定义ACL规则,抓点对点的UDP包
sy
acl 3001
rule 5 permit udp source 10.24.26.112 0 destination 10.24.200.6 0
rule 10 permit udp source 10.24.200.6 0 destination 10.24.26.112 0
q
使用规则抓包,结果输出到终端
capture-packet interface GigabitEthernet 0/0/24 acl 3001 destination terminal time-out 300
使用snmp命令调用
snmpwalk -v 2c -c public123 10.24.200.6 .1.3.6.1.2.1.1.1.0
交换机返回结果
Packet: 1
-------------------------------------------------------
68 8f 84 03 d6 5f 38 4c 4f 89 c8 b6 81 00 00 c8
08 00 45 00 00 47 0b fa 00 00 7f 11 39 06 0a 18
1a 70 0a 18 c8 06 c0 3b 00 a1 00 33 c3 7f 30 29
02 01 00 04 09 70 75 62 6c 69 63 31 32 33 a0 19
-------------------------------------------------------
------------------packet getting report-----------------------
file: NULL
packets getting: interface GigabitEthernet0/0/24
acl: 3001
vlan: - cvlan: -
car: 64kbps timeout: 300s
packets: 100 (expected) 1 (actual)
length: 64 (expected)
跟wireshark对比,多了00 00 c8
其他都一样,交换机封包的时候途经的交换机会替换成自己的mac,之后根据含义拆分就行了
Packet: 1
-------------------------------------------------------
68 8f 84 03 d6 5f 38 4c 4f 89 c8 b6 81 00 00 c8 #68 8f 84 03 d6 5f 源mac地址 38 4c 4f 89 c8 b6 目标mac地址
08 00 45 00 00 47 0b fa 00 00 7f 11 39 06 0a 18 # 08 00 IP头部 0a 18 1a 70 对应源ip 10.24.26.112
1a 70 0a 18 c8 06 c0 3b 00 a1 00 33 c3 7f 30 29 # 0a 18 c8 06 对应目标ip 10.24.200.6
02 01 00 04 09 70 75 62 6c 69 63 31 32 33 a0 19 # 团体名70 75 62 6c 69 63 31 32 33 对应团体名 public123
-------------------------------------------------------
SNMP v1 v2c版本可以通过抓包看到团体名
最后记得上交换机取消掉抓包的ACL规则
sy
undo acl 3001