30       0       0       0       30
    TX: bytes packets errors dropped carrier collsns
    85019      1714     0       0       0       0
21: veth-4.200@veth-4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 3e:14:01:10:e5:2d brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    3882       30       0       0       0       30
    TX: bytes packets errors dropped carrier collsns
    16584      110      0       0       0       0
22: veth-6@veth-5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether b6:8b:58:0a:a4:3e brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    61333      1203     0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    12906      90       0       0       0       0
23: veth-5@veth-6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br2 state UP mode DEFAULT group default qlen 1000
    link/ether 46:fe:72:a9:e2:26 brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    12906      90       0       0       0       0
    TX: bytes packets errors dropped carrier collsns
    61333      1203     0       0       0       0
24: veth-6.100@veth-6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether b6:8b:58:0a:a4:3e brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    32392      1111     0       0       0       4
    TX: bytes packets errors dropped carrier collsns
    4302       30       0       0       0       0
25: veth-6.200@veth-6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether b6:8b:58:0a:a4:3e brd ff:ff:ff:ff:ff:ff
    RX: bytes packets errors dropped overrun mcast
    5196       34       0       0       0       8
    TX: bytes packets errors dropped carrier collsns
    4302       30       0       0       0       0

去掉报文中的vlan tag

# vconfig set_flag veth-6.100 1 1

# cat /proc/net/vlan/veth-6.100
veth-6.100 VID: 100   REORDER_HDR: 1 dev->priv_flags: 1
         total frames received          449
          total bytes received        13419
      Broadcast/Multicast Rcvd            4

      total frames transmitted           28
       total bytes transmitted         4088
Device: veth-6
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:

# tcpdump -i veth-6.100 -nn -X -e 'arp'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth-6.100, link-type EN10MB (Ethernet), capture size 262144 bytes
08:42:47.916941 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............
08:42:48.915682 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............

保留报文的vlan tag

# vconfig set_flag veth-6.100 1 0

# vconfig set_flag veth-6.100 1 0^C
root@ubuntu:/home/zhangxa/tap_tun_study# cat /proc/net/vlan/veth-6.100
veth-6.100 VID: 100   REORDER_HDR: 0 dev->priv_flags: 1
         total frames received         1000
          total bytes received        29284
      Broadcast/Multicast Rcvd            4

      total frames transmitted           29
       total bytes transmitted         4195
Device: veth-6
INGRESS priority mappings: 0:0 1:0 2:0 3:0 4:0 5:0 6:0 7:0
EGRESS priority mappings:

# tcpdump -i veth-6.100 -nn -X -e
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on veth-6.100, link-type EN10MB (Ethernet), capture size 262144 bytes
08:42:08.915589 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 100, p 0, DEI, ethertype ARP, Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............
08:42:09.915375 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 100, p 0, DEI, ethertype ARP, Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............
08:42:10.915494 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 100, p 0, DEI, ethertype ARP, Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............
08:42:11.915618 3e:14:01:10:e5:2d > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 46: vlan 100, p 0, DEI, ethertype ARP, Request who-has 2.2.2.4 tell 2.2.2.2, length 28
   0x0000: 0001 0800 0604 0001 3e14 0110 e52d 0202 ........>....-..
   0x0010: 0202 0000 0000 0000 0202 0204            ............

0 0