EdgeMAX - 在多接口的 EdgeRouter 路由器上面抓包来进行路由器错误调试

 

下面是在路由器上面抓包的步骤:

我的网络环境中,我无法访问 www.ups.com 我需要查询我的 DNS .  运行 ‘dig’ 命令在 mac 电脑上面

Erics-MacBook-Pro-2:~ erosenbe$ dig www.ups.com @4.2.2.1; <<>> DiG 9.8.3-P1 <<>> www.ups.com @4.2.2.1;; global options: +cmd;; Got answer:;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14300;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0;; QUESTION SECTION:;www.ups.com.INA;; ANSWER SECTION:www.ups.com.254INCNAMEwww.ups.com.akadns.net.www.ups.com.akadns.net.254INCNAMEwww.upsprodcidr2.com.akadns.net.www.upsprodcidr2.com.akadns.net. 30 INCNAMEorigin.www.ups.com.origin.www.ups.com.2149INA153.2.224.50origin.www.ups.com.2149INA153.2.228.50;; Query time: 170 msec;; SERVER: 4.2.2.1#53(4.2.2.1);; WHEN: Fri Apr 19 09:09:26 2013;; MSG SIZE rcvd: 149Erics-MacBook-Pro-2:~ erosenbe$ 

接下来在 mac 电脑上面抓包

Erics-MacBook-Pro-2:~ erosenbe$ tcpdump -i en0 -s 0 -w UPSCapMac.cap host 153.2.224.50tcpdump: listening on en0, link-type EN10MB (Ethernet), capture size 65535 bytes^C11 packets captured1607 packets received by filter0 packets dropped by kernelErics-MacBook-Pro-2:~ erosenbe$ 

在 EdgeRouter 路由器出口上面抓包,這里出口是 eht0 口

ubnt@plunger:~$ sudo tcpdump -i eth0 -s 0 -w UPSCapPlungerETH0.cap host 153.2.224.50tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes^C29 packets captured29 packets received by filter0 packets dropped by kernelubnt@plunger:~$ 

在开启一个 SSH 会话,抓取路由器的进口包,在 eth1 口上面抓取 NAT 报文的包

ubnt@plunger:~$ sudo tcpdump -i eth1 -s 0 -w UPSCapPlungerETH1.cap host 153.2.224.50tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes^C26 packets captured26 packets received by filter0 packets dropped by kernelubnt@plunger:~$ 

为了达到最好的测试效果,可以在 mac 电脑上面打开 www.ups.com 的 80 端口的 TCP 会话在 上面,可以使用 telnet 应用来测试

Erics-MacBook-Pro-2:~ erosenbe$ telnet 153.2.224.50 80Trying 153.2.224.50...telnet: connect to address 153.2.224.50: Operation timed outtelnet: Unable to connect to remote hostErics-MacBook-Pro-2:~ erosenbe$  

当抓取到想要抓取的数据包后,取消三个报文的抓取,然后从 EdgeRouter 复制到 mac 电脑上面

Erics-MacBook-Pro-2:~ erosenbe$ scp ubnt@192.168.0.1:/home/ubnt/UPSCapPlungerETH0.cap .Welcome to EdgeOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement (available in the Web UI at, by default,http://192.168.1.1) and agree to be bound by its terms.ubnt@192.168.0.1's password:UPSCapPlungerETH0.cap 100% 2100 2.1KB/s 00:00Erics-MacBook-Pro-2:~ erosenbe$Erics-MacBook-Pro-2:~ erosenbe$ scp ubnt@192.168.0.1:/home/ubnt/UPSCapPlungerETH1.cap .Welcome to EdgeOSBy logging in, accessing, or using the Ubiquiti product, youacknowledge that you have read and understood the UbiquitiLicense Agreement (available in the Web UI at, by default,http://192.168.1.1) and agree to be bound by its terms.ubnt@192.168.0.1's password:UPSCapPlungerETH1.cap 100% 2100 2.1KB/s 00:00Erics-MacBook-Pro-2:~ erosenbe$ 

 

 可以下载 wireshark 软件来打开电脑上面保存的抓取到的包,来进行报文的分析