实训报告一、sniffer的功能认知；1. 实时网络流量监控分析Sniffer Portable LAN能够对局域网网络流量进行实时监控和统计分析，对每个链路上的网络流量根据用户习惯，可以提供以表格或图形（条形图、饼状图和矩阵图等）方式显示的统计分析结果,内容包括：·网络总体流量实时监控统计：如当前和平均网络利用率、总的和当前的帧数、字节数、总网络节点数和激活的网络节点数、当前和总的平均帧长等。

·协议使用和分布统计：如协议类型、协议数量、协议的网络利用率、协议的字节数以及每种协议中各种不同类型的帧的数量等。

Sniffer包含通用的TCP和UDP网络应用协议如HTTP, Telnet, SNMP, FTP等。

同时，Sniffer 也具有特有的灵活性允许增加自定义的应用。

一旦应用协议加入Sniffer，针对应用的所有的监控、报警和报告便自动生效；·包尺寸分布统计：如某一帧长的帧所占百分比，某一帧长的帧数等。

·错误信息统计：如错误的CRC校验数、发生的碰撞数、错误帧数等；·主机流量实时监控统计：如进出每个网络节点的总字节数和数据包数、前x个最忙的网络节点等；话节点对等；·Sniffer还提供历史统计分析功能，可以使用户看到网络中一段时间内的流量运行状况，帮助用户更好的进行流量分析和监控。

2.应用响应时间监控和分析Sniffer 在监控网络流量和性能的同时，更加关注在网络应用的运行状况和性能管理，应用响应时间(ART)功能是Sniffer中重要的组成部分，不仅提供了对应用响应时间的实时监控，也提供对于应用响应时间的长期监控和分析能力。

首先ART监控功能提供了整体的应用性能响应时间，让用户以多种方式把握当前网络通讯中的各类应用响应时间的对比情况，如客户机/服务器响应时间、服务器响应时间，最快响应时间、最慢响应时间、平均响应时间和90%的请求的响应时间等。

3.强大的流量捕捉和实时协议解码能力Sniffer 具备强大的网络流量捕捉能力，可以将网络流量捕捉至计算机内存或直接存贮到硬盘上，从而进行解码分析。

分布式Sniffer可以对在各种网络以及Bridge/Router上运行的500多种协议进行实时解码，同时不断增加协议解码支持，Sniffer的主要协议解码包括：·IP上的TCP和UDPIP Internet ProtocolIP_AUTH IP Authentication HeaderSSL v3 SSL v3 – security standardIP_MIN_ENCAP Minimal Encapsulation for IPICMP Internet Control Message ProtocolTRLR Trailer header for IPBOOTP Bootstrap ProtocolDHCP Dynamic Host Configuration ProtocolTCP Transmission Control ProtocolUDP User Datagram ProtocolIMAP Internet Message Access ProtocolIP_RIP Routing Information ProtocolBGPv4 BGP Border Gateway Protocol GGP Gateway-to-Gateway Protocol EGP Exterior Gateway ProtocolOSPFv2 Open Shortest Path First ProtocolMOSPF Multicast Open Shortest Path Routing ProtocolIGRP Inter-Gateway Routing ProtocolIGMP Internet Group Management Protocol DVMRP Distance Vector Multicast Routing Protocol GOPHER GOPHER ProtocolNNTP NNTP Network News Transfer ProtocolPOP3 Post Office Protocol Version 3EIGRP Enhanced Interior Gateway Routing Protocol NTP Simple Network Time ProtocolGDP Gateway Discovery ProtocolTFTP TFTP Trivial File Transfer Protocol TELNET TELNETFTP File Transfer protocolSMTP Simple Mail Transfer ProtocolHTTP Hyper Text Transfer ProtocolHSRP Hot Standby Routing ProtocolIP_NETBIOS NetBIOSSERVICEON A TCP/UDP TRANSPORTDNS Domain Name ServiceDLSW Data Link Switching Over TCP/IPDCAP Data Link Switching Client Access ProtocolUNIX_RWH RWHOUNIX_RSH RSHELLUNIX_RLO RLOGINUNIX_REX REXECUNIX_RPR RPRINT ISODE ISO Over TCPSNMP Simple Network Management Protocol, up to version 3CMOT Common Management Information Services and Protocol over TCP/IPCDPD Cellular Digital Packet DataMDLP Mobile Data Link ProtocolMNRP Mobile Network Registration Protocol MNLP Mobile Network Location ProtocolSME Security Management EntityCDPD_SNDCP Subnetwork Dependent Convergence Protocol AUTH Internet Authentication ProtocolFINGER Internet Finger Information Protocol LDAP Lightweight Directory Access ProtocolCLDAP Connectionless LightWeight Directory Access ProtocolRADIUS Remote Authentication Dial In User Service YP Yellow Pages or Network Information Services SLP Service Location ProtocolGRE Generic Routing EncapsulationDSMCC Digital Storage Media Command and Control VRRP Virtual Router Redundancy ProtocolL2TP Layer 2 Tunneling ProtocolPPTP Point-to-Point Tunneling ProtocolTSQL Teradata network messagesEAP PPP Extensible Authentication Protocol PPPOE PPP Over EthernetISAKMP Internet Security Association and Key Management ProtocolATMP Ascend Tunnel Management Protocol ICP Internet Cache ProtocolSAP_R3 SAP R/3 protocolPGM Pragmatic General MulticastPIM Protocol Independent Multicast, Sparse/Dense Mode SCSP Server Cache Synchronization ProtocolL2F Layer Two Forwarding ProtocolRCP Remote Cellblaster ProtocolHCP Host Command ProtocolKERBEROS Kerberos ProtocolFCIP Fiber Channel Over IPISCSI Internet SCSI over IPCitrix ICA Citrix ICA·Novell（IPX和NetWare 5）·MicrosoftNETBIOS_LLC NETBIOS LLCNETBEUI_OTHER NETBEUI3NBP 3NBPSMB SMBSMB_OTHER SMBSMB_BROWSER SMB BROWSERSMB_NETLOGON SMB NETLOGONSMB_MSRAP SMB MSRAPDCE_RPC DCE RPCSMB_MAILSLOTS SMB MAIL SLOTSSMB_NAMED_PIPES SMB NAMED PIPESWINS WINSCRAYNETBIOS CRAY NETBIOSMS_LSARPC MS Local Security Authority Remote Procedure CallMS_WINSIF MS WINSIFMS_NETRLOGON MS NETRLOGONMS_SRVSVC MS Server serviceMS_SPOOLSS MS Spool ServiceMS_XCHG_STORE MS Exchange StoreMS_XCHG_DIRECTORY MS Exchange DirectoryMS_XCHG_MAPPER MS Exchange MapperMS_XCHG_MTA MS Exchange Message Transfer Agent SMB_ON_TCP SMB ON TCPMS_CL_DCERPC MS Distributed Computing Environment / Remote Procedure CallMS_DCOM MS_DCOM·数据库（Oracle, Sybase和MS SQL Server）TO_TNS ORACLE Transparent Network SubstrateTO_SQLNET_V2 ORACLE SQL Network for FirewallsTO_TDS Tabular Data Stream·ATM（AAL, LANE, 和PNN）·WAN（帧中继, PPP, X.25, HDLC, ISDN, SDLC, 和Cisco HDLC）·桥/路由器·Cisco（路由VLAN）CISCO_DISL Dynamic Inter-Switch Link ProtocolCISCO_ISL Inter-Switch LinkCISCO_VTP VLAN Trunk ProtocolCISCO_CDP Cisco Discovery ProtocolCISCO_DRIP Dual Ring Protocol80210 VLAN StandardizationCISCO_CGMP CISCO Group Management ProtocolCISCO_PAGP Port Aggregation Protocol·Banyan·核心路由协议MPLS_UNK_L2 MultiProtocol Label SwitchingRSVP-TE Resource Reservation Protocol Traffic Engineering extensionsLDP Label Distribution ProtocolCR-LDP Label Distribution Protocol / Constraint-basedOSPF-TE OSPF Traffic Engineering extensions IP_RIP Routing Information ProtocolBGPv4 BGP Border Gateway ProtocolGGP Gateway-to-Gateway ProtocolEGP Exterior Gateway ProtocolOSPFv2 Open Shortest Path First ProtocolMOSPF Multicast Open Shortest Path Routing ProtocolIGRP Inter-Gateway Routing ProtocolIGMP Internet Group Management Protocol DVMRP Distance Vector Multicast Routing Protocol·VoIP的可选插件包括：H.323, H.225, H.245, RAS, SIP, SCCP（Cisco Skinny）, RTP/RICP和SDP/SAPSCCP Cisco Skinny Client Control Protocol (SCCP).SIP Session Initiation ProtocolSAP Session Announcement ProtocolSDP Session Description ProtocolRTSP Real Time Streaming ProtocolH323v4 ITU IP Telephony protocol suite comprised of: H.225, H.245, RAS, H.235, etc.H225_RASv4 H225 Registration, Admission and Status (RAS) ProtocolH225_USERINFO H225 call signalling User information H225_CALLSIGv4 H225 call signalingFaststart H.225 Signaling where the logical channel is opened in the Setup messageH245_CALLCTL v8 H245 Call controlRTP Real-Time Transport ProtocolRTCP Real-Time Control ProtocolH261 Video Bitstream Compression and Content CodecH263 Video Bitstream Compression and Content Codec - with performance and error recovery improvements over H.261H235 v3 Security and Encryption for H.Series ProtocolsMEGACO Media Gateway Control ProtocolMGCP Media Gateway Control ProtocolITB301 Duetsche Bahn AGSniffer可以在OSI全部七层上进行协议解码。