proc工具 $ ps PID TTY TIME CMD 806 pts/3 0:00 ps 368 pts/3 0:00 sh $ pflags 368 368: -sh data model = _ILP32 flags = PR_ORPHAN /1: flags = PR_PCINVAL % pmap 823 //进程的地址空间分配,和需要执行的库 823
proc工具 $ ps PID TTY TIME CMD 806 pts/3 0:00 ps 368 pts/3 0:00 sh $ pflags 368 368: -sh data model = _ILP32 flags = PR_ORPHAN /1: flags = PR_PCINVAL % pmap 823 //进程的地址空间分配,和需要执行的库 823: -csh 08043000 20K rw--- [ stack ] 08050000 128K r-x-- /usr/bin/csh 08070000 12K rwx-- /usr/bin/csh 08073000 68K rwx-- [ heap ] DD9C0000 8K r-x-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2 DD9D1000 4K rwx-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2 DD9E0000 324K r-x-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2 DDA40000 8K rwx-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2 DDA60000 4K rwx-- [ anon ] DDA70000 628K r-x-- /usr/lib/libc.so.1 DDB1D000 24K rwx-- /usr/lib/libc.so.1 DDB23000 4K rwx-- /usr/lib/libc.so.1 DDB30000 152K r-x-- /usr/lib/libcurses.so.1 DDB66000 28K rwx-- /usr/lib/libcurses.so.1 DDB6D000 8K rwx-- /usr/lib/libcurses.so.1 DDB80000 4K r-x-- /usr/lib/libdl.so.1 DDB90000 292K r-x-- /usr/lib/ld.so.1 DDBE9000 16K rwx-- /usr/lib/ld.so.1 DDBED000 8K rwx-- /usr/lib/ld.so.1 total 1740K $ pldd 830 //与每个进程链接的动态库列表 830: -sh /usr/lib/libgen.so.1 /usr/lib/libc.so.1 /usr/lib/libdl.so.1 /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2 /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2 $ psig 830 //与进程相关的的信号列表 830: -sh HUP caught done 0 INT caught 0x8059a30 0 QUIT caught 0x8059a30 0 ILL caught done 0 TRAP caught done 0 ABRT caught done 0 EMT caught done 0 FPE caught done 0 KILL default BUS caught done 0 SEGV caught 0x8059f70 ONSTACK,SIGINFO $ pstack 830 //以十六进制格式查看进程堆栈跟踪 830: -sh ddacedf7 waitid (0, 353, 8047d40, 83) ddaeeea7 _waitpid (353, 8047df8, 80) + 66 ddb30581 waitpid (353, 8047df8, 80) + 21 08062319 ???????? (8078c44) 08062cef postjob (353, 1) + ce 0805d1e9 execute (8079374, 0, 0) + 801 08055b61 ???????? (0) 080559b5 main (1, 8047eb4, 8047ebc) + 4d9 08055427 ???????? () $ pfiles 830 //每个进程所打开的所有文件 830: -sh Current rlimit: 256 file des criptors 0: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2 O_RDWR 1: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2 O_RDWR 2: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2 O_RDWR $ pwdx 830 //获取该进程当前的工作目录 830: /export/home/wing $ ptree 830 //获父进程与子进程的关系 179 /usr/sbin/inetd -s 828 in.telnetd 830 -sh 854 ptree 830 lsof 工具-需下载安装,本身没有自带 软件管理 pkgadd #pkgadd -d /tem softwarename 软件名gpw-6.94-sol8-intel-local.gz #gunzip gpw-6.94-sol8-intel-local.gz #head gpw-6.94-sol8-intel-local.gz //查看文件的版本信息 #pkgadd -d gpw-6.94-sol8-intel-local.gz install #install -c /opt/s cripts -m 0755 -u bin -g sysadmin /tmp/setup_s cript //目标路径 权限 用户 组 源路径 pkginfo #pkginfo //安装了的软件包 pkgchk #pkgchk pkginst //检查软件包的完整性 #pkgchk -f pkginst //处理软件包问题 #pkgchk -n pkginst //忽略包的不稳定性 #pkgchk -l -p /usr/bin/mydir //获取已安装文件的包属性 pkgrm #pkgrm pkginst //删除软件包 #pkgrm pkginst1 pkginst2 //同时删除多个包 showrev #showrev -p //显示已安装的补丁 patchadd #patchadd patchname //安装补丁 #patchadd -M patch1 patch2 //同时安装多个补丁 #patchadd -d -R /export/mars /var/spool/patch/11102-12 //目的 源路径 //不允许对补丁安装进行现场恢复 补丁安装实例 2.6_Recommended.tar.z 补丁名 1 #df -k dir //查看该目录的大小 #tar xvf 2.6_Recommended.tar.z #./install 参数 功能 -B 指定存储恢复现场信息的目录,而不是默认目录 -C 如果需要,指定需要打补丁的网络安装映象的路径 -d 不接受可恢复现场的补丁安装 -M 指定定位补丁的可选目录 -p 打印所有已安装的补丁列表 -u 不让文件安装生效 -R 为客户安装指定可选根目录 -S 从服务器为客户端安装补丁,客户机共享服务器操作系统目录 patchrm #patchrm patchname // 删除补丁 #patchrm -C /export/solaris_2.9/tools/1065-15 //从客户端系统删除补丁 引导和启动过程、ok模式 #shutdown #reboot #init 0 #boot -r ok setenv boot-device disk //将默认的启动设备改为disk boot-device = disk ok printenv boot-device //验正启动设备 boot-device disk disk ok reset ok test net //测试回路网络设备 ok watch-clock //测试时钟设备 ok boot -r //重新引导系统 ok boot net //从网络启动 ok boot cdrom //从光盘启动 ok boot floppy //从软盘启动 ok boot tape //从磁带引导系统 ok watch-net //检查网络是否联通 ok probe-scsi //检查系统检测出的所有磁盘设备,并得到可用的设备列表 ok banner //检测内存、系统固件的openboot版本信息 ok boot -s //进入单用户模式 #reboot -l -- -r //重新引导不在系统日记里记录 #shutdown - i 0 -g 120 -y #sync;init 0 #traceroute www.abc.com wall #wall init #init q //重新初始化运行级别 #init 0 //硬件维护模式 #init 1 //单用户模式 #init 2 //NFS不可用 #init 3 //NFS可用 #init 4 //用户定义状态 #init 5 //关闭系统电源 #init 6 //挂起操作系统 #init s //进入管理状态 网络配置 etc/hostname.interface //是这块网卡的名字或机器的名字 # cat hostname.pcn0 wing # cat hosts # # Internet host table # 127.0.0.1 localhost 192.168.0.11 wing # hostname wing # cat netmasks 192.168.0.0 255.255.255.0 #ifconfig le0 172.16.255.1 netmask 255.255.255.0 配置网络端口状态 #ifconfig le0 up/down 配置网络端口是否可用 #ifconfig le0 plumb/unplumb #ifconfig -a 这个地址只有root用户使用时才显示。如果一个非root用户使用ifconfig命令,那么只有IP地址 # ifconfig -a lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1 inet 127.0.0.1 netmask ff000000 hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2 inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255 ether 8:0:20:a2:11:de # #ifconfig le0 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255 up banner 你也可以在系统还没有启动时在ok提示符下敲入banner来找到MAC地址,CPU 型号和频率。 ok banner un Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard Present OpenBoot 3.1.1 64 MB memory installed, Serial #9361102. Ethernet address 8:0:20:8e:d6:ce, HostID: 808ed6ce. # arp -a //登陆用户 Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c pcn0 wing 255.255.255.255 SP 00:0c:29:19:a1:54 pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 # netstat // 网络状态 TCP: IPv4 Local Address Remote Address Swind Send-Q Rwind Recv-Q State -------------------- -------------------- ----- ------ ----- ------ ------- wing.telnet 192.168.0.1.1030 7168 0 66608 0 ESTABLISHED wing.telnet 192.168.0.1.1032 6253 1 66608 0 ESTABLISHED Active UNIX domain sockets Address Type Vnode Conn Local Addr Remote Addr df187cc0 stream-ord dee4c1c0 00000000 /tmp/.X11-unix/X0 df187de8 stream-ord 00000000 00000000 # # netstat -r //查看路由表 Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 wing U 1 3 pcn0 224.0.0.0 wing U 1 0 pcn0 default wing UG 1 0 localhost localhost UH 2 6 lo0 # netstat -g Group Memberships: IPv4 Interface Group RefCnt --------- -------------------- ------ lo0 224.0.0.1 1 pcn0 224.0.0.1 1 # netstat -p Net to Media Table: IPv4 Device IP Address Mask Flags Phys Addr ------ -------------------- --------------- ----- --------------- pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c pcn0 solaris9 255.255.255.255 SP 00:0c:29:80:4c:0a pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00 # # netstat -s RAWIP rawipInDatagrams = 0 rawipInErrors = 0 rawipInCksumErrs = 0 rawipOutDatagrams = 0 rawipOutErrors = 0 UDP udpInDatagrams = 923 udpInErrors = 0 udpOutDatagrams = 928 udpOutErrors = 0 TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400 tcpRtoMax = 60000 tcpMaxConn = -1 tcpActiveOpens = 18 tcpPassiveOpens = 21 tcpAttemptFails = 0 tcpEstabResets = 0 tcpCurrEstab = 31 tcpOutSegs = 715 tcpOutDataSegs = 524 tcpOutDataBytes = 52210 tcpRetransSegs = 0 tcpRetransBytes = 0 tcpOutAck = 191 tcpOutAckDelayed = 90 tcpOutUrg = 0 tcpOutWinUpdate = 0 tcpOutWinProbe = 0 tcpOutControl = 47 tcpOutRsts = 0 tcpOutFastRetrans = 0 tcpInSegs = 925 tcpInAckSegs = 505 tcpInAckBytes = 52216 tcpInDupAck = 7 tcpInAckUnsent = 0 tcpInInorderSegs = 524 tcpInInorderBytes = 45645 tcpInUnorderSegs = 0 tcpInUnorderBytes = 0 tcpInDupSegs = 0 tcpInDupBytes = 0 tcpInPartDupSegs = 0 tcpInPartDupBytes = 0 tcpInPastWinSegs = 0 tcpInPastWinBytes = 0 tcpInWinProbe = 0 tcpInWinUpdate = 0 tcpInClosed = 0 tcpRttNoUpdate = 0 tcpRttUpdate = 497 tcpTimRetrans = 0 tcpTimRetransDrop = 0 tcpTimKeepalive = 0 tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0 tcpListenDrop = 0 tcpListenDropQ0 = 0 tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0 IPv4 ipForwarding = 2 ipDefaultTTL = 255 ipInReceives = 422 ipInHdrErrors = 0 ipInAddrErrors = 0 ipInCksumErrs = 0 ipForwDatagrams = 0 ipForwProhibits = 0 ipInUnknownProtos = 0 ipInDiscards = 0 ipInDelivers = 1832 ipOutRequests = 265 ipOutDiscards = 0 ipOutNoRoutes = 0 ipReasmTimeout = 60 ipReasmReqds = 0 ipReasmOKs = 0 ipReasmFails = 0 ipReasmDuplicates = 0 ipReasmPartDups = 0 ipFragOKs = 0 ipFragFails = 0 ipFragCreates = 0 ipRoutingDiscards = 0 tcpInErrs = 0 udpNoPorts = 20 udpInCksumErrs = 0 udpInOverflows = 0 rawipInOverflows = 0 ipsecInSucceeded = 0 ipsecInFailed = 0 ipInIPv6 = 0 ipOutIPv6 = 0 ipOutSwitchIPv6 = 8 IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255 ipv6InReceives = 0 ipv6InHdrErrors = 0 ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0 ipv6InAddrErrors = 0 ipv6InUnknownProtos = 0 ipv6InTruncatedPkts = 0 ipv6InDiscards = 0 ipv6InDelivers = 0 ipv6OutForwDatagrams= 0 ipv6OutRequests = 0 ipv6OutDiscards = 0 ipv6OutNoRoutes = 0 ipv6OutFragOKs = 0 ipv6OutFragFails = 0 ipv6OutFragCreates = 0 ipv6ReasmReqds = 0 ipv6ReasmOKs = 0 ipv6ReasmFails = 0 ipv6InMcastPkts = 0 ipv6OutMcastPkts = 0 ipv6ReasmDuplicates = 0 ipv6ReasmPartDups = 0 ipv6ForwProhibits = 0 udpInCksumErrs = 0 udpInOverflows = 0 rawipInOverflows = 0 ipv6InIPv4 = 0 ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0 ICMPv4 icmpInMsgs = 5 icmpInErrors = 0 icmpInCksumErrs = 0 icmpInUnknowns = 0 icmpInDestUnreachs = 5 icmpInTimeExcds = 0 icmpInParmProbs = 0 icmpInSrcQuenchs = 0 icmpInRedirects = 0 icmpInBadRedirects = 0 icmpInEchos = 0 icmpInEchoReps = 0 icmpInTimestamps = 0 icmpInTimestampReps = 0 icmpInAddrMasks = 0 icmpInAddrMaskReps = 0 icmpInFragNeeded = 0 icmpOutMsgs = 5 icmpOutDrops = 0 icmpOutErrors = 0 icmpOutDestUnreachs = 5 icmpOutTimeExcds = 0 icmpOutParmProbs = 0 icmpOutSrcQuenchs = 0 icmpOutRedirects = 0 icmpOutEchos = 0 icmpOutEchoReps = 0 icmpOutTimestamps = 0 icmpOutTimestampReps= 0 icmpOutAddrMasks = 0 icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0 icmpInOverflows = 0 ICMPv6 icmp6InMsgs = 0 icmp6InErrors = 0 icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0 icmp6InTimeExcds = 0 icmp6InParmProblems = 0 icmp6InPktTooBigs = 0 icmp6InEchos = 0 icmp6InEchoReplies = 0 icmp6InRouterSols = 0 icmp6InRouterAds = 0 icmp6InNeighborSols = 0 icmp6InNeighborAds = 0 icmp6InRedirects = 0 icmp6InBadRedirects = 0 icmp6InGroupQueries = 0 icmp6InGroupResps = 0 icmp6InGroupReds = 0 icmp6InOverflows = 0 icmp6OutMsgs = 0 icmp6OutErrors = 0 icmp6OutDestUnreachs= 0 icmp6OutAdminProhibs= 0 icmp6OutTimeExcds = 0 icmp6OutParmProblems= 0 icmp6OutPktTooBigs = 0 icmp6OutEchos = 0 icmp6OutEchoReplies = 0 icmp6OutRouterSols = 0 icmp6OutRouterAds = 0 icmp6OutNeighborSols= 0 icmp6OutNeighborAds = 0 icmp6OutRedirects = 0 icmp6OutGroupQueries= 0 icmp6OutGroupResps = 0 icmp6OutGroupReds = 0 IGMP: 0 messages received 0 messages received with too few bytes 0 messages received with bad checksum 0 membership queries received 0 membership queries received with invalid field(s) 0 membership reports received 0 membership reports received with invalid field(s) 0 membership reports received for groups to which we belong 0 membership reports sent # netstat -M Virtual Interface Table is empty Multicast Forwarding Cache is empty # # netstat -r //网络接口状态 Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 solaris9 U 1 1 pcn0 192.168.0.0 address2 U 1 0 pcn0:1 224.0.0.0 solaris9 U 1 0 pcn0 default 192.168.0.1 UG 1 0 localhost localhost UH 2 6 lo0 # netstat -rn Routing Table: IPv4 Destination Gateway Flags Ref Use Interface -------------------- -------------------- ----- ----- ------ --------- 192.168.0.0 192.168.0.3 U 1 1 pcn0 192.168.0.0 192.168.0.5 U 1 0 pcn0:1 224.0.0.0 192.168.0.3 U 1 0 pcn0 default 192.168.0.1 UG 1 0 127.0.0.1 127.0.0.1 UH 2 6 lo0 # # netstat -i 1 5 input pcn0 output input (Total) output packets errs packets errs colls packets errs packets errs colls 1187 0 1318 0 0 3699 0 3830 0 0 4 0 4 0 0 4 0 4 0 0 3 0 3 0 0 5 0 5 0 0 4 0 4 0 0 4 0 4 0 0 3 0 4 0 0 5 0 6 0 0 # snoop # snoop -c 3 //抓取3IP包 Using device /dev/pcn0 (promiscuous mode) 192.168.0.1 -> solaris9 TELNET C port=3013 solaris9 -> 192.168.0.1 TELNET R port=3013 Using device /dev/pc 192.168.0.1 -> solaris9 TELNET C port=3013 3 packets captured # # snoop -v -c 2 //抓取两个详细的IP包。 Using device /dev/pcn0 (promiscuous mode) ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 1 arrived at 1:43:41.42 ETHER: Packet size = 60 bytes ETHER: Destination = 0:c:29:80:4c:a, ETHER: Source = 0:3:f:fd:6d:c, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 40 bytes IP: Identification = 1627 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = 7320 IP: Source address = 192.168.0.1, 192.168.0.1 IP: Destination address = 192.168.0.3, solaris9 IP: No options IP: TCP: ----- TCP Header ----- TCP: TCP: Source port = 3013 TCP: Destination port = 23 (TELNET) TCP: Sequence number = 769864152 TCP: Acknowledgement number = 52297913 TCP: Data offset = 20 bytes TCP: Flags = 0x10 TCP: 0... .... = No ECN congestion window reduced TCP: .0.. .... = No ECN echo TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 0... = No push TCP: .... .0.. = No reset TCP: .... ..0. = No Syn TCP: .... ...0 = No Fin TCP: Window = 17292 TCP: Checksum = 0x7b85 TCP: Urgent pointer = 0 TCP: No options TCP: TELNET: ----- TELNET: ----- TELNET: TELNET: "" TELNET: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 2 arrived at 1:43:41.42 ETHER: Packet size = 97 bytes ETHER: Destination = 0:3:f:fd:6d:c, ETHER: Source = 0:c:29:80:4c:a, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: .... ..0. = not ECN capable transport IP: .... ...0 = no ECN congestion experienced IP: Total length = 83 bytes IP: Identification = 50744 IP: Flags = 0x4 IP: .1.. .... = do not fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 60 seconds/hops IP: Protocol = 6 (TCP) IP: Header checksum = f717 IP: Source address = 192.168.0.3, solaris9 IP: Destination address = 192.168.0.1, 192.168.0.1 IP: No options IP: TCP: ----- TCP Header ----- TCP: TCP: Source port = 23 TCP: Destination port = 3013 TCP: Sequence number = 52297913 TCP: Acknowledgement number = 769864152 TCP: Data offset = 20 bytes TCP: Flags = 0x18 TCP: 0... .... = No ECN congestion window reduced TCP: .0.. .... = No ECN echo TCP: ..0. .... = No urgent pointer TCP: ...1 .... = Acknowledgement TCP: .... 1... = Push TCP: .... .0.. = No reset TCP: .... ..0. = No Syn TCP: .... ...0 = No Fin TCP: Window = 64240 TCP: Checksum = 0xd1f6 TCP: Urgent pointer = 0 TCP: No options TCP: TELNET: ----- TELNET: ----- TELNET: TELNET: "Using device /dev/pcn0 (promiscuous mode)\r\n" TELNET: 2 packets captured # # snoop host1 host2 host1 -> host2 ICMP Echo request host2 -> host1 ICMP Echo reply 使用snoop实用程序判定系统间实际上传送的什么信,判断网络畅通 # snoop -a dhcp Snoop 的使用 Snoop 是Solaris 系统中自带的工具, 是一个用于显示网络通讯的程序, 它 可捕获IP 包并将其显示或保存到指定文件. (限超级用户使用snoop) Snoop 可将捕获的包以一行的形式加以总结或用多行加以详细的描述(有 调用不同的参数-v -V来实现). 在总结方式下(-V ) , 将仅显示最高层的相关协 议, 例如一个NFS 包将仅显示NFS 信息, 其低层的RPC, UDP, IP, Ethernet 帧信息将不会显示, 但是当加上相应的参数(-v ), 这些信息都能被显示出来. 参数简介: [ -a ] # Listen to packets on audio [ -d device ] # settable to le?, ie?, bf?, tr? [ -s snaplen ] # Truncate packets [ -c count ] # Quit after count packets [ -P ] # Turn OFF promiscuous mode [ -D ] # Report dropped packets [ -S ] # Report packet size [ -i file ] # Read previously captured packets [ -o file ] # Capture packets in file [ -n file ] # Load addr-to-name table from file [ -N ] # Create addr-to-name table [ -t r|a|d ] # Time: Relative, Absolute or Delta [ -v ] # Verbose packet display [ -V ] # Show all summary lines [ -p first[,last] ] # Select packet(s) to display [ -x offset[,length] ] # Hex dump from offset for length [ -C ] # Print packet filter code 由于snoop 的使用非常灵活, 希望能通过下面一些例子的学习来其常见用法. 1. 监听所有以本机为源和目的的包并将其显示出来. # snoop 2. 监听所有以主机A为源和目的的包并将其显示出来. ( A为主机名, 下同) - 2 - # snoop A 3. 监听所有A和B之间的包并将其保存到文件file. # snoop -o file A B 4. 显示文件file 中指定的包(99-108) # snoop - i file -p 99,108 99 0.0027 boutique -> sunroof NFS C GETATTR FH=8E6C 100 0.0046 sunroof -> boutique NFS R GETATTR OK 101 0.0080 boutique -> sunroof NFS C RENAME FH=8E6C MTra00192 to .nfs08 102 0.0102 marmot -> viper NFS C LOOKUP FH=561E screen.r.13.i386 103 0.0072 viper -> marmot NFS R LOOKUP No such file or directory 104 0.0085 bugbomb -> sunroof RLOGIN C PORT=1023 h 105 0.0005 kandinsky -> sparky RSTAT C Get Statistics 106 0.0004 beeblebrox -> sunroof NFS C GETATTR FH=0307 107 0.0021 sparky -> kandinsky RSTAT R 108 0.0073 office -> jeremiah NFS C READ FH=2584 at 40960 for 8192 5. 详细查看文件file 中第101 个包: # snoop - i file - v -p101 ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 101 arrived at 16:09:53.59 ETHER: Packet size = 210 bytes ETHER: Destination = 8:0:20:1:3d:94, Sun ETHER: Source = 8:0:69:1:5f:e, Silicon Graphics ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4, header length = 20 bytes IP: Type of service = 00 IP: ..0. .... = routine IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 196 bytes IP: Identification 19846 IP: Flags = 0X IP: .0.. .... = may fragment IP: ..0. .... = more fragments ? - 3 - ? 6. 查看主机A和主机B之间的NFS 包(命令中的and 和or 为相应的逻辑运 算) # snoop - i file rpc nfs and A and B 1 0.0000 A -> B NFS C GETATTR FH=8E6C 2 0.0046 B -> A NFS R GETATTR OK 3 0.0080 A -> B NFS C RENAME FH=8E6C MTra00192 to .nfs08 7. 将这些符合条件的包保存到另一文件file2 中: # snoop - i file -o file2 rpc nfs A B 8. 监听主机A和主机B间所有TCP 80 端口或UDP80端口的包 # snoop A and B and (tcp or udp) and port 80 9. 监听所有的广播包 # snoop broadcast Using device /dev/hme (promiscuous mode) 10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35 10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35 10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35 10. 监听所有的多播包, 并显示详细内容. #snoop -v multicast ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 1 arrived at 12:33:2.16 ETHER: Packet size = 69 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:4:76:46:8f:50, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay - 4 - IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 55 bytes IP: Identification = 14658 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = ed38 IP: Source address = 10.10.10.50, 10.10.10.50 IP: Destination address = 255.255.255.255, BROADCAST IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 2541 UDP: Destination port = 177 UDP: Length = 35 UDP: Checksum = 8E35 UDP: ETHER: ----- Ether Header ----- ETHER: ETHER: Packet 2 arrived at 12:33:12.16 ETHER: Packet size = 69 bytes ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast) ETHER: Source = 0:4:76:46:8f:50, ETHER: Ethertype = 0800 (IP) ETHER: IP: ----- IP Header ----- IP: IP: Version = 4 IP: Header length = 20 bytes IP: Type of service = 0x00 IP: xxx. .... = 0 (precedence) IP: ...0 .... = normal delay IP: .... 0... = normal throughput IP: .... .0.. = normal reliability IP: Total length = 55 bytes IP: Identification = 14985 IP: Flags = 0x0 IP: .0.. .... = may fragment IP: ..0. .... = last fragment IP: Fragment offset = 0 bytes IP: Time to live = 128 seconds/hops IP: Protocol = 17 (UDP) IP: Header checksum = ebf1 IP: Source address = 10.10.10.50, 10.10.10.50 - 5 - IP: Destination address = 255.255.255.255, BROADCAST IP: No options IP: UDP: ----- UDP Header ----- UDP: UDP: Source port = 2541 UDP: Destination port = 177 UDP: Length = 35 UDP: Checksum = 8E35 UDP: 11.监听所有的NTP 协议包 # snoop |grep - i NTP Using device /dev/hme (promiscuous mode) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:48:50 2002) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:49:54 2002) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:50:58 2002) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:52:02 2002) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:53:06 2002) ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:54:10 2002) 这里我们也可看到NTP server 每隔约一分钟即向多播地址广播一次. date # date 2003年10月12日 星期日 10时04分16秒 CST (CST是Chinese Standard Time的缩写) # date 10121003 设置时间为10月12日10时03分 设备管理 软盘 #volcheck fdformat [-dDeEfHlLmMUqvx] [-b label] [-B filename] [-t dos- type] [devname] //格式化 prtconf # prtconf //配置信息 System Configuration: Sun Microsystems i86pc Memory size: 128 Megabytes //内存 System Peripherals (Software Nodes): i86pc +boot (driver not attached) memory (driver not attached) aliases (driver not attached) chosen (driver not attached) i86pc-memory (driver not attached) i86pc-mmu (driver not attached) openprom (driver not attached) options, instance #0 packages (driver not attached) delayed-writes (driver not attached) itu-props (driver not attached) isa, instance #0 motherboard (driver not attached) asy, instance #0 asy, instance #1 lp (driver not attached) fdc, instance #0 fd, instance #0 fd, instance #1 (driver not attached) i8042, instance #0 keyboard, instance #0 mouse, instance #0 PNP0C02 (driver not attached) PNP0C02 (driver not attached) PNP0C02 (driver not attached) bios (driver not attached) bios (driver not attached) bios (driver not attached) pci, instance #0 pci15ad,1976 (driver not attached) pci8086,7191 (driver not attached) pci15ad,1976 (driver not attached) pci-ide, instance #0 ide, instance #0 cmdk, instance #0 ide, instance #1 sd, instance #0 pci15ad,1976, instance #0 pci15ad,1976 (driver not attached) display, instance #0 pci1022,2000, instance #0 pci1274,1371 (driver not attached) used-resources (driver not attached) objmgr, instance #0 cpus (driver not attached) cpu, instance #0 (driver not attached) pseudo, instance #0 # # prtconf | grep Memory //查看内存 Memory size: 128 Megabytes arch # arch -k //了解体系结构 i86pc uname # uname -m i86pc # uname SunOS # uname -a SunOS wing 5.9 Generic_112234-03 i86pc i386 i86pc eject #eject floppy eeprom #eeprom selftest -#megs=64 //修改系统自检到的内存数 sysdef #sysdef //更详细的体系机构 df # df -k //显示当前所有已安装的文件系统上的文件数目和空闲块的数目 文件系统 千字节 用了 可用 容量 挂接在 /dev/dsk/c0d0s0 63127 36143 20672 64% / /dev/dsk/c0d0s6 1201014 768820 372144 68% /usr /proc 0 0 0 0% /proc mnttab 0 0 0 0% /etc/mnttab fd 0 0 0 0% /dev/fd /dev/dsk/c0d0s3 55047 25258 24285 51% /var swap 651040 24 651016 1% /var/run swap 651016 0 651016 0% /tmp /dev/dsk/c0d0s5 24239 15 21801 1% /opt /dev/dsk/c0d0s7 2691830 122 2637872 1% /export/home /dev/dsk/c0d0s1 462639 306816 109560 74% /usr/openwin # df -a //打印所有文件系统的信息 / (/dev/dsk/c0d0s0 ): 53968 块 30100 文件 /usr (/dev/dsk/c0d0s6 ): 864388 块 261705 文件 /proc (/proc ): 0 块 1878 文件 /etc/mnttab (mnttab ): 0 块 0 文件 /dev/fd (fd ): 0 块 0 文件 /var (/dev/dsk/c0d0s3 ): 59578 块 25450 文件 /var/run (swap )
该贴由system转至本版2014-9-9 23:11:50