- страничка продукта http://cisco.com/go/waas
- система куплена вместе с компанием actona
- на WAE есть tcpdump и wireshark:
WAE1#tcpdump -h
tcpdump version 3.8.1 (jlemon)
libpcap version 0.8
Usage: tcpdump [-aAdDeflLnNOpqRStuUvxX] [-c count] [ -C file_size (kB) ]
[ -E algo:secret ] [ -F file ] [ -i interface ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -y datalinktype ]
[ -M max_log_files ] [ expression ]
WAE1#tcpdump -D
1.eth0
2.eth2
3.eth4
4.eth5
5.any (Pseudo-device that captures on all interfaces)
6.lo
WAE1#tcpdump -i eth4 -n
tcpdump: WARNING: eth4: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
19:38:30.642777 01:00:0c:cc:cc:cd > 00:1e:79:c4:e6:81 sap aa ui/C len=39
0100 0ccc cccd 001e 79c4 e681 8100 e00a
0032 aaaa 0300 000c 010b 0000 0000 0080
0000 02fd a7d6 c000 0000 1380 0a00 1e79
c4e6 8080 0101
19:38:30.834835 00:1e:79:c4:e6:81 > 01:00:0c:cc:cc:cc sap aa ui/C len=35
19:38:31.849711 01:00:0c:cc:cc:cd > 00:1e:79:c4:e6:81 sap aa ui/C len=39
0100 0ccc cccd 001e 79c4 e681 8100 e00b
0032 aaaa 0300 000c 010b 0000 0000 0080
0b00 1e79 c4e6 8000 0000 0080 0b00 1e79
c4e6 8080 0100
19:38:32.648268 01:00:0c:cc:cc:cd > 00:1e:79:c4:e6:81 sap aa ui/C len=39
0100 0ccc cccd 001e 79c4 e681 8100 e00a
0032 aaaa 0300 000c 010b 0000 0000 0080
0000 02fd a7d6 c000 0000 1380 0a00 1e79
c4e6 8080 0101
19:38:33.492675
WAE1#tethereal -h
TShark 1.0.0
Dump and analyze network traffic.
See http://www.wireshark.org for more information.
Copyright 1998-2008 Gerald Combs and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Usage: tshark [options] ...
Capture interface:
-i interface name or idx of interface (def: first non-loopback)
-f filter packet filter in libpcap filter syntax
-s snaplen packet snapshot length (def: 65535)
-p don't capture in promiscuous mode
-y link-type link layer type (def: first appropriate)
-D print list of interfaces and exit
-L print list of link-layer types of iface and exit
Capture stop conditions:
-c packet-count stop after n packets (def: infinite)
-a autostop ... duration:NUM - stop after NUM seconds
filesize:NUM - stop this file after NUM KB
files:NUM - stop after NUM files
Capture output:
-b ringbuffer ... duration:NUM - switch to next file after NUM secs
filesize:NUM - switch to next file after NUM KB
files:NUM - ringbuffer: replace after NUM files
Input file:
-r infile set the filename to read from (no pipes or stdin!)
Processing:
-R read-filter packet filter in Wireshark display filter syntax
-n disable all name resolutions (def: all enabled)
-N name-resolution-flag enable specific name resolution(s): "mntC"
-d layer-type==selector,decode-as-protocol ...
"Decode As", see the man page for details
Example: tcp.port==8888,http
Output:
-w output set the output filename (or '-' for stdout)
-C config start with specified configuration profile
-F outout-type
an empty "-F" option will list the file types
-V add output of packet tree (Packet Details)
-S display packets even when writing to a file
-x add output of hex and ASCII dump (Packet Bytes)
-T pdml|ps|psml|text|fields
format of text output (def: text)
-e field field to print if -Tfields selected (e.g. tcp.port);
this option can be repeated to print multiple fields
-E option=value set options for output when -Tfields selected:
header=y|n switch headers on and off
separator=/t|/s| select tab, space, printable character as separator
quote=d|s|n select double, single, no quotes for values
-t ad|a|r|d|dd|e output format of time stamps (def: r: rel. to first)
-l flush standard output after each packet
-q be more quiet on stdout (e.g. when using statistics)
-X key:value eXtension options, see the man page for details
-z stats various statistics, see the man page for details
Miscellaneous:
-h display this help and exit
-v display version info and exit
-o option:value ... override preference setting
WAE1#tethereal -i eth4
Running as user "admin" and group "root". This could be dangerous.
Capturing on eth4
0.000000 00:1b:53:50:0a:c0 -> 00:1b:53:50:0a:c0 LOOP Reply
0.643978 00:1e:79:c4:e6:81 -> 01:00:0c:cc:cc:cd STP Conf. Root = 32779/00:1e:79:c4:e6:80 Cost = 0 Port = 0x8001
1.155038 00:1e:79:c4:e6:81 -> 01:00:0c:cc:cc:cd STP Conf. Root = 32768/00:02:fd:a7:d6:c0 Cost = 19 Port = 0x8001
1.700815 00:1e:79:c4:e6:81 -> 00:1e:79:c4:e6:81 LOOP Reply
2.648238 00:1e:79:c4:e6:81 -> 01:00:0c:cc:cc:cd STP Conf. Root = 32779/00:1e:79:c4:e6:80 Cost = 0 Port = 0x8001
3.152556 00:1e:79:c4:e6:81 -> 01:00:0c:cc:cc:c6 packets captured
- на WAE есть grep
WAE1#sh run | in -h
Usage: grep [OPTION]... PATTERN [FILE]...
Try `grep --help' for more information.
WAE1#
- логин/пароль по умолчанию весьма оригинальны: admin/default
продолжение следует