文件列表:

packetStorm.pl (18078, 2006-02-07)

//--\\ // __ //--\ // // // /== // //___/ //---//\ /-- //== /-- =/= \\__ =/= /-/ /\\ /\/\ / //-\\__// \_/__ /_ ///__/_/_/ \\_//\/\\ _/ ___// // \\ #帮助菜单 C:\Perl\scripts\Packetstorm>packetStorm.pl -? >>packetStorm.pl, V1.3 -?|-h|--help print help #打印帮助 -l|--list_device list supported device #列出系统支持的设备 -v|--verbose print more information #打印更多数据 -p|--promisc enable promisc #使用混杂模式 -n|--counter capture counter #抓包数量 -t|--pretty_table enable pretty table #使用文本表格方式打印结果 -d|--device select device #选择抓包设备 -e|--eth_type eth_type, arp or ip(default) #设置帧协议类型，arp 或ip -i|--ip_proto ip_proto, icmp udp or tcp(default) #设置三层协议类型 --arp_spa ARP, source protocol address #以下为各协议支持的Caputer Filters --arp_tpa ARP, target protocol address --arp_pa ARP, src/target protocol address --arp_opcode ARP, opcode, 1(Request) 2(Reply) --src_ip IP, source ip --dest_ip IP, destination ip --host IP, src/dest ip --icmp_type ICMP, icmp type --src_port TCP/UDP, source port --dest_port TCP/UDP, destination port --port TCP/UDP, src/dest port --tcp_flag TCP, tcp flag by shanleiguang@he.chinamobile.com, 2006/01 #列出当前系统支持的网络设备 C:\Perl\scripts\Packetstorm>packetStorm.pl -l +-----------------------------------------------------------------------------------+ | Supported Devices | +---+------+------------------------------------------------------------------------+ | 1 | dev | \Device\NPF_GenericDialupAdapter | +---+------+------------------------------------------------------------------------+ | | desc | Generic dialup adapter | +---+------+------------------------------------------------------------------------+ | 2 | dev | \Device\NPF_{5***1D162-D83C-4E2E-9057-3C1420D0D650} | +---+------+------------------------------------------------------------------------+ | | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) | +---+------+------------------------------------------------------------------------+ #选择2号设备，分析ARP协议包 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 --eth_type arp +-----------------------------------------------------------------------------------+ | Selected Device | +---+------+------------------------------------------------------------------------+ | 2 | dev | \Device\NPF_{5***1D162-D83C-4E2E-9057-3C1420D0D650} | +---+------+------------------------------------------------------------------------+ | | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) | +---+------+------------------------------------------------------------------------+ 2006/02/07 11:14:44 , packets are storming... [1]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.58, ARP_REQUEST [2]. 00:E0:FC:47:85:45->00:00:00:00:00:00, xxx.xxx.xxx.33->xxx.xxx.xxx.40, ARP_REQUEST [3]. 08:00:46:CD:DE:A3->00:00:00:00:00:00, xxx.xxx.xxx.60->xxx.xxx.xxx.34, ARP_REQUEST [4]. 00:11:F9:C8:59:F1->08:00:46:CD:DE:A3, xxx.xxx.xxx.34->xxx.xxx.xxx.60, ARP_REPLY #选择2号设备，将设备设置到promisc模式，分析ARP协议包，打印更多数据、采用表格方式输出 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vpt --eth_type arp +-----------------------------------------------------------------------------------+ | Selected Device | +---+------+------------------------------------------------------------------------+ | 2 | dev | \Device\NPF_{5***1D162-D83C-4E2E-9057-3C1420D0D650} | +---+------+------------------------------------------------------------------------+ | | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) | +---+------+------------------------------------------------------------------------+ 2006/02/07 11:31:08 , packets are storming... =No.1=========================================================================== +----------------------------------------------+ | Ethernet Frame Header | +-------------------+-------------------+------+ | src_mac | dest_mac | type | +-------------------+-------------------+------+ | 00:E0:FC:47:85:45 | FF:FF:FF:FF:FF:FF | 2054 | +-------------------+-------------------+------+ +------------------------------------------------------+ | ARP Header | +--------+-------------------+-----+-------------------+ | sha | 00:E0:FC:47:85:45 | tha | 00:00:00:00:00:00 | +--------+-------------------+-----+-------------------+ | spa | xxx.xxx.xxx.33 | tpa | xxx.xxx.xxx.40 | +--------+-------------------+-----+-------------------+ | opcode | ARP_REQUEST | - | - | +--------+-------------------+-----+-------------------+ ... .... #设置抓包总数为4，打印源地址或目的地址为xxx.xxx.xxx.33的ICMP消息 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -n 4 -vp --ip_proto icmp host xxx.xxx.xxx.33 +-----------------------------------------------------------------------------------+ | Selected Device | +---+------+------------------------------------------------------------------------+ | 2 | dev | \Device\NPF_{5***1D162-D83C-4E2E-9057-3C1420D0D650} | +---+------+------------------------------------------------------------------------+ | | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) | +---+------+------------------------------------------------------------------------+ 2006/02/07 11:31:52 , packets are storming... [1]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0 data:abcdefghijklmnopqrstuvwabcdefghi [2]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0 data:abcdefghijklmnopqrstuvwabcdefghi [3]. xxx.xxx.xxx.60->xxx.xxx.xxx.33, proto:1(ICMP), type:8(Echo) code:0 data:abcdefghijklmnopqrstuvwabcdefghi [4]. xxx.xxx.xxx.33->xxx.xxx.xxx.60, proto:1(ICMP), type:0(Echo Reply) code:0 data:abcdefghijklmnopqrstuvwabcdefghi #分析端口为80有关的TCP数据包，并解析HTTP请求和响应 C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --port 80 +-----------------------------------------------------------------------------------+ | Selected Device | +---+------+------------------------------------------------------------------------+ | 2 | dev | \Device\NPF_{5***1D162-D83C-4E2E-9057-3C1420D0D650} | +---+------+------------------------------------------------------------------------+ | | desc | Intel(R) PRO/100 VE Network Connection (Microsoft's Packet Scheduler) | +---+------+------------------------------------------------------------------------+ 2006/02/07 11:32:28 , packets are storming... [1]. xxx.xxx.xxx.60:1461->***.233.189.104:80, proto:6(TCP) flags:2(SYN), seq:1803756956, ack:0 [2]. ***.233.189.104:80->xxx.xxx.xxx.60:1461, proto:6(TCP) flags:18(ACK|SYN), seq:3270740938, ack:1803756957 ? (Unknown code) [3]. xxx.xxx.xxx.60:1461->***.233.189.104:80, proto:6(TCP) flags:16(ACK), seq:1803756957, ack:3270740939 [4]. xxx.xxx.xxx.60:1461->***.233.189.104:80, proto:6(TCP) flags:24(ACK|PSH), seq:1803756957, ack:3270740939 GET /intl/zh-CN/ HTTP/1.1 Connection: Keep-Alive Accept: */* Accept-Encoding: gzip, deflate Accept-Language: zh-cn Host: www.google.com User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Cookie: rememberme=true; SID=DQAAAG0AAABo695dhiPsrgNSPcjGe5QC9Lu9zghZ2fYaqGluOEgt-hDchwjTLWd80w kzmIS0laQfP2lHARL07ftgnlJWGB3QcekxL2me_RYeTS5bYVA9Oy3icUWk3eMrZFkkKhi9jY8IvTwO2QRqgOenSwxi6Z0C; PREF =ID=c169eba93e0c57bd:NW=1:TM=1139126941:LM=1139126941:GM=1:S=1N_Yf11M0uzWcd6J #分析目的端口为23的TCP数据包，并使用Telnet协议进行解析和打印（注意用户名和密码！） C:\Perl\scripts\Packetstorm>packetStorm.pl -d 2 -vp --dest_port 23 .... By shanleiguang@he.chinamobile.com, 2006/01

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：