AireOS WLC配置抓包
阅读原文时间:2023年07月11日阅读:3

这个Note主要列举在AireOS WLC上如何抓包。它实现的步骤也相对比较简单:

1、开启debug packet,

2、有数据被抓取到时,会以16进制的形式在WLC上输出,

3、我们将输出信息保存下来,然后通过Wireshark导入就可以看到抓取到的数据包了。

该操作在WLC和RADIUS server之间的交互、与AP的通信,与其他WLC之间通信等情况下需要抓包验证相关问题的时候,会有很大的帮助。

注意:

  • 最好使用SSH登录到WLC的CLI界面,这样输出的速率会快些。
  • 该feature在WLC 4.x版本之后应该都支持。
  • 该操作只能抓取WLC 控制平面(CP)和数据平面(DP)之间的交互的双向流量,不能抓取那些没有从数据平面发送到控制平面的,或是从控制层面发送的数据包。可理解为抓取的是上CPU处理的报文。

列举一些上CPU的流量类型:

  • Telnet
  • SSH
  • HTTP
  • HTTPS
  • SNMP
  • NTP
  • RADIUS
  • TACACS+
  • Mobility Messages
  • CAPWAP control
  • NMSP
  • TFTP/FTP/SFTP
  • Syslog
  • IAPP

注意:进出客户端的流量在数据平面(DP)中处理,但以下情况除外:802.11 management,802.1X / EAPOL,ARP,DHCP和Web Authentication。

配置示例:

这里以使用SSH登录WLC来作为一个示例:

1、登录到WLC的CLI界面
(Cisco Controller)
User: lcj
Password:****************
(Cisco Controller) >
(Cisco Controller) >

2、配置我们需要抓取的流量的源目地址和类型(这里抓取SSH的流量,我直接配置ip了)

我的管理地址的IP为192.168.1.100/24,网关是192.168.1.1,所以有如下配置:

(Cisco Controller) >debug packet logging acl ip 1 permit 192.168.1.1 192.168.1.100

(Cisco Controller) >debug packet logging acl ip 2 permit 192.168.1.100 192.168.1.1

(Cisco Controller) >debug packet logging format text2pcap <<<默认格式,有两种格式,另一种是hex2pcap

(Cisco Controller) >debug packet logging enable all 100 <<<开启debug并配置抓取100个包,默认是25个,后续还可以跟报文的大小

调试工具支持两种输出格式:hex2pcap和text2pcap。 IOS使用的标准格式支持使用hex2pcap,可以使用HTML前端进行解码。 text2pcap选项可以被Wireshark读取。

两种格式下的输出有所差异:

其一:hex2pcap格式

其二:text2pcap格式

3、查看配置的参数

(Cisco Controller) >show debug packet

Status……………………………………. rx/tx  <<<没有开启的时候,显示disable,这种状态表示已经开启了
Number of packets to display………………… 100
Bytes/packet to display…………………….. 0
Packet display format………………………. text2pcap

Driver ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   Ethernet ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   IP ACL:
      [1]: permit s=192.168.1.1 d=192.168.1.100 any
      [2]: permit s=192.168.1.100 d=192.168.1.1 any
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   EoIP-Ethernet ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   EoIP-IP ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   LWAPP-Dot11 ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled
   LWAPP-IP ACL:
      [1]: disabled
      [2]: disabled
      [3]: disabled
      [4]: disabled
      [5]: disabled
      [6]: disabled

4、通过CRT ,使用SSH WLC的管理地址,在CLI界面有如下输出信息:

rx len=66, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 00 34 38 24 40 00 40 06 7E EA C0 a8 01 01 C0 A8 .48$@.@.~j@(..@(
0020 01 64 E2 51 00 16 51 E9 F6 0A 00 00 00 00 80 02 .dbQ..Qiv…….
0030 FA F0 C6 0D 00 00 02 04 05 B4 01 03 03 08 01 01 zpF……4……
0040 04 02                                           ..              
tx len=66, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 .PV@….)ul9..E.
0010 00 34 00 00 40 00 40 06 B7 0E C0 a8 01 64 C0 A8 .4..@.@.7.@(.d@(
0020 01 01 00 16 E2 51 C7 16 99 45 51 e9 F6 0B 80 12 ….bQG..EQiv…
0030 15 B8 4B 20 00 00 02 04 05 6E 01 01 04 02 01 03 .8K……n……
0040 03 07                                           ..              
rx len=54, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 00 28 38 25 40 00 40 06 7E F5 C0 a8 01 01 C0 A8 .(8%@.@.~u@(..@(
0020 01 64 E2 51 00 16 51 E9 F6 0B C7 16 99 46 50 10 .dbQ..Qiv.G..FP.
0030 08 25 99 3F 00 00                               .%.?..          
rx len=95, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 00 51 38 26 40 00 40 06 7E CB C0 a8 01 01 C0 A8 .Q8&@.@.~K@(..@(
0020 01 64 E2 51 00 16 51 E9 F6 0B C7 16 99 46 50 18 .dbQ..Qiv.G..FP.
0030 08 25 56 6D 00 00 53 53 48 2D 32 2e 30 2D 53 65 .%Vm..SSH-2.0-Se
0040 63 75 72 65 43 52 54 5F 37 2E 33 2e 30 20 28 78 cureCRT_7.3.0.(x
0050 36 34 20 62 75 69 6C 64 20 36 35 37 29 0D 0A    64.build.657)..
tx len=54, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 .PV@….)ul9..E.
0010 00 28 50 CC 40 00 40 06 66 4E C0 a8 01 64 C0 A8 .(PL@.@.fN@(.d@(
0020 01 01 00 16 E2 51 C7 16 99 46 51 e9 F6 34 50 10 ….bQG..FQiv4P.
0030 00 2C A1 0F 00 00                               .,!…          
tx len=72, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 .PV@….)ul9..E.
0010 00 3A 50 CD 40 00 40 06 66 3B C0 a8 01 64 C0 A8 .:PM@.@.f;@(.d@(
0020 01 01 00 16 E2 51 C7 16 99 46 51 e9 F6 34 50 18 ….bQG..FQiv4P.
0030 00 2C 22 D7 00 00 53 53 48 2D 32 2e 30 2D 43 49 .,"W..SSH-2.0-CI
0040 53 43 4F 5F 57 4C 43 0A                         SCO_WLC.        
rx len=822, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 03 28 38 2A 40 00 40 06 7B F0 C0 a8 01 01 C0 A8 .(8*@.@.{p@(..@(
0020 01 64 E2 51 00 16 51 E9 F6 34 C7 16 99 58 50 18 .dbQ..Qiv4G..XP.
0030 08 24 92 5B 00 00 00 00 02 FC 07 14 56 B4 01 3F .$.[…..|..V4.?
0040 D0 81 02 CD 1D 5A 63 3B D8 A4 F5 75 00 00 00 B7 P..M.Zc;X$uu…7
0050 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 74 70 35 ecdh-sha2-nistp5
0060 32 31 2C 65 63 64 68 2D 73 68 61 32 2D 6E 69 73 21,ecdh-sha2-nis
0070 74 70 33 38 34 2C 65 63 64 68 2D 73 68 61 32 2D tp384,ecdh-sha2-
0080 6E 69 73 74 70 32 35 36 2C 64 69 66 66 69 65 2D nistp256,diffie-
0090 68 65 6C 6C 6D 61 6E 2D 67 72 6F 75 70 31 34 2D hellman-group14-
00A0 73 68 61 31 2C 64 69 66 66 69 65 2d 68 65 6C 6C sha1,diffie-hell
00B0 6D 61 6E 2D 67 72 6F 75 70 2D 65 78 63 68 61 6E man-group-exchan
00C0 67 65 2D 73 68 61 32 35 36 2C 64 69 66 66 69 65 ge-sha256,diffie
00D0 2D 68 65 6C 6C 6D 61 6E 2D 67 72 6f 75 70 2D 65 -hellman-group-e
00E0 78 63 68 61 6E 67 65 2D 73 68 61 31 2C 64 69 66 xchange-sha1,dif
00F0 66 69 65 2D 68 65 6C 6C 6D 61 6E 2d 67 72 6F 75 fie-hellman-grou
0100 70 31 2D 73 68 61 31 00 00 00 6B 73 73 68 2D 64 p1-sha1…kssh-d
0110 73 73 2C 73 73 68 2D 72 73 61 2C 65 63 64 73 61 ss,ssh-rsa,ecdsa
0120 2D 73 68 61 32 2D 6E 69 73 74 70 32 35 36 2C 65 -sha2-nistp256,e
0130 63 64 73 61 2D 73 68 61 32 2D 6E 69 73 74 70 33 cdsa-sha2-nistp3
0140 38 34 2C 65 63 64 73 61 2D 73 68 61 32 2D 6E 69 84,ecdsa-sha2-ni
0150 73 74 70 35 32 31 2C 78 35 30 39 76 33 2D 73 69 stp521,x509v3-si
0160 67 6E 2D 72 73 61 2C 78 35 30 39 76 33 2D 73 69 gn-rsa,x509v3-si
0170 67 6E 2D 64 73 73 00 00 00 6B 61 65 73 32 35 36 gn-dss…kaes256
0180 2D 63 74 72 2C 61 65 73 31 39 32 2d 63 74 72 2C -ctr,aes192-ctr,
0190 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 32 35 aes128-ctr,aes25
01A0 36 2D 63 62 63 2C 61 65 73 31 39 32 2D 63 62 63 6-cbc,aes192-cbc
01B0 2C 61 65 73 31 32 38 2D 63 62 63 2c 74 77 6F 66 ,aes128-cbc,twof
01C0 69 73 68 2D 63 62 63 2C 62 6C 6F 77 66 69 73 68 ish-cbc,blowfish
01D0 2D 63 62 63 2C 33 64 65 73 2D 63 62 63 2C 61 72 -cbc,3des-cbc,ar
01E0 63 66 6F 75 72 00 00 00 6B 61 65 73 32 35 36 2D cfour…kaes256-
01F0 63 74 72 2C 61 65 73 31 39 32 2D 63 74 72 2C 61 ctr,aes192-ctr,a
0200 65 73 31 32 38 2D 63 74 72 2C 61 65 73 32 35 36 es128-ctr,aes256
0210 2D 63 62 63 2C 61 65 73 31 39 32 2d 63 62 63 2C -cbc,aes192-cbc,
0220 61 65 73 31 32 38 2D 63 62 63 2C 74 77 6F 66 69 aes128-cbc,twofi
0230 73 68 2D 63 62 63 2C 62 6C 6F 77 66 69 73 68 2D sh-cbc,blowfish-
0240 63 62 63 2C 33 64 65 73 2D 63 62 63 2C 61 72 63 cbc,3des-cbc,arc
0250 66 6F 75 72 00 00 00 5B 68 6D 61 63 2D 73 68 61 four…[hmac-sha
0260 32 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 32 2D 2-512,hmac-sha2-
0270 32 35 36 2C 68 6D 61 63 2D 73 68 61 31 2C 68 6D 256,hmac-sha1,hm
0280 61 63 2D 73 68 61 31 2D 39 36 2C 68 6D 61 63 2D ac-sha1-96,hmac-
0290 6D 64 35 2C 68 6D 61 63 2D 6D 64 35 2D 39 36 2C md5,hmac-md5-96,
02A0 75 6D 61 63 2D 36 34 40 6F 70 65 6e 73 73 68 2E umac-64@openssh.
02B0 63 6F 6D 00 00 00 5B 68 6D 61 63 2d 73 68 61 32 com…[hmac-sha2
02C0 2D 35 31 32 2C 68 6D 61 63 2D 73 68 61 32 2D 32 -512,hmac-sha2-2
02D0 35 36 2C 68 6D 61 63 2D 73 68 61 31 2C 68 6D 61 56,hmac-sha1,hma
02E0 63 2D 73 68 61 31 2D 39 36 2C 68 6d 61 63 2D 6D c-sha1-96,hmac-m
02F0 64 35 2C 68 6D 61 63 2D 6D 64 35 2d 39 36 2C 75 d5,hmac-md5-96,u
0300 6D 61 63 2D 36 34 40 6F 70 65 6E 73 73 68 2E 63 mac-64@openssh.c
0310 6F 6D 00 00 00 04 6E 6F 6E 65 00 00 00 04 6E 6F om….none….no
0320 6E 65 00 00 00 00 00 00 00 00 00 00 00 00 00 56 ne………….V
0330 95 1B 7F FE 57 3E                               …~W>          
tx len=734, encap=n/a, port=1
0000 00 50 56 C0 00 03 00 0C 29 75 EC 39 08 00 45 00 .PV@….)ul9..E.
0010 02 D0 50 CE 40 00 40 06 63 A4 C0 a8 01 64 C0 A8 .PPN@.@.c$@(.d@(
0020 01 01 00 16 E2 51 C7 16 99 58 51 e9 F9 34 50 18 ….bQG..XQiy4P.
0030 00 38 62 04 00 00 00 00 02 A4 09 14 25 12 5B 36 .8b……$..%.[6
0040 C4 2F 11 A0 35 D1 14 B2 AC DE 8B 3b 00 00 00 59 D/..5Q.2,^.;…Y
0050 64 69 66 66 69 65 2D 68 65 6C 6C 6d 61 6E 2D 67 diffie-hellman-g
0060 72 6F 75 70 2D 65 78 63 68 61 6E 67 65 2D 73 68 roup-exchange-sh
0070 61 31 2C 64 69 66 66 69 65 2D 68 65 6C 6C 6D 61 a1,diffie-hellma
0080 6E 2D 67 72 6F 75 70 31 34 2D 73 68 61 31 2C 64 n-group14-sha1,d
0090 69 66 66 69 65 2D 68 65 6C 6C 6D 61 6E 2D 67 72 iffie-hellman-gr
00A0 6F 75 70 31 2D 73 68 61 31 00 00 00 0F 73 73 68 oup1-sha1….ssh
00B0 2D 72 73 61 2C 73 73 68 2D 64 73 73 00 00 00 9C -rsa,ssh-dss….
00C0 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 31 39 aes128-ctr,aes19
00D0 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 74 72 2-ctr,aes256-ctr
00E0 61 72 63 66 6F 75 72 32 35 36 2C 61 72 63 66 6F arcfour256,arcfo
00F0 75 72 31 32 38 2C 61 65 73 31 32 38 2D 63 62 63 ur128,aes128-cbc
0100 2C 33 64 65 73 2D 63 62 63 2C 62 6c 6F 77 66 69 ,3des-cbc,blowfi
0110 73 68 2D 63 62 63 2C 63 61 73 74 31 32 38 2D 63 sh-cbc,cast128-c
0120 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 bc,aes192-cbc,ae
0130 73 32 35 36 2D 63 62 63 2C 61 72 63 66 6F 75 72 s256-cbc,arcfour
0140 2C 72 69 6A 6E 64 61 65 6C 2D 63 62 63 40 6C 79 ,rijndael-cbc@ly
0150 73 61 74 6F 72 2E 6C 69 75 2E 73 65 00 00 00 9C sator.liu.se….
0160 61 65 73 31 32 38 2D 63 74 72 2C 61 65 73 31 39 aes128-ctr,aes19
0170 32 2D 63 74 72 2C 61 65 73 32 35 36 2D 63 74 72 2-ctr,aes256-ctr
0180 61 72 63 66 6F 75 72 32 35 36 2C 61 72 63 66 6F arcfour256,arcfo
0190 75 72 31 32 38 2C 61 65 73 31 32 38 2D 63 62 63 ur128,aes128-cbc
01A0 2C 33 64 65 73 2D 63 62 63 2C 62 6c 6F 77 66 69 ,3des-cbc,blowfi
01B0 73 68 2D 63 62 63 2C 63 61 73 74 31 32 38 2D 63 sh-cbc,cast128-c
01C0 62 63 2C 61 65 73 31 39 32 2D 63 62 63 2C 61 65 bc,aes192-cbc,ae
01D0 73 32 35 36 2D 63 62 63 2C 61 72 63 66 6F 75 72 s256-cbc,arcfour
01E0 2C 72 69 6A 6E 64 61 65 6C 2D 63 62 63 40 6C 79 ,rijndael-cbc@ly
01F0 73 61 74 6F 72 2E 6C 69 75 2E 73 65 00 00 00 55 sator.liu.se…U
0200 68 6D 61 63 2D 6D 64 35 2C 68 6D 61 63 2D 73 68 hmac-md5,hmac-sh
0210 61 31 2C 68 6D 61 63 2D 72 69 70 65 6D 64 31 36 a1,hmac-ripemd16
0220 30 2C 68 6D 61 63 2D 72 69 70 65 6d 64 31 36 30 0,hmac-ripemd160
0230 40 6F 70 65 6E 73 73 68 2E 63 6F 6d 2C 68 6D 61 @openssh.com,hma
0240 63 2D 73 68 61 31 2D 39 36 2C 68 6d 61 63 2D 6D c-sha1-96,hmac-m
0250 64 35 2D 39 36 00 00 00 55 68 6D 61 63 2D 6D 64 d5-96…Uhmac-md
0260 35 2C 68 6D 61 63 2D 73 68 61 31 2c 68 6D 61 63 5,hmac-sha1,hmac
0270 2D 72 69 70 65 6D 64 31 36 30 2C 68 6D 61 63 2D -ripemd160,hmac-
0280 72 69 70 65 6D 64 31 36 30 40 6F 70 65 6E 73 73 ripemd160@openss
0290 68 2E 63 6F 6D 2C 68 6D 61 63 2D 73 68 61 31 2D h.com,hmac-sha1-
02A0 39 36 2C 68 6D 61 63 2D 6D 64 35 2d 39 36 00 00 96,hmac-md5-96..
02B0 00 09 6E 6F 6E 65 2C 7A 6C 69 62 00 00 00 09 6E ..none,zlib….n
02C0 6F 6E 65 2C 7A 6C 69 62 00 00 00 00 00 00 00 00 one,zlib……..
02D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00       …………..  
rx len=326, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 01 38 38 2E 40 00 40 06 7D DC C0 a8 01 01 C0 A8 .88.@.@.}\@(..@(
0020 01 64 E2 51 00 16 51 E9 F9 34 C7 16 9C 00 50 18 .dbQ..Qiy4G…P.
0030 08 22 43 55 00 00 00 00 01 0C 05 1e 00 00 01 01 ."CU…………
0040 00 FF ED 3E 3C 77 42 9D 9D 6F 98 bc 4C A9 72 29 ..m>
00F0 A5 45 43 97 E3 86 84 06 37 A2 94 0f C0 B8 BE D5 %EC.c…7"..@8>U
0100 4D 44 91 85 5A 73 D6 C3 4F 9E 61 b9 66 6D 02 79 MD..ZsVCO.a9fm.y
0110 A1 E1 66 A0 FE 3F CA 55 80 1A EA 41 3A 77 30 B3 !af.~?JU..jA:w03
0120 08 0E F9 E7 19 55 76 CD D0 98 AD 04 A9 51 7B A6 ..yg.UvMP.-.)Q{&
0130 51 58 7D 56 5D 04 A4 56 80 6D 2D a1 B2 1F 3C D3 QX}V].$V.m-!2.6.[dCSn.xPd.
00B0 03 F4 EC 90 BC FE AA 81 A0 6C 5B 6e 95 B5 D1 5D .tl.<~*..l[n.5Q] 00C0 B9 86 0C E8 89 68 0F 8F A9 98 9D 64 06 17 FE 99 9..h.h..)..d..~. 00D0 00 00 00 15 00 94 40 50 84 27 CC e0 1E F7 41 D3 ……@P.'L`.wAS 00E0 3F 6F 6F 04 C3 64 26 97 97 00 00 00 81 00 9C D1 ?oo.Cd&……..Q 00F0 62 44 E2 E4 DA B3 76 67 91 AF AB 9b 6E 03 C7 10 bDbdZ3vg./+.n.G. 0100 C7 A9 D0 A9 96 A6 D3 77 21 D2 88 ba FF A6 60 2D G)P).&Sw!R.:.&`- 0110 FA 3B CC EF F7 F8 17 3F 74 C7 D1 c2 AA FB 5E 7A z;Lowx.?tGQB*{^z 0120 B3 BD FC 1C 32 4C 0B 17 11 45 CD a1 D5 6A E0 16 3=|.2L…EM!Uj`. 0130 B6 B2 1E 19 70 5D 40 89 7F BE B3 91 EE 81 92 C8 62..p]@..>3.n..H
0140 02 A6 01 6F 0B 70 FC A8 95 B3 A8 ed 99 D7 B6 BA .&.o.p|(.3(m.W6:
0150 1B 33 7E DA 2E 55 24 40 04 ED DC e3 07 17 3A A7 .3~Z.U$@.m\c..:'
0160 F4 54 A9 96 F0 93 94 4A 52 A4 AE 78 2A DB 00 00 tT).p..JR$.x*[..
0170 00 81 00 A8 DD 96 79 37 80 DA 0F 56 C6 31 AB 71 …(].y7.Z.VF1+q
0180 94 9E C2 E8 41 72 FD 1F 39 A2 37 0d 7A E8 0B 45 ..BhAr}.9"7.zh.E
0190 E9 EF 76 59 7F A1 5F 4C 73 2E E5 e7 D6 9A 93 F5 iovY.!_Ls.egV..u
01A0 78 6F 67 B8 9B E7 22 D7 4F BC FF 8d 9A 3E A0 85 xog8.g"WO<…>..
01B0 F4 EA E0 0B 5F DF B4 E3 18 22 E2 56 B5 8F C1 89 tj`.__4c."bV5.A.
01C0 7F 6A DD 95 C5 17 53 1A 6B 5E ED 7f 72 15 D2 69 .j].E.S.k^m.r.Ri
01D0 3D DB 1F 1B 19 CC E1 7E 6F 95 C8 1b A6 60 12 CD =[…La~o.H.&`.M
01E0 24 D5 47 99 94 4B 8F 3D 4C 79 C5 97 3C 97 29 20 $UG..K.=LyE.<.). 01F0 2C 4C 13 00 00 01 00 3E 70 BF FB f1 8D EA A2 BF ,L…..>p?{q.j"?
0200 33 F8 74 84 9A DC 38 C7 18 B4 30 6b 79 FD 8D CD 3xt..\8G.40ky}.M
0210 9A 78 3E CA 10 B6 81 B1 3F 78 15 1d AA 41 D2 6B .x>J.6.1?x..*ARk
0220 83 A2 4D 27 D0 8B B4 9C B2 0F 21 51 58 50 D5 4E ."M'P.4.2.!QXPUN
0230 27 B0 9F FE 9B F3 3E E6 F4 6A 39 18 83 1B 67 BB '0.~.s>ftj9…g;
0240 FD F0 39 22 C4 DE 94 E6 33 A5 F4 f2 31 02 A2 D3 }p9"D^.f3%tr1."S
0250 1F 4F 4D 49 EE 97 45 72 66 99 C5 13 50 6A 3E 9A .OMIn.Erf.E.Pj>.
0260 59 6A D7 B8 F1 94 1A CC 49 9E 21 54 CD A5 E1 C9 YjW8q..LI.!TM%aI
0270 2D 7D 14 85 02 29 1D 2B A9 7E 4E e2 4D 76 BA C1 -}…).+)~NbMv:A
0280 E2 92 73 2C 69 80 F7 F4 86 F2 84 57 52 21 4C 03 b.s,i.wt.r.WR!L.
0290 07 C5 C0 AC AB 3F 0A D0 BF 31 40 e7 A4 65 F2 A4 .E@,+?.P?1@g$er$
02A0 FC 59 10 15 25 56 6A D6 C7 CC 42 43 B9 9C 72 90 |Y..%VjVGLBC9.r.
02B0 C5 35 83 64 26 CC A5 E5 F5 B0 53 7d 41 47 48 DE E5.d&L%eu0S}AGH^
02C0 F5 2A DF B0 64 29 BE 2E 42 46 5D c8 7F AB 69 2C u*_0d)>.BF]H.+i,
02D0 41 2F 89 5B 38 CE E9 A8 A4 23 14 1b 28 24 CB 96 A/.[8Ni($#..($K.
02E0 45 F9 7D B4 E6 2C 81 03 87 7F B2 7b A7 0B 38 C1 Ey}4f,….2{'.8A
02F0 60 B1 25 D5 CA 6E 1C 00 00 00 37 00 00 00 07 73 `1%UJn….7….s
0300 73 68 2D 64 73 73 00 00 00 28 22 58 22 DC 44 2F sh-dss…("X"\D/
0310 D8 08 DF 2F AA 3B AC 7C 35 8F E5 b4 CB 96 14 35 X._/*;,|5.e4K..5
0320 BE AF 39 BD 82 4E 22 96 39 0B 4B 33 31 71 C8 F6 >/9=.N".9.K31qHv
0330 80 84 00 00 00 00 00 00 00 0C 0A 15 00 00 00 00 …………….
0340 00 00 00 00 00 00                               ……          
rx len=70, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 00 38 38 2F 40 00 40 06 7E DB C0 a8 01 01 C0 A8 .88/@.@.~[@(..@(
0020 01 64 E2 51 00 16 51 E9 FA 44 C7 16 9F 10 50 18 .dbQ..QizDG…P.
0030 08 25 4E 5B 00 00 00 00 00 0C 0A 15 67 24 F3 7E .%N[……..g$s~
0040 A6 03 0C 35 29 CC                               &..5)L          
rx len=106, encap=ip, port=1
0000 00 0C 29 75 EC 39 00 50 56 C0 00 03 08 00 45 00 ..)ul9.PV@….E.
0010 00 5C 38 30 40 00 40 06 7E B6 C0 a8 01 01 C0 A8 .\80@.@.~6@(..@(
0020 01 64 E2 51 00 16 51 E9 FA 54 C7 16 9F 10 50 18 .dbQ..QizTG…P.
0030 08 25 F6 EE 00 00 D8 27 21 49 9C 9d 4B 21 11 43 .%vn..X'!I..K!.C
0040 AE 1F 05 2E EB 77 67 6E D7 69 5F ec 66 9F 28 89 ….kwgnWi_lf.(.
0050 7F ED E3 87 4B 6E D1 10 D5 94 9A a1 24 6E 66 FC .mc.KnQ.U..!$nf|

5、将这一部分保存出来,我们需要通过Wireshark打开它

6、打开Wireshark,按照如下步骤导入我们抓取到的信息:

选择对应的抓取信息保存下载的文件,然后打开

可以看到我们抓到的SSH的报文

其他操作:

删除debug:

删除我们匹配的流量

> debug packet logging acl ip 1 disable
> debug packet logging acl ip 2 disable

管理debug操作:

> debug packet logging disable

当我们抓取其他信息时候,可能也是SSH登录到WLC的,为了避免抓取到SSH的报文干扰故障排查,我们可以写如下的ACL deny掉SSH的流量:

> debug packet logging acl ip 1 deny tcp 22 any
> debug packet logging acl ip 2 deny tcp any 22
> debug packet logging acl ip 3 permit any any