Capture NetworkPackages with iptrace AIX - janvanderwijk.tech

#tcp #tcpip #ip #sniffing #recon #iptrace #tcpdump #wireshark #ncap #recon #unix #AIX - TCPIP Network Packet Capture iptrace: TCP/IP Packet Capture Utility The legendary packet-sniffing program popular on other Unix flavors, tcpdump, is available in AIX but may not be the best tool for the job. AIX's built-in iptrace utility collects more information than tcpdump, and its companion ipreport tool provides better decoding. Note, however, that iptrace actually runs as a daemon process in the background, rather than as a shell command in the foreground, as with tcpdump. Although you can invoke iptrace directly from the command line, it's easier to control if you use the Start System Resource (startsrc) and Stop System Resource (stopsrc) commands, as Figure 8 shows. Figure 8: Running iptrace with startsrc and stopsrc # startsrc -s iptrace -a "-i en0 /home/user/iptrace/log1" [time passes] # stopsrc -s iptraceYou can then print out the captured packets, decoded, by using ipreport, as you see in Figure 9. Figure 9: Printing out captured packets by using ipreport Packet Number 20 ETH: ====( 1177 bytes transmitted on interface en0 )==== 10:35:45.432353167 ETH: [ 00:02:55:6a:a5:dc -> 00:02:55:af:20:2b ] type 800 (IP) IP: < SRC = 192.1.6.1 > (en6host1) IP: < DST = 192.1.6.2 > (en6host2) IP: ip_v=4, ip_hl=20, ip_tos=8, ip_len=1163, ip_id=1983, ip_off=0 IP: ip_ttl=60, ip_sum=e6a0, ip_p = 6 (TCP) TCP: <source port=32873, destination port=20(ftp-data) > TCP: th_seq=623eabdc, th_ack=973dcd95 TCP: th_off=5, flags<PUSH | ACK> TCP: th_win=17520, th_sum=0, th_urp=0 TCP: 00000000 69707472 61636520 322e3000 00008240 |iptrace 2.0....@| TCP: 00000010 2e4c9d00 00000065 6e000065 74000053 |.L.....en..et..S| TCP: 00000020 59535841 49584906 01000040 2e4c9d1e |[email protected]..| TCP: 00000030 c0523400 0255af20 2b000255 6aa5dc08 |.R4..U. +..Uj...| TCP: 00000040 00450000 5406f700 00ff0128 acc00106 |.E..T......(....| TCP: 00000050 01c00106 0208005a 78468a00 00402e4c |[email protected]|As an added bonus, the trace.out file created by iptrace is readable by Windows-based network analyzers, such as the free [[WIRESHARK]] (wireshark.org). Zie ook [[Sniff Password from HTTP with Wireshark]] [[NetworkAdaptor in AIX]]