Snmpdump
Jump to navigation
Jump to search
snmpdump
Description
Snmpdump est un outil qui extrait les conversations SNMP à partir d'un fichier de capture (cap, pcap).
Installation
Pré-requis
# apt-get install libnids-dev libpcap-dev libxml2-dev
Installation à partir des sources
# wget ftp://ftp.ibr.cs.tu-bs.de/pub/local/snmpdump-0.1.0.tar.gz # tar xzvf snmpdump-0.1.0.tar.gz # cd snmpdump-0.1.0/ # ./configure # make # make install
Utilisation
Paramètres
-h, --help
Affiche un résumé des options
-s, --suppress
Supprime les informations spécifiées
-f, --filter
Filtre les paquets avec des expressions de filtres pcap avant d'extraire les messages SNMP
-V, --version
Affiche la version
Exemple
# snmpdump evidence02.pcap [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [!init SEQ] [id?C/x/28]C/U/Null[id?C/x/28][P/U/Set][id?C/x/28][id?C/x/28][id?C/x/28][id?C/x/28][P/U/Set][id?C/x/28][id?C/x/28] [id?C/x/28][id?C/x/28][P/U/Set] [id?C/x/28][id?C/x/28][id?C/x/28][id?C/x/28][id?C/x/28][id?C/x/28][id?C/x/28][id?C /x/28]C/U/BitstringC/U/String[P/U/Set][id?C/x/28][asnlen? 28<41 ][len214<asnlen268438020]C/U/Null[id?C/x/28][id?C/ x/28]C/U/Null[id?C/x/28][id?C/x/28]C/U/BitstringC/U/StringC/U/Null[id?C/x/28][id?C/x/28][id?C/x/28]<?xml version=" 1.0"?> <snmptrace> <packet date="2009-10-10T13:34:08" delta="0"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:34:41" delta="32996"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.255" port="123"/> </packet> <packet date="2009-10-10T13:34:41" delta="32997"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:34:57" delta="49058"> <src ip="192.168.1.159" port="138"/> <dst ip="192.168.1.255" port="138"/> </packet> <packet date="2009-10-10T13:34:57" delta="49059"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:34:57" delta="49064"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:34:57" delta="49065"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:34:57" delta="49810"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:34:57" delta="49811"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:34:58" delta="50555"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:34:58" delta="50556"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:01" delta="53304"> <src ip="192.168.1.159" port="138"/> <dst ip="192.168.1.255" port="138"/> </packet> <packet date="2009-10-10T13:35:01" delta="53304"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:01" delta="53305"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:01" delta="53306"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:02" delta="54059"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:02" delta="54060"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:02" delta="54806"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:02" delta="54807"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:05" delta="57555"> <src ip="192.168.1.159" port="138"/> <dst ip="192.168.1.255" port="138"/> </packet> <packet date="2009-10-10T13:35:05" delta="57556"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:05" delta="57556"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:05" delta="57557"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:06" delta="58303"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:06" delta="58304"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:07" delta="59058"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:07" delta="59059"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:09" delta="61808"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:09" delta="61810"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:10" delta="62554"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:10" delta="62555"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:11" delta="63306"> <src ip="192.168.1.159" port="137"/> <dst ip="192.168.1.255" port="137"/> </packet> <packet date="2009-10-10T13:35:11" delta="63307"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:14" delta="65996"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:25" delta="77411"> <src ip="192.168.1.30" port="123"/> <dst ip="192.168.1.10" port="123"/> </packet> <packet date="2009-10-10T13:35:25" delta="77411"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.30" port="123"/> </packet> <packet date="2009-10-10T13:35:28" delta="80103"> <src ip="192.168.1.159" port="138"/> <dst ip="192.168.1.255" port="138"/> </packet> <packet date="2009-10-10T13:35:28" delta="80104"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:35:30" delta="82313"> <src ip="192.168.1.159" port="1026"/> <dst ip="10.1.1.20" port="53"/> </packet> <packet date="2009-10-10T13:35:30" delta="82670"> <src ip="10.1.1.20" port="53"/> <dst ip="192.168.1.159" port="1026"/> </packet> <packet date="2009-10-10T13:35:45" delta="97000"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.255" port="123"/> </packet> <packet date="2009-10-10T13:35:45" delta="97000"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:36:18" delta="130000"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:36:48" delta="159996"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.255" port="123"/> </packet> <packet date="2009-10-10T13:36:48" delta="159997"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:37:23" delta="194997"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:37:33" delta="205407"> <src ip="192.168.1.30" port="123"/> <dst ip="192.168.1.10" port="123"/> </packet> <packet date="2009-10-10T13:37:33" delta="205407"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.30" port="123"/> </packet> <packet date="2009-10-10T13:37:51" delta="222996"> <src ip="192.168.1.10" port="123"/> <dst ip="192.168.1.255" port="123"/> </packet> <packet date="2009-10-10T13:37:51" delta="222997"> <src ip="192.168.1.10" port="52111"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:38:14" delta="246004"> <src ip="192.168.1.159" port="1025"/> <dst ip="192.168.1.30" port="514"/> </packet> <packet date="2009-10-10T13:38:22" delta="254749"> <src ip="192.168.1.159" port="1025"/> <dst ip="192.168.1.30" port="514"/> </packet> </snmptrace>