EnderUNIX Team.


EnderUNIX İpucu

Arkadaşıma gönder , Ana Sayfa

[ Ağ ]

"Tethereal çıktısını XML olarak kaydetme" - Bâkır EMRE - (2005-12-22 12:10:56)   [3595]

Ağ analiz yazılımlarından ethereal ve bunun konsol versiyonu olan tethereal kullanarak ağımız dinleyebiliyoruz ve istersek bunun çıktısını -w parametresini kullanarak binary olarak yada konsol çıktısını metin dosyasına yönlendirerek alabiliyoruz.

Eğer bu çıkışı XML formatında daha doğrusu PDML - Packet Details Markup Language (tethereal ile ayrışan paketin bilgisini tutan etiketleme diline verilen isimdir) formatında kaydetmek istersek
yapmamız gereken tethereal ile pdml parametresini kullanmak.

örneğin eth0 üzerindeki icmp paketlerin dinlediğimizi varsayalım :

#tethereal -i eth0 icmp pdml

komutunun çıktısı aşağıdaki gibidir.
pdml>
packet>
proto name="geninfo" pos="1" showname="General information" size="74">
field name="num" pos="1" show="4" showname="Number" size="74" value="4" />
field name="len" pos="1" show="74" showname="Packet Length" size="74" value="74" />
field name="caplen" pos="1" show="74" showname="Captured Length" size="74" value="74" />
field name="timestamp" pos="1" show="16:35:13.991300" showname="Captured Time" size="74" value="963585313.991300" />
/proto>
proto name="Ethernet" pos="1" showname="Ethernet 802.3" size="14">
field name="dst" pos="1" show="000629-992da3" showdtl="000629-992da3 Unicast address (Vendor IBM RISC6000 system)" showmap="IBM RISC6000 system" showname="MAC Destination" size="6" value="000629992da3" />
field name="src" pos="7" show="00e01e-ec3c84" showdtl="00e01e-ec3c84 Unicast address (Vendor Cisco)" showmap="Cisco" showname="MAC Source" size="6" value="00e01eec3c84" />
field name="type-length" pos="13" show="0800" showname="Ethertype" size="2" value="0800" />
/proto>
proto name="IP" pos="15" showname="IPv4 (Internet Protocol version 4)" size="20">
field name="verhlen" pos="15" show="45" showname="Version and header Length" size="1" value="45">
field mask="F0" name="ver" pos="15" show="4" showname="Version" size="0" value="4" />
field mask="0F" name="hlen" pos="15" show="5" showdtl="20 (field value = 5)" showname="Header length" size="0" value="5" />
/field>
field name="tos" pos="16" show="00" showname="Type of service" size="1" value="00" />
field name="tlen" pos="17" show="60" showname="Total length" size="2" value="003c" />
field name="identification" pos="19" show="1094" showname="Identification" size="2" value="0446" />
field name="ffo" pos="21" show="0000" showname="Flags and Fragment offset" size="2" value="0000">
field mask="8000" name="unused" pos="21" show="0" showname="Unused" size="0" value="0" />
field mask="4000" name="df" pos="21" show="0" showname="Don't fragment" size="0" value="0" />
field mask="2000" name="mf" pos="21" show="0" showname="More fragments" size="0" value="0" />
field mask="1FFF" name="foffset" pos="21" show="0" showdtl="0 (field value = 0)" showname="Fragment offset" size="0" value="0000" />
/field>
field name="ttl" pos="23" show="127" showname="Time to live" size="1" value="7f" />
field name="nextp" pos="24" show="1" showname="Next protocol" size="1" value="01" />
field name="hchecksum" pos="25" show="d9bf" showname="Header Checksum" size="2" value="d9bf" />
field name="src" pos="27" show="192.168.1.2" showname="Source address" size="4" value="c0a80102" />
field name="dst" pos="31" show="192.168.10.2" showname="Destination address" size="4" value="c0a80a02" />
/proto>
proto name="ICMP" pos="35" showname="ICMP (Internet Control Message Protocol)" size="40">
field name="type" pos="35" show="8" showmap="Echo Reply" showname="Type" size="1" value="08" />
field name="code" pos="36" show="0" showname="Code" size="1" value="00" />
field name="checksum" pos="37" show="245c" showname="Checksum" size="2" value="245c" />
field name="echoreply" pos="39" showname="Echo Reply" size="36">
field name="identifier" pos="39" show="512" showname="Identifier" size="2" value="0200" />
field name="seqn" pos="41" show="9984" showname="Sequence number" size="2" value="2700" />
field name="data" pos="43" show="abcdefghijklmnopqrstuvwabcdefghi" showname="Padding Data" size="32" value="6162636465666768696a6b6c6d6e6f7071727374757677616263646566676869" />
/field>
/proto>
/packet>
/pdml>




Arkadaşıma gönder , Ana Sayfa