抓包工具ethereal在solaris下安装指导书.doc

Ethereal在solaris下的安装和使用方法1 背景：Ethereal是一个很有效的抓包工具，在问题定位方面有非常重要的意义。Wap gateway，MMSC等还在走向成熟的产品在调试过程中，需要用此工具抓包，将现场的消息反馈给研发辅助他们分析。本文介绍的安装环境是SUN BLADE 20002 安装包的组成：安装Ethereal除了本身安装包以外，还有其他的几个支持包需要安装，总共需要安装的文件有：gtk+-1.2.10-sol8-sparc-localglib-1.2.8-sol8-sparc-locallibpcap-0.7.2-sol8-sparc-localethereal-0.9.0-sol8-sparc-local获取方法：在上面下载ethereal-0.9.0-sol8-sparc-local.gzgtk+-1.2.10-sol8-sparc-local.gzglib-1.2.10.tar.gzlibpcap-0.7.2-sol8-sparc-local.gz3 安装步骤（红色粗体为需要执行或者需要输入的命令）：上面下载的四个包是压缩包，安装时先用gzip d *.gz 将这4个包解压.然后切换到root用户下进行安装.a 安装gtk+：找到gtk+-1.2.10-sol8-sparc-local包，运行安装：# pkgadd -d ./gtk+-1.2.10-sol8-sparc-localThe following packages are available: 1 SMCgtk+ gtk+ (sparc) 1.2.10Select package(s) you wish to process (or all to processall packages). (default: all) ?,?,q: allProcessing package instance from gtk+(sparc) 1.2.10GTK GroupUsing as the package base directory.# Processing package information.# Processing system information.# Verifying disk space requirements.# Checking for conflicts with packages already installed.The following files are already installed on the system and are beingused by another package:* /usr/local/bin * - conflict with a file which does not belong to any package.Do you want to install these conflicting files y,n,?,q y# Checking for setuid/setgid programs.Installing gtk+ as # Installing part 1 of 1./usr/local/bin/gtk-config/usr/local/doc/gtk+/ABOUT-NLS/usr/local/doc/gtk+/AUTHORS /过程中会显示出很多解压信息，不用管他，最后提示successful就行了usr/local/lib/locale/zh_TW.Big5/LC_MESSAGES/gtk+.mo/usr/local/lib/pkgconfig/gdk.pc/usr/local/lib/pkgconfig/gtk+.pc/usr/local/man/man1/gtk-config.1/usr/local/share/aclocal/gtk.m4/usr/local/share/themes/Default/gtk/gtkrc verifying class Installation of was successful.b 安装glib-1.2.8-sol8-sparc-local# pkgadd -d ./glib-1.2.8-sol8-sparc-localThe following packages are available: 1 SMCglib glib (sparc) 1.2.8Select package(s) you wish to process (or all to processall packages). (default: all) ?,?,q: allProcessing package instance from glib(sparc) 1.2.8GLib TeamUsing as the package base directory.# Processing package information.# Processing system information. 9 package pathnames are already properly installed.# Verifying disk space requirements.# Checking for conflicts with packages already installed.# Checking for setuid/setgid programs.Installing glib as # Installing part 1 of 1./usr/local/bin/glib-config/usr/local/doc/glib/AUTHORS/usr/local/doc/glib/COPYING/usr/local/doc/glib/ChangeLog /过程中会显示出很多解压信息，不用管他，最后提示successful就行了/usr/local/lib/libgthread.so /usr/local/man/man1/glib-config.1/usr/local/share/aclocal/glib.m4 verifying class Installation of was successful.#c 安装libpcap-0.7.2-sol8-sparc-localrootmmsc # pkgadd -d ./libpcap-0.7.2-sol8-sparc-localThe following packages are available: 1 SMClpcap libpcap (sparc) 0.7.2Select package(s) you wish to process (or all to processall packages). (default: all) ?,?,q: allProcessing package instance from libpcap(sparc) 0.7.2The Tcpdump GroupUsing as the package base directory.# Processing package information.# Processing system information. 4 package pathnames are already properly installed.# Verifying disk space requirements.# Checking for conflicts with packages already installed.# Checking for setuid/setgid programs.Installing libpcap as # Installing part 1 of 1./usr/local/doc/libpcap/CHANGES/usr/local/doc/libpcap/CREDITS /过程中会显示出很多解压信息，不用管他，最后提示successful就行了/usr/local/doc/libpcap/CVS/Repository/usr/local/lib/libpcap.a/usr/local/man/man3/pcap.3 verifying class Installation of was successful.#d 安装ethereal-0.9.0-sol8-sparc-localrootmmsc # pkgadd -d ./ethereal-0.9.0-sol8-sparc-localThe following packages are available: 1 SMCether ethereal (sparc) 0.9.0Select package(s) you wish to process (or all to processall packages). (default: all) ?,?,q: allProcessing package instance from ethereal(sparc) 0.9.0Gerald Combs, Gilbert Ramirez, Guy HarrisUsing as the package base directory.# Processing package information.# Processing system information. 6 package pathnames are already properly installed.# Verifying disk space requirements.# Checking for conflicts with packages already installed.# Checking for setuid/setgid programs.Installing ethereal as # Installing part 1 of 1./usr/local/bin/editcap/usr/local/bin/ethereal/usr/local/bin/idl2eth/usr/local/doc/ethereal/README.hpux/usr/local/doc/ethereal/README.irix/usr/local/doc/ethereal/README.linux/usr/local/doc/ethereal/README.tru64 /过程中会显示出很多解压信息，不用管他，最后提示successful就行了/usr/local/doc/ethereal/README.vmware/usr/local/doc/ethereal/README.win32/usr/local/doc/ethereal/TODO/usr/local/doc/ethereal/doc/Makefile/usr/local/doc/ethereal/doc/Makefile.am/usr/local/doc/ethereal/doc/randpkt.txt/usr/local/man/man1/text2pcap.1 verifying class Installation of was successful.#4 Ethereal的使用：Ethereal需要使用root用户才能抓到包。使用图形终端登录需要抓包的服务器。设置好DISPLAY显示环境变量：#setenv DIPLAY xx.xx.xx.xx:0.0 /xx.xx.xx.xx为本机IP地址#xhost +启动ethereal界面：在/usr/local/bin/目录下执行ethereal#/usr/local/bin/ethereal &菜单中选择capturestart出现如下窗口：filter设置为(port 9201) or (port 80)同时抓ip包头中包含9201和80端口的包，如果需要抓其他端口的包的话可以如上相似的填写对应端口即可。其他设置可以采用默认设置即可抓包，如果有更多需求请修改相关配置。 Ethereal的filter使用的是tcpdump语法。如果在unix下安装了这个软件可以用man tcpdump来查看帮助。下面简单的介绍一下基本的过滤语句src | dst host 根据主机过滤。如果指明src 为源地址，dst为目的地址，不明确的话则不区分源和目的地址。如 host 1表示抓主机1的包tcp | udp src | dst port 根据进行过滤端口，tcp和udp表示抓这个端口上的tcp包还是udp包，不指明的话抓所有的的包。如port 9201抓9201端口上的所有包。过滤条件使用or表示两个过滤条件满足一个就可以。And表示要同时满足两个过滤条件。5 Windows版安装指南为了编译分析问题，我们可