juniper Snoop.docx
- 文档编号:2475194
- 上传时间:2022-10-29
- 格式:DOCX
- 页数:16
- 大小:20.69KB
juniper Snoop.docx
《juniper Snoop.docx》由会员分享,可在线阅读,更多相关《juniper Snoop.docx(16页珍藏版)》请在冰豆网上搜索。
juniperSnoop
Snoop
I.Purpose
ThepurposeofthisdocumentistoprovidetheuserwiththeinformationnecessarytofullyutilizethesnoopfeatureoftheNetscreensoftware.SnoopisautilitythatallowstheadministratortoanalyzeIPdatagrampacketsdirectlyonaNetscreenconsole.Itisnotintendedtobeareplacementforthirdpartypacketsniffers,butinsteadistobeusedincomplimentwiththem.
II.Overview
Beforethedetailsofthesnoopfunctionalityisexplained,thelimitationsofthisutilityshouldbereviewed.Thisistogivetheadministratortheknowledgeneededtodetermineifthesnooputilityisthecorrecttoolforaparticulardebuggingjob.
Asmentionedearlier,thesnooputilityisnotintendedtobeareplacementforathirdpartyprofessionalsniffertool.Thisisbecauseitlacksincompletenessincomparison.Themajorityofitsdownfallscomeasaresultoftheplatformitisrunningon.TheNetscreenhardwareisnotdesignedasgeneralpurposehardware.Hence,itdoesnotperformgeneralpurposetaskswell.Thisleadstodownfallsincertainsniffingfeaturesthatonemaytakeforgranted.Mostofthesefeatureshavetodowitheaseofuseandflexibility.Thelackingfeaturesinclude:
∙Inabilitytofilterbaseduponasource-ipanddestination-ipsimultaneously
∙InabilitytofilterbaseduponMACaddress
∙Inabilitytofilterthecaptureddataforviewing
∙Inabilitytoeasilyscrollthroughdata
∙Inabilitytodirectlysavecaptureddata.Youmusthavetheconsoleapplicationsavethefile.
∙Inabilitytoeasilymakeadistinctionbetweendifferenttypesofdatagrams(ICMP,TCP,etc).Thiscanbedone,butthedifferenttypesarenotcolorizedorcategorizedinotherwaysasmanycommercialsniffersdo.
∙ThesnooputilitywillonlycapturedatathatflowsthroughtheNetscreenfirewall.Thisismuchlessalimitationthanitisthepurposeofthesnooputility.
∙Thesnoopwillnotcapturethecontentsofthepacket.Itwillonlycapturethepropertiesofit.
Evenwiththeselimitations,thesnooputilitycanbeveryusefulinhelpingtodeterminerootcauseofproblemsastheypertaintotheNetscreenfirewall.Somecommonquestionsthatonecanexpecttoanswerusingthisutilityarethefollowing.Thetroubleshootingabilityofthesnoopcommandaren’tlimitedtosolvingthesetypesofissues,ofcourse.
∙Whycan’tIgettotheInternetthroughmyNetscreen?
∙Whycan’tIgetSNMP(orFTP,HTTP,etc.)throughmyNetscreen?
∙IconfiguredanMIP/VIP,butitdoesn’tseemtowork.What’swrong?
Theseandmanymorevariationofquestionscanbeansweredbythesnooputility.However,theresultingdatathatthesnoopwillshowrequiresspecialknowledge.Theintendeduserofsnoopwillpossessthefollowingknowledgeandskills.
∙MusthavestrongunderstandingoftheIPprotocol.Thisknowledgemustbeonanintimatelevel,withtheunderstandingofhowportsareused,transportsareused,howNATfunctions,andhowthesubnetmaskisused.Withoutthisknowledge,thesnooptoolwillconfusetheusermorethanitwillhelp.
∙MusthaveastrongunderstandingoftheNetworkcomponents(Servers,Clients,Routers,Switches,etc.)surroundingtheNetscreeninquestionareconfigured.Manytimes,theproblemisnottheNetscreenitself,butratherthatofanothernetworkcomponent.Anintimateunderstandingofhowtheseothercomponentsareconfiguredwillhelpthesolutiontotheproblemmuchquicker.
III.UsageofSnoopBySyntax.
Thefollowingisadetailedexplanationofhowthesnoopisused.
1.Asnoopcanberunbasedonseveraldifferentparameters.Thesecanbefoundbyissuingthe‘snoop?
’command.Theresultisthefollowing.
ns5->snoop?
arpsnooparppacket
directionsnoopdirection
infoshowsnoopinformation
ipsnoopippacket
2.snoopinfo
Byissuingthiscommandyoucanseethecurrentsettingsforthesnoop.
Anexampleofthisisbelow.
ns5->snoopinfo
Snoop:
Off,Interface:
trust,direction:
both
EtherType0800,SrcIp0.0.0.0,DstIp0.0.0.0,Proto6
Thereareseveralfieldsthatweareinterestedin.
Direction:
ThistellstheNetscreentocaptureinbound,outbound,orbi-
directional(both)data.Bothisthemostcommonandmostusefulconfiguration.Thiscanbechangedbyusingthe‘snoopdirection’command.‘snoopdirection?
’givesustheoptions.
ns5->snoopdirection?
bothsnoopbothincomingandoutgoing
incomingsnoopincoming
outgoingsnoopoutgoing
SrcIp:
Thisallowsustofilterthesnoopedinformationbasedonthe
sourceIPaddressofthepacket.Thisisagoodparametertousewhenthereisalotofdatarunningthroughtheboxandtheproblemiswithaparticularclient.Thecommand‘snoopip’isusedtochangethis.‘snoopip?
’givesustheoptions.
ns5->snoopip?
dst-ipsnoopspecifieddestinationipaddress
protosnoo
- 配套讲稿:
如PPT文件的首页显示word图标,表示该PPT已包含配套word讲稿。双击word图标可打开word文档。
- 特殊限制:
部分文档作品中含有的国旗、国徽等图片,仅作为作品整体效果示例展示,禁止商用。设计者仅对作品中独创性部分享有著作权。
- 关 键 词:
- juniper Snoop