proc工具
$ ps
PID TTY TIME CMD
806 pts/3 0:00 ps
368 pts/3 0:00 sh
$ pflags 368
368: -sh
data model = _ILP32 flags = PR_ORPHAN
/1: flags = PR_PCINVAL
% pmap 823 //进程的地址空间分配,和需要执行的库
823: -csh
08043000 20K rw--- [ stack ]
08050000 128K r-x-- /usr/bin/csh
08070000 12K rwx-- /usr/bin/csh
08073000 68K rwx-- [ heap ]
DD9C0000 8K r-x-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
DD9D1000 4K rwx-- /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
DD9E0000 324K r-x-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
DDA40000 8K rwx-- /usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
DDA60000 4K rwx-- [ anon ]
DDA70000 628K r-x-- /usr/lib/libc.so.1
DDB1D000 24K rwx-- /usr/lib/libc.so.1
DDB23000 4K rwx-- /usr/lib/libc.so.1
DDB30000 152K r-x-- /usr/lib/libcurses.so.1
DDB66000 28K rwx-- /usr/lib/libcurses.so.1
DDB6D000 8K rwx-- /usr/lib/libcurses.so.1
DDB80000 4K r-x-- /usr/lib/libdl.so.1
DDB90000 292K r-x-- /usr/lib/ld.so.1
DDBE9000 16K rwx-- /usr/lib/ld.so.1
DDBED000 8K rwx-- /usr/lib/ld.so.1
total 1740K
$ pldd 830 //与每个进程链接的动态库列表
830: -sh
/usr/lib/libgen.so.1
/usr/lib/libc.so.1
/usr/lib/libdl.so.1
/usr/lib/locale/zh_CN.GB18030/zh_CN.GB18030.so.2
/usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
$ psig 830 //与进程相关的的信号列表
830: -sh
HUP caught done 0
INT caught 0x8059a30 0
QUIT caught 0x8059a30 0
ILL caught done 0
TRAP caught done 0
ABRT caught done 0
EMT caught done 0
FPE caught done 0
KILL default
BUS caught done 0
SEGV caught 0x8059f70 ONSTACK,SIGINFO
$ pstack 830 //以十六进制格式查看进程堆栈跟踪
830: -sh
ddacedf7 waitid (0, 353, 8047d40, 83)
ddaeeea7 _waitpid (353, 8047df8, 80) + 66
ddb30581 waitpid (353, 8047df8, 80) + 21
08062319 ???????? (8078c44)
08062cef postjob (353, 1) + ce
0805d1e9 execute (8079374, 0, 0) + 801
08055b61 ???????? (0)
080559b5 main (1, 8047eb4, 8047ebc) + 4d9
08055427 ???????? ()
$ pfiles 830 //每个进程所打开的所有文件
830: -sh
Current rlimit: 256 file descriptors
0: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
1: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
2: S_IFCHR mode:0620 dev:102,0 ino:853 uid:1001 gid:7 rdev:24,2
O_RDWR
$ pwdx 830 //获取该进程当前的工作目录
830: /export/home/wing
$ ptree 830 //获父进程与子进程的关系
179 /usr/sbin/inetd -s
828 in.telnetd
830 -sh
854 ptree 830
lsof 工具-需下载安装,本身没有自带
软件管理
pkgadd
#pkgadd -d /tem softwarename
软件名gpw-6.94-sol8-intel-local.gz
#gunzip gpw-6.94-sol8-intel-local.gz
#head gpw-6.94-sol8-intel-local.gz //查看文件的版本信息
#pkgadd -d gpw-6.94-sol8-intel-local.gz
install
#install -c /opt/scripts -m 0755 -u bin -g sysadmin /tmp/setup_script
//目标路径 权限 用户 组 源路径
pkginfo
#pkginfo //安装了的软件包
pkgchk
#pkgchk pkginst //检查软件包的完整性
#pkgchk -f pkginst //处理软件包问题
#pkgchk -n pkginst //忽略包的不稳定性
#pkgchk -l -p /usr/bin/mydir //获取已安装文件的包属性
pkgrm
#pkgrm pkginst //删除软件包
#pkgrm pkginst1 pkginst2 //同时删除多个包
showrev
#showrev -p //显示已安装的补丁
patchadd
#patchadd patchname //安装补丁
#patchadd -M patch1 patch2 //同时安装多个补丁
#patchadd -d -R /export/mars /var/spool/patch/11102-12
//目的 源路径
//不允许对补丁安装进行现场恢复
补丁安装实例
2.6_Recommended.tar.z 补丁名
1
#df -k dir //查看该目录的大小
#tar xvf 2.6_Recommended.tar.z
#./install
参数 功能
-B 指定存储恢复现场信息的目录,而不是默认目录
-C 如果需要,指定需要打补丁的网络安装映象的路径
-d 不接受可恢复现场的补丁安装
-M 指定定位补丁的可选目录
-p 打印所有已安装的补丁列表
-u 不让文件安装生效
-R 为客户安装指定可选根目录
-S 从服务器为客户端安装补丁,客户机共享服务器操作系统目录
patchrm
#patchrm patchname // 删除补丁
#patchrm -C /export/Solaris_2.9/tools/1065-15
//从客户端系统删除补丁
引导和启动过程、ok模式
#shutdown
#reboot
#init 0
#boot -r
ok setenv boot-device disk //将默认的启动设备改为disk
boot-device = disk
ok printenv boot-device //验正启动设备
boot-device disk disk
ok reset
ok test net //测试回路网络设备
ok watch-clock //测试时钟设备
ok boot -r //重新引导系统
ok boot net //从网络启动
ok boot cdrom //从光盘启动
ok boot floppy //从软盘启动
ok boot tape //从磁带引导系统
ok watch-net //检查网络是否联通
ok probe-scsi //检查系统检测出的所有磁盘设备,并得到可用的设备列表
ok banner //检测内存、系统固件的openboot版本信息
ok boot -s //进入单用户模式
#reboot -l -- -r //重新引导不在系统日记里记录
#shutdown - i 0 -g 120 -y
#sync;init 0
#traceroute www.abc.com
wall
#wall
init
#init q //重新初始化运行级别
#init 0 //硬件维护模式
#init 1 //单用户模式
#init 2 //NFS不可用
#init 3 //NFS可用
#init 4 //用户定义状态
#init 5 //关闭系统电源
#init 6 //挂起操作系统
#init s //进入管理状态
网络配置
etc/hostname.interface //是这块网卡的名字或机器的名字
# cat hostname.pcn0
wing
# cat hosts
#
# Internet host table
#
127.0.0.1 localhost
192.168.0.11 wing
# hostname
wing
# cat netmasks
192.168.0.0 255.255.255.0
#ifconfig le0 172.16.255.1 netmask 255.255.255.0
配置网络端口状态
#ifconfig le0 up/down
配置网络端口是否可用
#ifconfig le0 plumb/unplumb
#ifconfig -a 这个地址只有root用户使用时才显示。如果一个非root用户使用ifconfig命令,那么只有IP地址
# ifconfig -a
lo0: flags=1000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
hme0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 192.168.10.25 netmask ffffff00 broadcast 192.168.10.255
ether 8:0:20:a2:11:de
#
#ifconfig le0 192.168.0.3 netmask 255.255.255.0 broadcast 192.168.0.255 up
banner
你也可以在系统还没有启动时在ok提示符下敲入banner来找到Mac地址,CPU 型号和频率。
ok banner
un Ultra 5/10 UPA/PCI (UltraSPARC-IIi 300MHz), Keyboard Present
OpenBoot 3.1.1 64 MB memory installed, Serial #9361102.
Ethernet address 8:0:20:8e:d6:ce, HostID: 808ed6ce.
# arp -a //登陆用户
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c
pcn0 wing 255.255.255.255 SP 00:0c:29:19:a1:54
pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
# netstat // 网络状态
TCP: IPv4
Local Address Remote Address Swind Send-Q Rwind Recv-Q State
-------------------- -------------------- ----- ------ ----- ------ -------
wing.telnet 192.168.0.1.1030 7168 0 66608 0 ESTABLISHED
wing.telnet 192.168.0.1.1032 6253 1 66608 0 ESTABLISHED
Active Unix domain sockets
Address Type Vnode Conn Local Addr Remote Addr
df187cc0 stream-ord dee4c1c0 00000000 /tmp/.X11-unix/X0
df187de8 stream-ord 00000000 00000000
#
# netstat -r //查看路由表
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 wing U 1 3 pcn0
224.0.0.0 wing U 1 0 pcn0
default wing UG 1 0
localhost localhost UH 2 6 lo0
# netstat -g
Group Memberships: IPv4
Interface Group RefCnt
--------- -------------------- ------
lo0 224.0.0.1 1
pcn0 224.0.0.1 1
# netstat -p
Net to Media Table: IPv4
Device IP Address Mask Flags Phys Addr
------ -------------------- --------------- ----- ---------------
pcn0 192.168.0.1 255.255.255.255 00:03:0f:fd:6d:0c
pcn0 solaris9 255.255.255.255 SP 00:0c:29:80:4c:0a
pcn0 224.0.0.0 240.0.0.0 SM 01:00:5e:00:00:00
#
# netstat -s
RAWIP
rawipInDatagrams = 0 rawipInErrors = 0
rawipInCksumErrs = 0 rawipOutDatagrams = 0
rawipOutErrors = 0
UDP
udpInDatagrams = 923 udpInErrors = 0
udpOutDatagrams = 928 udpOutErrors = 0
TCP tcpRtoAlgorithm = 4 tcpRtoMin = 400
tcpRtoMax = 60000 tcpMaxConn = -1
tcpActiveOpens = 18 tcpPassiveOpens = 21
tcpAttemptFails = 0 tcpEstabResets = 0
tcpCurrEstab = 31 tcpOutSegs = 715
tcpOutDataSegs = 524 tcpOutDataBytes = 52210
tcpRetransSegs = 0 tcpRetransBytes = 0
tcpOutAck = 191 tcpOutAckDelayed = 90
tcpOutUrg = 0 tcpOutWinUpdate = 0
tcpOutWinProbe = 0 tcpOutControl = 47
tcpOutRsts = 0 tcpOutFastRetrans = 0
tcpInSegs = 925
tcpInAckSegs = 505 tcpInAckBytes = 52216
tcpInDupAck = 7 tcpInAckUnsent = 0
tcpInInorderSegs = 524 tcpInInorderBytes = 45645
tcpInUnorderSegs = 0 tcpInUnorderBytes = 0
tcpInDupSegs = 0 tcpInDupBytes = 0
tcpInPartDupSegs = 0 tcpInPartDupBytes = 0
tcpInPastWinSegs = 0 tcpInPastWinBytes = 0
tcpInWinProbe = 0 tcpInWinUpdate = 0
tcpInClosed = 0 tcpRttNoUpdate = 0
tcpRttUpdate = 497 tcpTimRetrans = 0
tcpTimRetransDrop = 0 tcpTimKeepalive = 0
tcpTimKeepaliveProbe= 0 tcpTimKeepaliveDrop = 0
tcpListenDrop = 0 tcpListenDropQ0 = 0
tcpHalfOpenDrop = 0 tcpOutSackRetrans = 0
IPv4 ipForwarding = 2 ipDefaultTTL = 255
ipInReceives = 422 ipInHdrErrors = 0
ipInAddrErrors = 0 ipInCksumErrs = 0
ipForwDatagrams = 0 ipForwProhibits = 0
ipInUnknownProtos = 0 ipInDiscards = 0
ipInDelivers = 1832 ipOutRequests = 265
ipOutDiscards = 0 ipOutNoRoutes = 0
ipReasmTimeout = 60 ipReasmReqds = 0
ipReasmOKs = 0 ipReasmFails = 0
ipReasmDuplicates = 0 ipReasmPartDups = 0
ipFragOKs = 0 ipFragFails = 0
ipFragCreates = 0 ipRoutingDiscards = 0
tcpInErrs = 0 udpNoPorts = 20
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipsecInSucceeded = 0
ipsecInFailed = 0 ipInIPv6 = 0
ipOutIPv6 = 0 ipOutSwitchIPv6 = 8
IPv6 ipv6Forwarding = 2 ipv6DefaultHopLimit = 255
ipv6InReceives = 0 ipv6InHdrErrors = 0
ipv6InTooBigErrors = 0 ipv6InNoRoutes = 0
ipv6InAddrErrors = 0 ipv6InUnknownProtos = 0
ipv6InTruncatedPkts = 0 ipv6InDiscards = 0
ipv6InDelivers = 0 ipv6OutForwDatagrams= 0
ipv6OutRequests = 0 ipv6OutDiscards = 0
ipv6OutNoRoutes = 0 ipv6OutFragOKs = 0
ipv6OutFragFails = 0 ipv6OutFragCreates = 0
ipv6ReasmReqds = 0 ipv6ReasmOKs = 0
ipv6ReasmFails = 0 ipv6InMcastPkts = 0
ipv6OutMcastPkts = 0 ipv6ReasmDuplicates = 0
ipv6ReasmPartDups = 0 ipv6ForwProhibits = 0
udpInCksumErrs = 0 udpInOverflows = 0
rawipInOverflows = 0 ipv6InIPv4 = 0
ipv6OutIPv4 = 0 ipv6OutSwitchIPv4 = 0
ICMPv4 icmpInMsgs = 5 icmpInErrors = 0
icmpInCksumErrs = 0 icmpInUnknowns = 0
icmpInDestUnreachs = 5 icmpInTimeExcds = 0
icmpInParmProbs = 0 icmpInSrcQuenchs = 0
icmpInRedirects = 0 icmpInBadRedirects = 0
icmpInEchos = 0 icmpInEchoReps = 0
icmpInTimestamps = 0 icmpInTimestampReps = 0
icmpInAddrMasks = 0 icmpInAddrMaskReps = 0
icmpInFragNeeded = 0 icmpOutMsgs = 5
icmpOutDrops = 0 icmpOutErrors = 0
icmpOutDestUnreachs = 5 icmpOutTimeExcds = 0
icmpOutParmProbs = 0 icmpOutSrcQuenchs = 0
icmpOutRedirects = 0 icmpOutEchos = 0
icmpOutEchoReps = 0 icmpOutTimestamps = 0
icmpOutTimestampReps= 0 icmpOutAddrMasks = 0
icmpOutAddrMaskReps = 0 icmpOutFragNeeded = 0
icmpInOverflows = 0
ICMPv6 icmp6InMsgs = 0 icmp6InErrors = 0
icmp6InDestUnreachs = 0 icmp6InAdminProhibs = 0
icmp6InTimeExcds = 0 icmp6InParmProblems = 0
icmp6InPktTooBigs = 0 icmp6InEchos = 0
icmp6InEchoReplIEs = 0 icmp6InRouterSols = 0
icmp6InRouterAds = 0 icmp6InNeighborSols = 0
icmp6InNeighborAds = 0 icmp6InRedirects = 0
icmp6InBadRedirects = 0 icmp6InGroupQueries = 0
icmp6InGroupResps = 0 icmp6InGroupReds = 0
icmp6InOverflows = 0
icmp6OutMsgs = 0 icmp6OutErrors = 0
icmp6OutDestUnreachs= 0 icmp6OutAdminProhibs= 0
icmp6OutTimeExcds = 0 icmp6OutParmProblems= 0
icmp6OutPktTooBigs = 0 icmp6OutEchos = 0
icmp6OutEchoReplies = 0 icmp6OutRouterSols = 0
icmp6OutRouterAds = 0 icmp6OutNeighborSols= 0
icmp6OutNeighborAds = 0 icmp6OutRedirects = 0
icmp6OutGroupQueries= 0 icmp6OutGroupResps = 0
icmp6OutGroupReds = 0
IGMP:
0 messages received
0 messages received with too few bytes
0 messages received with bad checksum
0 membership queries received
0 membership queries received with invalid field(s)
0 membership reports received
0 membership reports received with invalid field(s)
0 membership reports received for groups to which we belong
0 membership reports sent
# netstat -M
Virtual Interface Table is empty
Multicast Forwarding Cache is empty
#
# netstat -r //网络接口状态
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 solaris9 U 1 1 pcn0
192.168.0.0 address2 U 1 0 pcn0:1
224.0.0.0 solaris9 U 1 0 pcn0
default 192.168.0.1 UG 1 0
localhost localhost UH 2 6 lo0
# netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
-------------------- -------------------- ----- ----- ------ ---------
192.168.0.0 192.168.0.3 U 1 1 pcn0
192.168.0.0 192.168.0.5 U 1 0 pcn0:1
224.0.0.0 192.168.0.3 U 1 0 pcn0
default 192.168.0.1 UG 1 0
127.0.0.1 127.0.0.1 UH 2 6 lo0
#
# netstat -i 1 5
input pcn0 output input (Total) output
packets errs packets errs colls packets errs packets errs colls
1187 0 1318 0 0 3699 0 3830 0 0
4 0 4 0 0 4 0 4 0 0
3 0 3 0 0 5 0 5 0 0
4 0 4 0 0 4 0 4 0 0
3 0 4 0 0 5 0 6 0 0
#
snoop
# snoop -c 3 //抓取3IP包
Using device /dev/pcn0 (promiscuous mode)
192.168.0.1 -> solaris9 TELNET C port=3013
solaris9 -> 192.168.0.1 TELNET R port=3013 Using device /dev/pc
192.168.0.1 -> solaris9 TELNET C port=3013
3 packets captured
#
# snoop -v -c 2 //抓取两个详细的IP包。
Using device /dev/pcn0 (promiscuous mode)
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 1:43:41.42
ETHER: Packet size = 60 bytes
ETHER: Destination = 0:c:29:80:4c:a,
ETHER: Source = 0:3:f:fd:6d:c,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 40 bytes
IP: Identification = 1627
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = 7320
IP: Source address = 192.168.0.1, 192.168.0.1
IP: Destination address = 192.168.0.3, solaris9
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 3013
TCP: Destination port = 23 (TELNET)
TCP: Sequence number = 769864152
TCP: Acknowledgement number = 52297913
TCP: Data offset = 20 bytes
TCP: Flags = 0x10
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 0... = No push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 17292
TCP: Checksum = 0x7b85
TCP: Urgent pointer = 0
TCP: No options
TCP:
TELNET: ----- TELNET: -----
TELNET:
TELNET: ""
TELNET:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 1:43:41.42
ETHER: Packet size = 97 bytes
ETHER: Destination = 0:3:f:fd:6d:c,
ETHER: Source = 0:c:29:80:4c:a,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: .... ..0. = not ECN capable transport
IP: .... ...0 = no ECN congestion experienced
IP: Total length = 83 bytes
IP: Identification = 50744
IP: Flags = 0x4
IP: .1.. .... = do not fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 60 seconds/hops
IP: Protocol = 6 (TCP)
IP: Header checksum = f717
IP: Source address = 192.168.0.3, solaris9
IP: Destination address = 192.168.0.1, 192.168.0.1
IP: No options
IP:
TCP: ----- TCP Header -----
TCP:
TCP: Source port = 23
TCP: Destination port = 3013
TCP: Sequence number = 52297913
TCP: Acknowledgement number = 769864152
TCP: Data offset = 20 bytes
TCP: Flags = 0x18
TCP: 0... .... = No ECN congestion window reduced
TCP: .0.. .... = No ECN echo
TCP: ..0. .... = No urgent pointer
TCP: ...1 .... = Acknowledgement
TCP: .... 1... = Push
TCP: .... .0.. = No reset
TCP: .... ..0. = No Syn
TCP: .... ...0 = No Fin
TCP: Window = 64240
TCP: Checksum = 0xd1f6
TCP: Urgent pointer = 0
TCP: No options
TCP:
TELNET: ----- TELNET: -----
TELNET:
TELNET: "Using device /dev/pcn0 (promiscuous mode)rn"
TELNET:
2 packets captured
#
# snoop host1 host2
host1 -> host2 ICMP Echo request
host2 -> host1 ICMP Echo reply
使用snoop实用程序判定系统间实际上传送的什么信,判断网络畅通
# snoop -a dhcp
Snoop 的使用
Snoop 是Solaris 系统中自带的工具, 是一个用于显示网络通讯的程序, 它
可捕获IP 包并将其显示或保存到指定文件. (限超级用户使用snoop)
Snoop 可将捕获的包以一行的形式加以总结或用多行加以详细的描述(有
调用不同的参数-v -V来实现). 在总结方式下(-V ) , 将仅显示最高层的相关协
议, 例如一个NFS 包将仅显示NFS 信息, 其低层的RPC, UDP, IP, Ethernet 帧信息将不会显示, 但是当加上相应的参数(-v ), 这些信息都能被显示出来.
参数简介:
[ -a ] # Listen to packets on audio
[ -d device ] # settable to le?, ie?, bf?, tr?
[ -s snaplen ] # Truncate packets
[ -c count ] # Quit after count packets
[ -P ] # Turn OFF promiscuous mode
[ -D ] # Report dropped packets
[ -S ] # Report packet size
[ -i file ] # Read previously captured packets
[ -o file ] # Capture packets in file
[ -n file ] # Load addr-to-name table from file
[ -N ] # Create addr-to-name table
[ -t r|a|d ] # Time: Relative, Absolute or Delta
[ -v ] # Verbose packet display
[ -V ] # Show all summary lines
[ -p first[,last] ] # Select packet(s) to display
[ -x offset[,length] ] # Hex dump from offset for length
[ -C ] # Print packet filter code
由于snoop 的使用非常灵活, 希望能通过下面一些例子的学习来其常见用法.
1. 监听所有以本机为源和目的的包并将其显示出来.
# snoop
2. 监听所有以主机A为源和目的的包并将其显示出来. ( A为主机名, 下同)
- 2 -
# snoop A
3. 监听所有A和B之间的包并将其保存到文件file.
# snoop -o file A B
4. 显示文件file 中指定的包(99-108)
# snoop - i file -p 99,108
99 0.0027 boutique -> sunroof NFS C GETATTR FH=8E6C
100 0.0046 sunroof -> boutique NFS R GETATTR OK
101 0.0080 boutique -> sunroof NFS C RENAME FH=8E6C MTra00192
to .nfs08
102 0.0102 marmot -> viper NFS C LOOKUP FH=561E screen.r.13.i386
103 0.0072 viper -> marmot NFS R LOOKUP No such file or Directory
104 0.0085 bugbomb -> sunroof RLOGIN C PORT=1023 h
105 0.0005 kandinsky -> sparky RSTAT C Get Statistics
106 0.0004 beeblebrox -> sunroof NFS C GETATTR FH=0307
107 0.0021 sparky -> kandinsky RSTAT R
108 0.0073 Office -> jeremiah NFS C READ FH=2584 at 40960 for 8192
5. 详细查看文件file 中第101 个包:
# snoop - i file - v -p101
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 101 arrived at 16:09:53.59
ETHER: Packet size = 210 bytes
ETHER: Destination = 8:0:20:1:3d:94, Sun
ETHER: Source = 8:0:69:1:5f:e, Silicon Graphics
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4, header length = 20 bytes
IP: Type of service = 00
IP: ..0. .... = routine
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 196 bytes
IP: Identification 19846
IP: Flags = 0X
IP: .0.. .... = may fragment
IP: ..0. .... = more fragments
?
- 3 -
?
6. 查看主机A和主机B之间的NFS 包(命令中的and 和or 为相应的逻辑运
算)
# snoop - i file rpc nfs and A and B
1 0.0000 A -> B NFS C GETATTR FH=8E6C
2 0.0046 B -> A NFS R GETATTR OK
3 0.0080 A -> B NFS C RENAME FH=8E6C MTra00192 to .nfs08
7. 将这些符合条件的包保存到另一文件file2 中:
# snoop - i file -o file2 rpc nfs A B
8. 监听主机A和主机B间所有TCP 80 端口或UDP80端口的包
# snoop A and B and (tcp or udp) and port 80
9. 监听所有的广播包
# snoop broadcast
Using device /dev/hme (promiscuous mode)
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10.10.10.50 -> BROADCAST UDP D=177 S=2541 LEN=35
10. 监听所有的多播包, 并显示详细内容.
#snoop -v multicast
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 1 arrived at 12:33:2.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
- 4 -
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14658
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ed38
IP: Source address = 10.10.10.50, 10.10.10.50
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
ETHER: ----- Ether Header -----
ETHER:
ETHER: Packet 2 arrived at 12:33:12.16
ETHER: Packet size = 69 bytes
ETHER: Destination = ff:ff:ff:ff:ff:ff, (broadcast)
ETHER: Source = 0:4:76:46:8f:50,
ETHER: Ethertype = 0800 (IP)
ETHER:
IP: ----- IP Header -----
IP:
IP: Version = 4
IP: Header length = 20 bytes
IP: Type of service = 0x00
IP: xxx. .... = 0 (precedence)
IP: ...0 .... = normal delay
IP: .... 0... = normal throughput
IP: .... .0.. = normal reliability
IP: Total length = 55 bytes
IP: Identification = 14985
IP: Flags = 0x0
IP: .0.. .... = may fragment
IP: ..0. .... = last fragment
IP: Fragment offset = 0 bytes
IP: Time to live = 128 seconds/hops
IP: Protocol = 17 (UDP)
IP: Header checksum = ebf1
IP: Source address = 10.10.10.50, 10.10.10.50
- 5 -
IP: Destination address = 255.255.255.255, BROADCAST
IP: No options
IP:
UDP: ----- UDP Header -----
UDP:
UDP: Source port = 2541
UDP: Destination port = 177
UDP: Length = 35
UDP: Checksum = 8E35
UDP:
11.监听所有的NTP 协议包
# snoop |grep - i NTP
Using device /dev/hme (promiscuous mode)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:48:50 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:49:54 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:50:58 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:52:02 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:53:06 2002)
ts1 -> 224.0.1.1 NTP broadcast (Tue Jul 23 12:54:10 2002)
这里我们也可看到NTP server 每隔约一分钟即向多播地址广播一次.
date
# date
2003年10月12日 星期日 10时04分16秒 CST
(CST是Chinese Standard Time的缩写)
# date 10121003 设置时间为10月12日10时03分
设备管理
软盘
#volcheck
fdformat [-dDeEfHlLmMUqvx] [-b label] [-B filename] [-t Dos-
type] [devname] //格式化
prtconf
# prtconf //配置信息
System Configuration: Sun Microsystems i86pc
Memory size: 128 Megabytes //内存
System Peripherals (Software Nodes):
i86pc
+boot (driver not attached)
memory (driver not attached)
aliases (driver not attached)
chosen (driver not attached)
i86pc-memory (driver not attached)
i86pc-mmu (driver not attached)
openprom (driver not attached)
options, instance #0
packages (driver not attached)
delayed-writes (driver not attached)
itu-props (driver not attached)
isa, instance #0
motherboard (driver not attached)
asy, instance #0
asy, instance #1
lp (driver not attached)
fdc, instance #0
fd, instance #0
fd, instance #1 (driver not attached)
i8042, instance #0
keyboard, instance #0
mouse, instance #0
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
PNP0C02 (driver not attached)
bios (driver not attached)
bios (driver not attached)
bios (driver not attached)
pci, instance #0
pci15ad,1976 (driver not attached)
pci8086,7191 (driver not attached)
pci15ad,1976 (driver not attached)
pci-ide, instance #0
ide, instance #0
cmdk, instance #0
ide, instance #1
sd, instance #0
pci15ad,1976, instance #0
pci15ad,1976 (driver not attached)
display, instance #0
pci1022,2000, instance #0
pci1274,1371 (driver not attached)
used-resources (driver not attached)
objmgr, instance #0
cpus (driver not attached)
cpu, instance #0 (driver not attached)
pseudo, instance #0
#
# prtconf | grep Memory //查看内存
Memory size: 128 Megabytes
arch
# arch -k //了解体系结构
i86pc
uname
# uname -m
i86pc
# uname
SunOS
# uname -a
SunOS wing 5.9 Generic_112234-03 i86pc i386 i86pc
eject
#eject floppy
eeprom
#eeprom selftest -#megs=64 //修改系统自检到的内存数
sysdef
#sysdef //更详细的体系机构
df
# df -k //显示当前所有已安装的文件系统上的文件数目和空闲块的数目
文件系统 千字节 用了 可用 容量 挂接在
/dev/dsk/c0d0s0 63127 36143 20672 64% /
/dev/dsk/c0d0s6 1201014 768820 372144 68% /usr
/proc 0 0 0 0% /proc
mnttab 0 0 0 0% /etc/mnttab
fd 0 0 0 0% /dev/fd
/dev/dsk/c0d0s3 55047 25258 24285 51% /var
swap 651040 24 651016 1% /var/run
swap 651016 0 651016 0% /tmp
/dev/dsk/c0d0s5 24239 15 21801 1% /opt
/dev/dsk/c0d0s7 2691830 122 2637872 1% /export/home
/dev/dsk/c0d0s1 462639 306816 109560 74% /usr/openwin
# df -a //打印所有文件系统的信息
/ (/dev/dsk/c0d0s0 ): 53968 块 30100 文件
/usr (/dev/dsk/c0d0s6 ): 864388 块 261705 文件
/proc (/proc ): 0 块 1878 文件
/etc/mnttab (mnttab ): 0 块 0 文件
/dev/fd (fd ): 0 块 0 文件
/var (/dev/dsk/c0d0s3 ): 59578 块 25450 文件
/var/run (swap ): 1
请大家多多捧场学习
标签:
