[LINUX] Ethereal 的使用實例

這個工具在pc上很好用,但有時沒辦法在 Switch 上加 monitor port 時,就只好直接在 server 上抓囉....這裡介紹的是 server 上 Ethereal 的文字版 "tethereal" 這個好用的咚咚...
通常我都是像下面這樣用,用 -w 把結果寫到 /tmp/mytest.cap 去,用 -i 指定我要 monitor 的 NIC,加上 -q 讓畫面安靜一點,反正我只是抓封包,抓完再把 /tmp/mytest.cap 下載回 PC 端用Ethereal 打開來分析。

# tethereal -w /tmp/mytest.cap -i eth0 -q
# tethereal -r /tmp/mytest.cap -x -V
(這一行是直接在 server 上把剛剛抓的結果秀出來看)

-q When capturing packets, don’t display the continuous count of pack-ets captured; instead, just display, at the end of the capture, a count of packets captured.
-w Write packet data to savefile .
-i Set the name of the network interface to use for live packet capture.
-r Read packet data from infile.
-V Cause Tethereal to print a view of the details of the packet.
-T Set the format of the output when viewing packet data. The options:
ps PostScript for a human-readable one-line summary.
-x Cause Tethereal to print a hex and ASCII dump
0 Responses