ISR4K-IOS XE EPC
1、该操作在ISR4K的平台操作,简单的执行了一个控制层面的抓包
配置命令:
R01#monitor capture A control-plane both
R01#monitor capture A match any
R01#monitor capture A limit packets 100 <------100个报文抓取到后,EPC会自动停止
命令查看EPC A的参数:
R01#show monitor capture A
Status Information for Capture A
Target Type:
Interface: Control Plane, Direction :
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Packet sampling rate: 0 (no sampling)
开启EPC:
R01#monitor capture A start
R01#show monitor capture A
Status Information for Capture A
Target Type:
Interface: Control Plane, Direction : both
Status : Active
Filter Details:
Capture all packets
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 100
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Maximum number of packets to capture per second: 1000
Packet sampling rate: 0 (no sampling)
设备中运行了EIGRP、PPPoE等协议,而且远程通过SSH登录了这个设备。所以抓到了如下的报文。
R01#show monitor capture A buffer brief
-------------------------------------------------------------
# size timestamp source destination protocol
-------------------------------------------------------------
0 220 0.000000 192.168.2.149 -> 224.0.0.251 UDP
1 82 0.016997 10.16.9.1 -> 10.16.9.2 UDP
2 70 0.098054 94:C3:00:00:F2:2F -> 00:21:45:00:00:44 unknown
3 56 0.187038 28:FF:3C:3C:C8:67 -> 00:9A:D2:2D:BA:14 ARP
4 60 0.187038 00:9A:D2:2D:BA:14 -> 28:FF:3C:3C:C8:67 ARP
5 82 0.217035 10.16.9.1 -> 10.16.9.2 UDP
6 82 0.417037 10.16.9.1 -> 10.16.9.2 UDP
7 46 0.473034 192.168.2.149 -> 192.168.2.1 UDP
8 122 0.603017 94:F1:00:00:F2:2F -> 00:21:45:00:00:78 unknown
9 122 0.610021 10.16.9.1 -> 10.0.11.10 TCP
10 82 0.618016 10.16.9.1 -> 10.16.9.2 UDP
11 60 0.679017 00:9A:D2:2D:B9:99 -> 01:00:0C:CC:CC:CC LLC
12 70 0.769009 95:09:00:00:F2:2F -> 00:21:45:00:00:44 unknown
13 82 0.818018 10.16.9.1 -> 10.16.9.2 UDP
14 60 0.834008 00:9A:D2:2D:B9:90 -> 68:8F:84:EE:DC:E9 PPPoE Session Stage
15 133 0.834008 00:00:FF:2F:76:EC -> 45:C0:00:85:0D:AC unknown
16 133 0.835015 00:00:FF:2F:76:EA -> 45:C0:00:85:0D:AD unknown
17 122 0.842003 95:10:00:00:F2:2F -> 00:21:45:00:00:78 unknown
18 138 0.849007 10.16.9.1 -> 10.0.11.10 TCP
19 175 0.882010 7E:8D:00:00:F3:2F -> 00:21:45:00:00:AD unknown
20 175 0.889013 36:72:00:00:F3:2F -> 00:21:45:00:00:AD unknown
21 118 0.988007 10.0.254.125 -> 10.0.8.15 UDP
22 118 0.988007 10.0.254.125 -> 10.0.8.16 UDP
23 70 1.003997 95:19:00:00:F2:2F -> 00:21:45:00:00:44 unknown
24 82 1.016997 10.16.9.1 -> 10.16.9.2 UDP
25 74 1.022002 10.16.9.1 -> 224.0.0.10 EIGRP
26 162 1.036045 95:1C:00:00:F2:2F -> 00:21:45:00:00:A0 unknown
27 60 1.147047 00:9A:D2:2D:B9:91 -> 10:51:72:1B:36:5A PPPoE Session Stage
28 82 1.218042 10.16.9.1 -> 10.16.9.2 UDP
29 82 1.218042 10.16.9.1 -> 10.16.9.2 UDP
30 60 1.218042 00:9A:D2:2D:BA:10 -> FF:FF:FF:FF:FF:FF ARP
31 122 1.293036 95:22:00:00:F2:2F -> 00:21:45:00:00:78 unknown
32 106 1.296041 10.16.9.1 -> 10.0.11.10 TCP
33 590 1.296041 10.16.9.1 -> 10.0.11.10 TCP
34 66 1.296041 10.16.9.1 -> 10.0.11.10 TCP
35 70 1.401032 95:23:00:00:F2:2F -> 00:21:45:00:00:44 unknown
36 82 1.418029 10.16.9.1 -> 10.16.9.2 UDP
37 70 1.442030 95:24:00:00:F2:2F -> 00:21:45:00:00:44 unknown
38 82 1.619023 10.16.9.1 -> 10.16.9.2 UDP
39 74 1.625019 10.16.9.1 -> 224.0.0.10 EIGRP
40 90 1.637027 95:39:00:00:F2:2F -> 00:21:45:00:00:58 unknown
41 78 1.642017 192.168.2.174 -> 192.168.2.1 UDP
42 159 1.642017 192.168.2.1 -> 192.168.2.174 UDP
43 88 1.764019 192.168.2.163 -> 192.168.2.1 UDP
44 163 1.765011 192.168.2.1 -> 192.168.2.163 UDP
45 82 1.819009 10.16.9.1 -> 10.16.9.2 UDP
46 94 1.881003 192.168.2.163 -> 224.0.0.251 UDP
47 75 1.887014 192.168.2.149 -> 192.168.2.1 UDP
48 96 1.888006 10.91.10.189 -> 114.114.114.114 UDP
49 75 1.898015 192.168.3.56 -> 192.168.3.1 UDP
50 86 1.899007 10.91.10.189 -> 114.114.114.114 UDP
51 120 1.928012 68:8F:84:EE:DC:E9 -> 00:9A:D2:2D:B9:90 PPPoE Session Stage
52 168 1.929004 192.168.2.1 -> 192.168.2.149 UDP
53 70 1.938998 192.168.3.56 -> 192.168.3.1 UDP
54 94 1.940005 10.91.10.189 -> 114.114.114.114 UDP
55 150 1.940005 68:8F:84:EE:DC:E9 -> 00:9A:D2:2D:B9:90 PPPoE Session Stage
56 90 1.941012 10.91.10.189 -> 114.114.114.114 UDP
57 70 1.947009 192.168.3.56 -> 192.168.3.1 UDP
58 182 1.979996 68:8F:84:EE:DC:E9 -> 00:9A:D2:2D:B9:90 PPPoE Session Stage
59 187 1.981004 192.168.3.1 -> 192.168.3.56 UDP
60 130 1.981004 68:8F:84:EE:DC:E9 -> 00:9A:D2:2D:B9:90 PPPoE Session Stage
61 187 1.982011 192.168.3.1 -> 192.168.3.56 UDP
62 131 1.982011 192.168.3.1 -> 192.168.3.56 UDP
63 98 1.990006 192.168.2.11 -> 224.0.0.251 UDP
64 82 2.018996 10.16.9.1 -> 10.16.9.2 UDP
65 91 2.184048 192.168.2.154 -> 224.0.0.251 UDP
66 77 2.218042 192.168.2.149 -> 192.168.2.1 UDP
67 125 2.221048 192.168.2.1 -> 192.168.2.149 UDP
68 82 2.221048 10.16.9.1 -> 10.16.9.2 UDP
69 145 2.221048 10.0.254.125 -> 10.0.8.15 UDP
70 145 2.221048 10.0.254.125 -> 10.0.8.16 UDP
71 189 2.269035 95:C1:00:00:F2:2F -> 00:21:45:00:00:BB unknown
72 88 2.288046 192.168.2.153 -> 192.168.2.1 UDP
73 163 2.288046 192.168.2.1 -> 192.168.2.153 UDP
74 88 2.289038 192.168.2.153 -> 224.0.0.251 UDP
75 70 2.294043 192.168.2.153 -> 192.168.2.1 ICMP
76 82 2.421035 10.16.9.1 -> 10.16.9.2 UDP
77 100 2.434035 04:B9:00:00:F2:2F -> 00:21:45:00:00:62 unknown
78 155 2.504023 192.168.2.149 -> 224.0.0.251 UDP
79 82 2.621022 10.16.9.1 -> 10.16.9.2 UDP
80 74 2.650027 10.16.9.1 -> 224.0.0.10 EIGRP
81 155 2.754010 192.168.2.149 -> 224.0.0.251 UDP
82 82 2.822015 10.16.9.1 -> 10.16.9.2 UDP
83 60 2.882010 38:C9:86:07:37:19 -> FF:FF:FF:FF:FF:FF ARP
84 94 2.885015 192.168.2.163 -> 224.0.0.251 UDP
85 74 2.954012 10.16.9.1 -> 224.0.0.10 EIGRP
86 155 3.011001 192.168.2.149 -> 224.0.0.251 UDP
87 82 3.022002 10.16.9.1 -> 10.16.9.2 UDP
88 82 3.222040 10.16.9.1 -> 10.16.9.2 UDP
89 82 3.222040 10.16.9.1 -> 10.16.9.2 UDP
90 60 3.222040 00:9A:D2:2D:BA:10 -> FF:FF:FF:FF:FF:FF ARP
91 382 3.265037 192.168.2.149 -> 224.0.0.251 UDP
92 82 3.421035 10.16.9.1 -> 10.16.9.2 UDP
93 56 3.566032 F0:18:98:A5:1E:6C -> 00:9A:D2:2D:BA:14 ARP
94 60 3.567023 00:9A:D2:2D:BA:14 -> F0:18:98:A5:1E:6C ARP
95 74 3.615025 10.0.254.125 -> 224.0.0.10 EIGRP
96 74 3.615025 10.0.254.125 -> 224.0.0.10 EIGRP
97 82 3.621022 10.16.9.1 -> 10.16.9.2 UDP
98 60 3.644015 00:9A:D2:2D:B9:90 -> 68:8F:84:EE:DC:E9 PPPoE Session Stage
99 82 3.823007 10.16.9.1 -> 10.16.9.2 UDP
简单看一下前3分报文的detail:
CDXY-449295-R01#show monitor capture A buffer detailed
-------------------------------------------------------------
# size timestamp source destination protocol
-------------------------------------------------------------
0 220 0.000000 192.168.2.149 -> 224.0.0.251 UDP
0000: 01005E00 00FB989E 633099A4 08004500 ..^.....c0....E.
0010: 00CEA794 0000FF11 6F51C0A8 0295E000 ........oQ......
0020: 00FB14E9 14E900BA FA4B0000 00000009 .........K......
0030: 00000000 0001085F 7363616E 6E657204 ......._scanner.
1 82 0.016997 10.16.9.1 -> 10.16.9.2 UDP
0000: 00000000 00000000 00000000 08004500 ..............E.
0010: 00444D29 0000FF11 485D0A10 09010A10 .DM)....H]......
0020: 0902169B 169B0030 E3220001 00010002 .......0."......
0030: 00280000 00010000 00005BEE 46BB0000 .(........[.F...
2 70 0.098054 94:C3:00:00:F2:2F -> 00:21:45:00:00:44 unknown
0000: 00214500 004494C3 0000F22F FDD52BF0 .!E..D...../..+.
0010: F4E90A5B 0ABD2000 08000001 E2404500 ...[.. ......@E.
0020: 00286C44 40003F06 A7710A00 0B0A0A10 .(lD@.?..q......
0030: 0901E3E2 0016FF84 FD094316 2CAB5010 ..........C.,.P.
当完成100个报文的抓取,此时EPC会自动停止了:
R01#sho monitor capture A
Status Information for Capture A
Target Type:
Interface: Control Plane, Direction : both
Status : Inactive
Filter Details:
Capture all packets
Buffer Details:
Buffer Type: LINEAR (default)
Buffer Size (in MB): 10
Limit Details:
Number of Packets to capture: 100
Packet Capture duration: 0 (no limit)
Packet Size to capture: 0 (no limit)
Maximum number of packets to capture per second: 1000
Packet sampling rate: 0 (no sampling)
我们可以一条命令指定:
R01#monitor capture A match ipv4 protocol tcp any any control-plane both limit packets 100 buffer size 10 circular interface GigabitEthernet 0/0/0
解释:配置EPC的名字为A,匹配ipv4的TCP协议,针对接口G0/0/0,源是any,目的也是any,抓取的是控制层面进出的报文,报文数量为100个,存储报文的的空间大小为10MB,采取当buffer满了时,丢掉旧报文的方式。
ISR4K-IOS XE EPC的更多相关文章
- Cisco IOS和IOS XE 新漏洞检测与修复
Cisco IOS/IOS XE 新漏洞检测与修复 CVE-2018-0150 Cisco IOS XE 存在默认弱口令 漏洞影响: 默认弱口令可以导致攻击者直远程登录控制Cisco设备.受影响版本, ...
- 为什么ISR4K、ASR1K等设备的QoS ACL没有显示计数?
思科的ISR4K和ASR1K设备都是IOS XE的架构,它们和传统的IOS架构是不一样的. 以ISR4K为例,和一般的IOS(例如ISR G2)有所区别,他的转发更依赖硬件完成,针对NAT或QoS应用 ...
- Embedded Packet Capture (EPC)
Embedded Packet Capture (EPC)是一个很好的抓包工具,在排障的时候,需要在线抓包的情况下,是一个非常好的选择. EPC在IOS和IOS-XE都是支持,不过,不同平台下有版本的 ...
- IOS XE-show memory
有些时候,我们可能会遇到IOS XE设备的high memory的情况.我们可以使用的命令去查看相关信息. 例如: Router# show version Router# show memory R ...
- 开源一个监控数据采集Agent:OpenFalcon-SuitAgent
OpenFalcon-SuitAgent 项目地址:github 版本说明 本系统版本划分如下 alpha:内部测试版(不建议使用于生产环境) beta:公开测试版(不建议使用于生产环境) final ...
- 开源流量分析系统 Apache Spot 概述(转)
原文地址http://blog.nsfocus.net/apache-spot/ Apache Spot 是一个基于网络流量和数据包分析,通过独特的机器学习方法,发现潜在安全威胁和未知网络攻击能力的开 ...
- IPSec无法建立?注意第一阶段hash sha !
该篇注意记录一下,有些情况下,我们配置了IPSec ,但是就是无法建立,发现连第一阶段都无法建立起来. 1.检查配置无问题 2.开启debug crypto isakmp发现有IKE的重传 3.sho ...
- SPAN, RSPAN, ERSPAN
该文档摘自:Home > CCIE Routing and Switching Study Group > Discussions 由 Deben 于 2015-2-6 上午6:50 创建 ...
- 思科Catalyst 9K
思科的新一代产品Catalyst9K,里面涉及了Catalyst9200.Catalyst9300.Catalyst9400.Catalyst9500.Catalyst9600和Catalyst980 ...
随机推荐
- 安装pecl
$ wget http://pear.php.net/go-pear.phar $ php go-pear.phar //php版本 < 7 $ yum install php-pear // ...
- 【C语言】已知三角形三边长,求三角形面积
一. 数学基础: 已知三角形的三边,计算三角形面积,需要用到海伦公式: 即p=(a+b+c)/2 二. 算法: 输入三个边长,套用海伦公式计算面积,并输出. 可以先判断是否可以构成三角形,即任意两边之 ...
- SRAM速度提升思路及方法
SRAM总体分为两大部分,一部分是存储阵列,另一部分是外围辅助电路.提高SRAM工作速度从这两大方面着手. ·存储阵列 对于存储阵列,首先可以通过降低工艺节点,以达到提高器件本身速度,从而提高整体SR ...
- 【做题笔记】P2871 [USACO07DEC]手链Charm Bracelet
就是 01 背包.大意:给您 \(T\) 个空间大小的限制,有 \(M\) 个物品,第 \(i\) 件物品的重量为 \(c_i\) ,价值为 \(w_i\) .要求挑选一些物品,使得总空间不超过 \( ...
- python如何用sqlalchemy操作数据库
工具:mysql python sqlalchemy ---------------------------------------- 准备工作: 1.安装mysql 如果是window环境请参考 ...
- HDU 1326 Box of Bricks(思维)
Little Bob likes playing with his box of bricks. He puts the bricks one upon another and builds stac ...
- bugku web4
打开打开,刚刚有个sb问我借lol号玩,浪费时间 继续干正事 随便输入后,提示 再好好看看... 出题人语文肯定不好 ,,,应该是这个 ‘再’ 吧 那我们查看源码 将那么明显的两行 进行 ...
- bugku 头等舱
先查看题目发现页面是这一个 然后打开后台F12 发现后台什么也没有 然后使用抓包burpsuit 然后发现答案就在其中 (首先右键转到repeater然后点击go)
- tomcat在win10系统中安装失败的问题,修改tomcat内存
自己以前在其他系统上安装tomcat服务都没有问题,但是在win10系统上安装就经常出现问题,自己总结了一下安装步骤: 1.首先需要配置环境变量, CATALINA_HOME 2.修改service. ...
- 前端知识之css
css的几种引入方式 行内样式 行内式是在标记的style属性中设定css样式,不推荐大规模使用 <p style='color:red'>hello world</p> 内部 ...