AireOS WLC配置抓包
這個Note主要列舉在AireOS WLC上如何抓包。它實現的步驟也相對比較簡單:
1、開啟debug packet,
2、有資料被抓取到時,會以16進位制的形式在WLC上輸出,
3、我們將輸出資訊儲存下來,然後通過Wireshark匯入就可以看到抓取到的資料包了。
該操作在WLC和RADIUS server之間的互動、與AP的通訊,與其他WLC之間通訊等情況下需要抓包驗證相關問題的時候,會有很大的幫助。
注意:
- 最好使用SSH登入到WLC的CLI介面,這樣輸出的速率會快些。
- 該feature在WLC 4.x版本之後應該都支援。
- 該操作只能抓取WLC 控制平面(CP)和資料平面(DP)之間的互動的雙向流量,不能抓取那些沒有從資料平面傳送到控制平面的,或是從控制層面傳送的資料包。可理解為抓取的是上CPU處理的報文。
列舉一些上CPU的流量型別:
- Telnet
- SSH
- HTTP
- HTTPS
- SNMP
- NTP
- RADIUS
- TACACS+
- Mobility Messages
- CAPWAP control
- NMSP
- TFTP/FTP/SFTP
- Syslog
- IAPP
注意:進出客戶端的流量在資料平面(DP)中處理,但以下情況除外:802.11 management,802.1X / EAPOL,ARP,DHCP和Web Authentication。
配置示例:
這裡以使用SSH登入WLC來作為一個示例:
1、登入到WLC的CLI介面
(Cisco Controller)
User: lcj
Password:****************
(Cisco Controller) >
(Cisco Controller) >
2、配置我們需要抓取的流量的源目地址和型別(這裡抓取SSH的流量,我直接配置ip了)
我的管理地址的IP為192.168.1.100/24,閘道器是192.168.1.1,所以有如下配置:
(Cisco Controller) >debug packet logging acl ip 1 permit 192.168.1.1 192.168.1.100
(Cisco Controller) >debug packet logging acl ip 2 permit 192.168.1.100 192.168.1.1
(Cisco Controller) >debug packet logging format text2pcap <<<預設格式,有兩種格式,另一種是hex2pcap
(Cisco Controller) >debug packet logging enable all 100 <<<開啟debug並配置抓取100個包,預設是25個,後續還可以跟報文的大小
除錯工具支援兩種輸出格式:hex2pcap和text2pcap。 IOS使用的標準格式支援使用hex2pcap,可以使用HTML前端進行解碼。 text2pcap選項可以被Wireshark讀取。
兩種格式下的輸出有所差異:
其一:hex2pcap格式
其二:text2pcap格式
3、檢視配置的引數
(Cisco Controller) >show debug packet
Status........................................... rx/tx <<<沒有開啟的時候,顯示disable,這種狀態表示已經開啟了
Number of packets to display..................... 100
Bytes/packet to display.......................... 0
Packet display format............................ text2pcap
Driver ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
Ethernet ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
IP ACL:
[1]: permit s=192.168.1.1 d=192.168.1.100 any
[2]: permit s=192.168.1.100 d=192.168.1.1 any
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
EoIP-Ethernet ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
EoIP-IP ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
LWAPP-Dot11 ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
LWAPP-IP ACL:
[1]: disabled
[2]: disabled
[3]: disabled
[4]: disabled
[5]: disabled
[6]: disabled
4、通過CRT ,使用SSH WLC的管理地址,在CLI介面有如下輸出資訊:
rx len=66, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 00 34 38 24 40 00 40 06 7E EA C0 a8 01 01 C0 A8 [email protected]@[email protected]([email protected](
0020 01 64 E2 51 00 16 51 E9 F6 0A 00 00 00 00 80 02 .dbQ..Qiv.......
0030 FA F0 C6 0D 00 00 02 04 05 B4 01 03 03 08 01 01 zpF......4......
0040 04 02 ..
tx len=66, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 [email protected])ul9..E.
0010 00 34 00 00 40 00 40 06 B7 0E C0 a8 01 64 C0 A8 [email protected]@[email protected]([email protected](
0020 01 01 00 16 E2 51 C7 16 99 45 51 e9 F6 0B 80 12 ....bQG..EQiv...
0030 15 B8 4B 20 00 00 02 04 05 6E 01 01 04 02 01 03 .8K......n......
0040 03 07 ..
rx len=54, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 00 28 38 25 40 00 40 06 7E F5 C0 a8 01 01 C0 A8 .(8%@[email protected][email protected]([email protected](
0020 01 64 E2 51 00 16 51 E9 F6 0B C7 16 99 46 50 10 .dbQ..Qiv.G..FP.
0030 08 25 99 3F 00 00 .%.?..
rx len=95, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 00 51 38 26 40 00 40 06 7E CB C0 a8 01 01 C0 A8 .Q8&@[email protected][email protected]([email protected](
0020 01 64 E2 51 00 16 51 E9 F6 0B C7 16 99 46 50 18 .dbQ..Qiv.G..FP.
0030 08 25 56 6D 00 00 53 53 48 2D 32 2e 30 2D 53 65 .%Vm..SSH-2.0-Se
0040 63 75 72 65 43 52 54 5F 37 2E 33 2e 30 20 28 78 cureCRT_7.3.0.(x
0050 36 34 20 62 75 69 6C 64 20 36 35 37 29 0D 0A 64.build.657)..
tx len=54, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 [email protected])ul9..E.
0010 00 28 50 CC 40 00 40 06 66 4E C0 a8 01 64 C0 A8 .([email protected]@[email protected]([email protected](
0020 01 01 00 16 E2 51 C7 16 99 46 51 e9 F6 34 50 10 ....bQG..FQiv4P.
0030 00 2C A1 0F 00 00 .,!...
tx len=72, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 [email protected])ul9..E.
0010 00 3A 50 CD 40 00 40 06 66 3B C0 a8 01 64 C0 A8 .:[email protected]@.f;@([email protected](
0020 01 01 00 16 E2 51 C7 16 99 46 51 e9 F6 34 50 18 ....bQG..FQiv4P.
0030 00 2C 22 D7 00 00 53 53 48 2D 32 2e 30 2D 43 49 .,"W..SSH-2.0-CI
0040 53 43 4F 5F 57 4C 43 0A SCO_WLC.
rx len=822, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 03 28 38 2A 40 00 40 06 7B F0 C0 a8 01 01 C0 A8 .(8*@[email protected]{[email protected]([email protected](
0020 01 64 E2 51 00 16 51 E9 F6 34 C7 16 99 58 50 18 .dbQ..Qiv4G..XP.
0030 08 24 92 5B 00 00 00 00 02 FC 07 14 56 B4 01 3F .$.[.....|..V4.?
0040 D0 81 02 CD 1D 5A 63 3B D8 A4 F5 75 00 00 00 B7 P..M.Zc;X$uu...7
0050 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 35 ecdh-sha2-nistp5
0060 32 31 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 21,ecdh-sha2-nis
0070 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61 32 2D tp384,ecdh-sha2-
0080 6E 69 73 74 70 32 35 36 2C 64 69 66 66 69 65 2D nistp256,diffie-
0090 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 31 34 2D hellman-group14-
00A0 73 68 61 31 2C 64 69 66 66 69 65 2d 68 65 6C 6C sha1,diffie-hell
00B0 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E man-group-exchan
00C0 67 65 2D 73 68 61 32 35 36 2C 64 69 66 66 69 65 ge-sha256,diffie
00D0 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6f 75 70 2D 65 -hellman-group-e
00E0 78 63 68 61 6E 67 65 2D 73 68 61 31 2C 64 69 66 xchange-sha1,dif
00F0 66 69 65 2D 68 65 6C 6C 6D 61 6E 2d 67 72 6F 75 fie-hellman-grou
0100 70 31 2D 73 68 61 31 00 00 00 6B 73 73 68 2D 64 p1-sha1...kssh-d
0110 73 73 2C 73 73 68 2D 72 73 61 2C 65 63 64 73 61 ss,ssh-rsa,ecdsa
0120 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 65 -sha2-nistp256,e
0130 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74 70 33 cdsa-sha2-nistp3
0140 38 34 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 84,ecdsa-sha2-ni
0150 73 74 70 35 32 31 2C 78 35 30 39 76 33 2D 73 69 stp521,x509v3-si
0160 67 6E 2D 72 73 61 2C 78 35 30 39 76 33 2D 73 69 gn-rsa,x509v3-si
0170 67 6E 2D 64 73 73 00 00 00 6B 61 65 73 32 35 36 gn-dss...kaes256
0180 2D 63 74 72 2C 61 65 73 31 39 32 2d 63 74 72 2C -ctr,aes192-ctr,
0190 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 32 35 aes128-ctr,aes25
01A0 36 2D 63 62 63 2C 61 65 73 31 39 32 2D 63 62 63 6-cbc,aes192-cbc
01B0 2C 61 65 73 31 32 38 2D 63 62 63 2c 74 77 6F 66 ,aes128-cbc,twof
01C0 69 73 68 2D 63 62 63 2C 62 6C 6F 77 66 69 73 68 ish-cbc,blowfish
01D0 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 2C 61 72 -cbc,3des-cbc,ar
01E0 63 66 6F 75 72 00 00 00 6B 61 65 73 32 35 36 2D cfour...kaes256-
01F0 63 74 72 2C 61 65 73 31 39 32 2D 63 74 72 2C 61 ctr,aes192-ctr,a
0200 65 73 31 32 38 2D 63 74 72 2C 61 65 73 32 35 36 es128-ctr,aes256
0210 2D 63 62 63 2C 61 65 73 31 39 32 2d 63 62 63 2C -cbc,aes192-cbc,
0220 61 65 73 31 32 38 2D 63 62 63 2C 74 77 6F 66 69 aes128-cbc,twofi
0230 73 68 2D 63 62 63 2C 62 6C 6F 77 66 69 73 68 2D sh-cbc,blowfish-
0240 63 62 63 2C 33 64 65 73 2D 63 62 63 2C 61 72 63 cbc,3des-cbc,arc
0250 66 6F 75 72 00 00 00 5B 68 6D 61 63 2D 73 68 61 four...[hmac-sha
0260 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 32 2D 2-512,hmac-sha2-
0270 32 35 36 2C 68 6D 61 63 2D 73 68 61 31 2C 68 6D 256,hmac-sha1,hm
0280 61 63 2D 73 68 61 31 2D 39 36 2C 68 6D 61 63 2D ac-sha1-96,hmac-
0290 6D 64 35 2C 68 6D 61 63 2D 6D 64 35 2D 39 36 2C md5,hmac-md5-96,
02A0 75 6D 61 63 2D 36 34 40 6F 70 65 6e 73 73 68 2E [email protected]
02B0 63 6F 6D 00 00 00 5B 68 6D 61 63 2d 73 68 61 32 com...[hmac-sha2
02C0 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 32 2D 32 -512,hmac-sha2-2
02D0 35 36 2C 68 6D 61 63 2D 73 68 61 31 2C 68 6D 61 56,hmac-sha1,hma
02E0 63 2D 73 68 61 31 2D 39 36 2C 68 6d 61 63 2D 6D c-sha1-96,hmac-m
02F0 64 35 2C 68 6D 61 63 2D 6D 64 35 2d 39 36 2C 75 d5,hmac-md5-96,u
0300 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73 68 2E 63 [email protected]
0310 6F 6D 00 00 00 04 6E 6F 6E 65 00 00 00 04 6E 6F om....none....no
0320 6E 65 00 00 00 00 00 00 00 00 00 00 00 00 00 56 ne.............V
0330 95 1B 7F FE 57 3E ...~W>
tx len=734, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 [email protected])ul9..E.
0010 02 D0 50 CE 40 00 40 06 63 A4 C0 a8 01 64 C0 A8 [email protected]@[email protected]([email protected](
0020 01 01 00 16 E2 51 C7 16 99 58 51 e9 F9 34 50 18 ....bQG..XQiy4P.
0030 00 38 62 04 00 00 00 00 02 A4 09 14 25 12 5B 36 .8b......$..%.[6
0040 C4 2F 11 A0 35 D1 14 B2 AC DE 8B 3b 00 00 00 59 D/..5Q.2,^.;...Y
0050 64 69 66 66 69 65 2D 68 65 6C 6C 6d 61 6E 2D 67 diffie-hellman-g
0060 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 roup-exchange-sh
0070 61 31 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 a1,diffie-hellma
0080 6E 2D 67 72 6F 75 70 31 34 2D 73 68 61 31 2C 64 n-group14-sha1,d
0090 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 iffie-hellman-gr
00A0 6F 75 70 31 2D 73 68 61 31 00 00 00 0F 73 73 68 oup1-sha1....ssh
00B0 2D 72 73 61 2C 73 73 68 2D 64 73 73 00 00 00 9C -rsa,ssh-dss....
00C0 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 31 39 aes128-ctr,aes19
00D0 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 74 72 2-ctr,aes256-ctr
00E0 61 72 63 66 6F 75 72 32 35 36 2C 61 72 63 66 6F arcfour256,arcfo
00F0 75 72 31 32 38 2C 61 65 73 31 32 38 2D 63 62 63 ur128,aes128-cbc
0100 2C 33 64 65 73 2D 63 62 63 2C 62 6c 6F 77 66 69 ,3des-cbc,blowfi
0110 73 68 2D 63 62 63 2C 63 61 73 74 31 32 38 2D 63 sh-cbc,cast128-c
0120 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 bc,aes192-cbc,ae
0130 73 32 35 36 2D 63 62 63 2C 61 72 63 66 6F 75 72 s256-cbc,arcfour
0140 2C 72 69 6A 6E 64 61 65 6C 2D 63 62 63 40 6C 79 ,[email protected]
0150 73 61 74 6F 72 2E 6C 69 75 2E 73 65 00 00 00 9C sator.liu.se....
0160 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 31 39 aes128-ctr,aes19
0170 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 74 72 2-ctr,aes256-ctr
0180 61 72 63 66 6F 75 72 32 35 36 2C 61 72 63 66 6F arcfour256,arcfo
0190 75 72 31 32 38 2C 61 65 73 31 32 38 2D 63 62 63 ur128,aes128-cbc
01A0 2C 33 64 65 73 2D 63 62 63 2C 62 6c 6F 77 66 69 ,3des-cbc,blowfi
01B0 73 68 2D 63 62 63 2C 63 61 73 74 31 32 38 2D 63 sh-cbc,cast128-c
01C0 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 bc,aes192-cbc,ae
01D0 73 32 35 36 2D 63 62 63 2C 61 72 63 66 6F 75 72 s256-cbc,arcfour
01E0 2C 72 69 6A 6E 64 61 65 6C 2D 63 62 63 40 6C 79 ,[email protected]
01F0 73 61 74 6F 72 2E 6C 69 75 2E 73 65 00 00 00 55 sator.liu.se...U
0200 68 6D 61 63 2D 6D 64 35 2C 68 6D 61 63 2D 73 68 hmac-md5,hmac-sh
0210 61 31 2C 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 a1,hmac-ripemd16
0220 30 2C 68 6D 61 63 2D 72 69 70 65 6d 64 31 36 30 0,hmac-ripemd160
0230 40 6F 70 65 6E 73 73 68 2E 63 6F 6d 2C 68 6D 61 @openssh.com,hma
0240 63 2D 73 68 61 31 2D 39 36 2C 68 6d 61 63 2D 6D c-sha1-96,hmac-m
0250 64 35 2D 39 36 00 00 00 55 68 6D 61 63 2D 6D 64 d5-96...Uhmac-md
0260 35 2C 68 6D 61 63 2D 73 68 61 31 2c 68 6D 61 63 5,hmac-sha1,hmac
0270 2D 72 69 70 65 6D 64 31 36 30 2C 68 6D 61 63 2D -ripemd160,hmac-
0280 72 69 70 65 6D 64 31 36 30 40 6F 70 65 6E 73 73 [email protected]
0290 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 31 2D h.com,hmac-sha1-
02A0 39 36 2C 68 6D 61 63 2D 6D 64 35 2d 39 36 00 00 96,hmac-md5-96..
02B0 00 09 6E 6F 6E 65 2C 7A 6C 69 62 00 00 00 09 6E ..none,zlib....n
02C0 6F 6E 65 2C 7A 6C 69 62 00 00 00 00 00 00 00 00 one,zlib........
02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..............
rx len=326, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 01 38 38 2E 40 00 40 06 7D DC C0 a8 01 01 C0 A8 [email protected]@.}\@([email protected](
0020 01 64 E2 51 00 16 51 E9 F9 34 C7 16 9C 00 50 18 .dbQ..Qiy4G...P.
0030 08 22 43 55 00 00 00 00 01 0C 05 1e 00 00 01 01 ."CU............
0040 00 FF ED 3E 3C 77 42 9D 9D 6F 98 bc 4C A9 72 29 ..m><wB..o.<L)r)
0050 3A 2C 07 50 1D 5C 63 0C CE 70 97 a5 CB 7F F0 05 :,.P.\c.Np.%K.p.
0060 E1 4F F6 6A 23 FC 38 07 CC EF 5A 60 91 39 6A A4 aOvj#|8.LoZ`.9j$
0070 00 7A E4 D4 90 3D C5 99 67 CB 5F a5 AE 43 22 A4 .zdT.=E.gK_%.C"$
0080 F1 2D F2 5E F8 FD 7D E5 F0 65 4A ba C3 0F 94 0B q-r^x}}epeJ:C...
0090 1F CB 7A A5 D0 83 56 1D 7F 18 BF 2b BA 24 1D AB .Kz%P.V...?+:$.+
00A0 E7 D9 5D 82 F9 15 6D 81 EB FC 78 6a E7 24 05 9E gY].y.m.k|xjg$..
00B0 44 AF 91 93 D6 E6 F4 DF 3F 21 64 46 69 43 FF B4 D/..Vft_?!dFiC.4
00C0 E3 06 02 D5 37 64 1B 9A 89 53 67 02 84 E2 6F 1D c..U7d...Sg..bo.
00D0 28 FD 70 39 CE 0A A0 E3 34 8E 2C e6 03 AE CE B5 (}p9N..c4.,f..N5
00E0 80 68 66 56 B6 5D DC 62 65 F6 B3 1d CE E2 CB 3E .hfV6]\bev3.NbK>
00F0 A5 45 43 97 E3 86 84 06 37 A2 94 0f C0 B8 BE D5 %EC.c...7"[email protected]>U
0100 4D 44 91 85 5A 73 D6 C3 4F 9E 61 b9 66 6D 02 79 MD..ZsVCO.a9fm.y
0110 A1 E1 66 A0 FE 3F CA 55 80 1A EA 41 3A 77 30 B3 !af.~?JU..jA:w03
0120 08 0E F9 E7 19 55 76 CD D0 98 AD 04 A9 51 7B A6 ..yg.UvMP.-.)Q{&
0130 51 58 7D 56 5D 04 A4 56 80 6D 2D a1 B2 1F 3C D3 QX}V].$V.m-!2.<S
0140 71 D5 5D 4E 04 E8 qU]N.h
tx len=838, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 [email protected])ul9..E.
0010 03 38 50 CF 40 00 40 06 63 3B C0 a8 01 64 C0 A8 [email protected]@.c;@([email protected](
0020 01 01 00 16 E2 51 C7 16 9C 00 51 e9 FA 44 50 18 ....bQG...QizDP.
0030 00 44 F8 01 00 00 00 00 02 FC 04 1f 00 00 01 B3 .Dx......|.....3
0040 00 00 00 07 73 73 68 2D 64 73 73 00 00 00 81 00 ....ssh-dss.....
0050 E2 F8 C0 7D 1B E1 A2 24 25 A8 00 c6 FC F9 C4 25 [email protected]}.a"$%(.F|yD%
0060 8B C4 D4 F2 83 66 30 D1 23 FA 07 d2 73 CD 1F AF .DTr.f0Q#z.RsM./
0070 78 7A 08 CD 5A 85 F2 2E B6 81 B6 fc 07 05 BC 72 xz.MZ.r.6.6|..<r
0080 86 90 77 81 44 9F 95 AC BA A8 42 aa 94 6A C7 5B ..w.D..,:(B*.jG[
0090 9D CB B3 61 A5 13 88 F5 A6 C8 6B 77 7B C3 7C A3 .K3a%..u&Hkw{C|#
00A0 DE 9D FD BE 36 0E 5B 64 43 D3 EE 9c F8 D0 64 8D ^.}>6.[dCSn.xPd.
00B0 03 F4 EC 90 BC FE AA 81 A0 6C 5B 6e 95 B5 D1 5D .tl.<~*..l[n.5Q]
00C0 B9 86 0C E8 89 68 0F 8F A9 98 9D 64 06 17 FE 99 9..h.h..)..d..~.
00D0 00 00 00 15 00 94 40 50 84 27 CC e0 1E F7 41 D3 [email protected]'L`.wAS
00E0 3F 6F 6F 04 C3 64 26 97 97 00 00 00 81 00 9C D1 ?oo.Cd&........Q
00F0 62 44 E2 E4 DA B3 76 67 91 AF AB 9b 6E 03 C7 10 bDbdZ3vg./+.n.G.
0100 C7 A9 D0 A9 96 A6 D3 77 21 D2 88 ba FF A6 60 2D G)P).&Sw!R.:.&`-
0110 FA 3B CC EF F7 F8 17 3F 74 C7 D1 c2 AA FB 5E 7A z;Lowx.?tGQB*{^z
0120 B3 BD FC 1C 32 4C 0B 17 11 45 CD a1 D5 6A E0 16 3=|.2L...EM!Uj`.
0130 B6 B2 1E 19 70 5D 40 89 7F BE B3 91 EE 81 92 C8 62..p]@..>3.n..H
0140 02 A6 01 6F 0B 70 FC A8 95 B3 A8 ed 99 D7 B6 BA .&.o.p|(.3(m.W6:
0150 1B 33 7E DA 2E 55 24 40 04 ED DC e3 07 17 3A A7 [email protected]\c..:'
0160 F4 54 A9 96 F0 93 94 4A 52 A4 AE 78 2A DB 00 00 tT).p..JR$.x*[..
0170 00 81 00 A8 DD 96 79 37 80 DA 0F 56 C6 31 AB 71 ...(].y7.Z.VF1+q
0180 94 9E C2 E8 41 72 FD 1F 39 A2 37 0d 7A E8 0B 45 ..BhAr}.9"7.zh.E
0190 E9 EF 76 59 7F A1 5F 4C 73 2E E5 e7 D6 9A 93 F5 iovY.!_Ls.egV..u
01A0 78 6F 67 B8 9B E7 22 D7 4F BC FF 8d 9A 3E A0 85 xog8.g"WO<...>..
01B0 F4 EA E0 0B 5F DF B4 E3 18 22 E2 56 B5 8F C1 89 tj`.__4c."bV5.A.
01C0 7F 6A DD 95 C5 17 53 1A 6B 5E ED 7f 72 15 D2 69 .j].E.S.k^m.r.Ri
01D0 3D DB 1F 1B 19 CC E1 7E 6F 95 C8 1b A6 60 12 CD =[...La~o.H.&`.M
01E0 24 D5 47 99 94 4B 8F 3D 4C 79 C5 97 3C 97 29 20 $UG..K.=LyE.<.).
01F0 2C 4C 13 00 00 01 00 3E 70 BF FB f1 8D EA A2 BF ,L.....>p?{q.j"?
0200 33 F8 74 84 9A DC 38 C7 18 B4 30 6b 79 FD 8D CD 3xt..\8G.40ky}.M
0210 9A 78 3E CA 10 B6 81 B1 3F 78 15 1d AA 41 D2 6B .x>J.6.1?x..*ARk
0220 83 A2 4D 27 D0 8B B4 9C B2 0F 21 51 58 50 D5 4E ."M'P.4.2.!QXPUN
0230 27 B0 9F FE 9B F3 3E E6 F4 6A 39 18 83 1B 67 BB '0.~.s>ftj9...g;
0240 FD F0 39 22 C4 DE 94 E6 33 A5 F4 f2 31 02 A2 D3 }p9"D^.f3%tr1."S
0250 1F 4F 4D 49 EE 97 45 72 66 99 C5 13 50 6A 3E 9A .OMIn.Erf.E.Pj>.
0260 59 6A D7 B8 F1 94 1A CC 49 9E 21 54 CD A5 E1 C9 YjW8q..LI.!TM%aI
0270 2D 7D 14 85 02 29 1D 2B A9 7E 4E e2 4D 76 BA C1 -}...).+)~NbMv:A
0280 E2 92 73 2C 69 80 F7 F4 86 F2 84 57 52 21 4C 03 b.s,i.wt.r.WR!L.
0290 07 C5 C0 AC AB 3F 0A D0 BF 31 40 e7 A4 65 F2 A4 [email protected],[email protected]$er$
02A0 FC 59 10 15 25 56 6A D6 C7 CC 42 43 B9 9C 72 90 |Y..%VjVGLBC9.r.
02B0 C5 35 83 64 26 CC A5 E5 F5 B0 53 7d 41 47 48 DE E5.d&L%eu0S}AGH^
02C0 F5 2A DF B0 64 29 BE 2E 42 46 5D c8 7F AB 69 2C u*_0d)>.BF]H.+i,
02D0 41 2F 89 5B 38 CE E9 A8 A4 23 14 1b 28 24 CB 96 A/.[8Ni($#..($K.
02E0 45 F9 7D B4 E6 2C 81 03 87 7F B2 7b A7 0B 38 C1 Ey}4f,....2{'.8A
02F0 60 B1 25 D5 CA 6E 1C 00 00 00 37 00 00 00 07 73 `1%UJn....7....s
0300 73 68 2D 64 73 73 00 00 00 28 22 58 22 DC 44 2F sh-dss...("X"\D/
0310 D8 08 DF 2F AA 3B AC 7C 35 8F E5 b4 CB 96 14 35 X._/*;,|5.e4K..5
0320 BE AF 39 BD 82 4E 22 96 39 0B 4B 33 31 71 C8 F6 >/9=.N".9.K31qHv
0330 80 84 00 00 00 00 00 00 00 0C 0A 15 00 00 00 00 ................
0340 00 00 00 00 00 00 ......
rx len=70, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 00 38 38 2F 40 00 40 06 7E DB C0 a8 01 01 C0 A8 .88/@[email protected]~[@([email protected](
0020 01 64 E2 51 00 16 51 E9 FA 44 C7 16 9F 10 50 18 .dbQ..QizDG...P.
0030 08 25 4E 5B 00 00 00 00 00 0C 0A 15 67 24 F3 7E .%N[........g$s~
0040 A6 03 0C 35 29 CC &..5)L
rx len=106, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)[email protected]
0010 00 5C 38 30 40 00 40 06 7E B6 C0 a8 01 01 C0 A8 .\[email protected]@[email protected]([email protected](
0020 01 64 E2 51 00 16 51 E9 FA 54 C7 16 9F 10 50 18 .dbQ..QizTG...P.
0030 08 25 F6 EE 00 00 D8 27 21 49 9C 9d 4B 21 11 43 .%vn..X'!I..K!.C
0040 AE 1F 05 2E EB 77 67 6E D7 69 5F ec 66 9F 28 89 ....kwgnWi_lf.(.
0050 7F ED E3 87 4B 6E D1 10 D5 94 9A a1 24 6E 66 FC .mc.KnQ.U..!$nf|
5、將這一部分儲存出來,我們需要通過Wireshark開啟它
6、開啟Wireshark,按照如下步驟匯入我們抓取到的資訊:
選擇對應的抓取資訊儲存下載的檔案,然後開啟
可以看到我們抓到的SSH的報文
其他操作:
刪除debug:
刪除我們匹配的流量
> debug packet logging acl ip 1 disable
> debug packet logging acl ip 2 disable
管理debug操作:
> debug packet logging disable
當我們抓取其他資訊時候,可能也是SSH登入到WLC的,為了避免抓取到SSH的報文干擾故障排查,我們可以寫如下的ACL deny掉SSH的流量:
> debug packet logging acl ip 1 deny <WLC-IP> <host-IP> tcp 22 any
> debug packet logging acl ip 2 deny <host-IP> <WLC-IP> tcp any 22
> debug packet logging acl ip 3 permit any any