trex抓包過程詳解
阿新 • • 發佈:2022-04-22
trex在service模式下提供了幾種抓包分析的方式,其抓包原理如下圖所示:
- 通過console的方式來抓包
- 方式一:
trex>service Enabling service mode on port(s): [0, 1] [SUCCESS] 6.72 [ms] trex(service)>capture monitor start --rx 1 -v Starting stdout capture monitor - verbose: 'high' [SUCCESS] *** use 'capture monitor stop' to abort capturing... *** trex(service)>arp -p 3 arp - port(s) [3]: invalid port IDs trex(service)>arp -p 1 Resolving destination on port(s) [1]: [SUCCESS] Port 1 - Recieved ARP reply from: 20.20.20.1, hw: 00:50:56:c0:00:02 459.79 [ms] trex(service)> #1 Port: 1 ◀── RX trex(service)> Type: ARP, Size: 60 B, TS: 16.03 [sec] trex(service)> ###[ Ethernet ]### dst = 00:0c:29:69:39:76 src = 00:50:56:c0:00:02 type = ARP ###[ ARP ]### hwtype = 0x1 ptype = IPv4 hwlen = 6 plen = 4 op = is-at hwsrc = 00:50:56:c0:00:02 psrc = 20.20.20.1 hwdst = 00:0c:29:69:39:76 pdst = 20.20.20.2 ###[ Padding ]### load = '\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
停止抓包:
trex(service)>capture monitor stop
Stopping capture monitor [SUCCESS]
trex(service)>
- 方式二:
trex(service)>capture monitor start --rx 1 -f udp -p (1) Starting pipe capture monitor [SUCCESS] Trying to locate Wireshark [SUCCESS] Checking permissions on '/usr/bin/dumpcap' [SUCCESS] Launching '/usr/bin/wireshark -k -i /tmp/tmputa4jf3c' [SUCCESS] (2) Waiting for Wireshark pipe connection [SUCCESS] (3) *** Capture monitoring started *** (4) trex(service)>arp (5) Resolving destination on port(s) [0, 1]: [SUCCESS] Port 0 - Recieved ARP reply from: 4.4.4.4, hw: 90:e2:ba:af:13:89 Port 1 - Recieved ARP reply from: 3.3.3.3, hw: 90:e2:ba:af:13:88 Port 2 - Recieved ARP reply from: 2.2.2.2, hw: 90:e2:ba:ae:88:b9 Port 3 - Recieved ARP reply from: 1.1.1.1, hw: 90:e2:ba:ae:88:b8
- 方式三:
trex(service)>capture record start --rx 3 --limit 200 (1) Starting packet capturing up to 200 packets [SUCCESS] *** Capturing ID is set to '4' *** (2) *** Please call 'capture record stop --id 4 -o <out.pcap>' when done *** trex(service)>capture (3) Active Recorders ID | Status | Packets | Bytes | TX Ports | RX Ports ------------------------------------------------------------------------------------------------------ 4 | ACTIVE | [0/200] | 0 B | - | 3 trex(service)>start -f stl/imix.py -m 1kpps -p 0 --force (4) Removing all streams from port(s) [0]: [SUCCESS] Attaching 3 streams to port(s) [0]: [SUCCESS] Starting traffic on port(s) [0]: [SUCCESS] 20.42 [ms] trex(service)>capture (5) Active Recorders ID | Status | Packets | Bytes | TX Ports | RX Ports ------------------------------------------------------------------------------------------------------ 4 | ACTIVE | [200/200] | 74.62 KB | - | 3 trex(service)>capture record stop --id 4 -o /tmp/rx_3.pcap (6) Stopping packet capture 4 [SUCCESS] Writing 200 packets to '/tmp/rx_3.pcap' [SUCCESS] Removing PCAP capture 4 from server [SUCCESS] trex(service)>
新增filter的方式抓包
trex(service)>capture record start --rx 3 --limit 0 -f udp and src 5000
Starting packet capturing up to 0 packets [SUCCESS]
*** Capturing ID is set to '14' ***
*** Please call 'capture record stop --id 14 -o <out.pcap>' when done ***
trex(service)>capture
Active Recorders
ID | Status | Matched | Packets | Bytes | RX Ports | BPF Filter
-------------------------------------------------------------------------------------------------------
14 | ACTIVE | 0 | [0/0] | 0 B | 3 | udp and src 5000
trex(service)>