epc培訓(xùn)課件atca sgsn抓包tcpdump指導(dǎo)手冊(cè)v1

1、ATCASGSN抓包工具 TCPDUMP 指導(dǎo)手冊(cè) V1.0Change HistoryIeDateHandled byComments1.02012/07/12ver和其他 linux 系樣，ATCA SGSN 提供 tcpdump 命令，使用起來(lái)比較方便TCPDUMP in SGSN works like any other TCPDUMP. You can prTCP packet flowon the screen or log the messages on a disk file. However, saving the disk is notvery useful because

2、 the file is stored to the RAM disk ofIX, and the size ofthe RAM disk is 1 MB. Thus the 780 kBs.You can find the TCPDUMP Converin NOLS.um size of the stored file can be approximayTools for SGSNhe release software build使用舉例：1.加載 DPDUMPGX 模塊 ZDDS:GBU,0; ZLE:1,DPDUMPGX;2.創(chuàng)建和查看 monitore 端口比如查看 GBU-0 端口

3、A0-DPD MLel0 el1 emb0 emb1 el4 el5 vlan19vlan111 vlan222 vlan301 vlan1019 vlan1301 vlan1502 vlan1512語(yǔ)法參考：Maction:MA: - adderface to be monitoredcreate monitoringdestroy monitoringerfaceerfaceMF: - set monitoring direction (B = both; T = tx; R = rx)ML- list currently configurederfaMR: - removeerface

4、to be monitoredExMCles:(create mon0erface) (attach el0 to mon0)(attach el2 to mon0)MA:EL0 MA:EL2 MF:RML(monitor onlying traffic)(listerfa)Note:- It ismended to remove monitoringerface when not needed- If you attach both physical and vlanpackets will be doublederface for monitoring,3. 對(duì)接口進(jìn)行抓包(對(duì) el0 接

5、口進(jìn)行抓包) A0-DPD Z1T:-i,el0,-xx,-s,0-xx 和-s,0 是必須給的參數(shù)，否則工具 X2e 無(wú)法正確對(duì) GTPV1 進(jìn)行抓包Z1T:-i,-n,-xx,port,2123,or,port,2152對(duì)主機(jī) 10.102.70.77 進(jìn)行抓包Z1T:-i,-n,-xx,host,10.102.70.77語(yǔ)法參考T:Most of the tcpdump options work. Check man pages:Typical options:-c-iExit after receiving count packets.Listen onerface. If unspe

6、cified, tcpdump searches the systemerface list for the lowest numbered, configured uperface(excluding loack). Ties are broken by choosing the earst match.-nDont convert addresses (i.e., host addresses, port numbers,etc.) to names.-sSnaraplen bytes of data from each packet rathern the defaultof 68. 6

7、8 bytes is adequate for IP, ICMP, TCP and UDP but may truncateprotocol information e.g from name server. Packets truncated becauseof a limited snapshot are indicatedhe output with |proto,where proto is the name of the protocol level at which the truncationhas occurred. Notet taking larger snapshots

8、both increases the amountof time it takes to pros packets and, effectively, decreases the amountof packet buffering. This may cause packets to be lost. You should limitsnaplen to the smallest numbert will capture the protocol informationyoureerested in. Setting snaplen to 0 means use the required le

9、ngthto catch whole packets.-t-vDont pra timeston each dump line.When parsing and pring, produce (slightly more) vere outputfor exle, the time to live, identification, total lengndoptions in an IP packet are pred.Also enables additional packetegrity checkch as verifying the IP and ICMP header checksu

10、m.-xPreach packet (minus its link level header) in hex. The smallerof the entire packet or snaplen bytes will be pred.-XWhen pring hex, prascii too. Thus if -x is also set, the packetis pred in hex/ascii.Exles:T:-i,el0T:-i,el0,-vT:-i,el0,sctpT:-i,el0,sctp,port,29054. 保存屏幕打印的抓包日志5. 用工具進(jìn)行轉(zhuǎn)換成 wireshark 包，注意選擇 t2e工具- Convert typehe list:d2e: t2e: s2e:old DPDUMP service terminal extentcpdump (old (including chorus) and new dpdump) S3DRO