1、Sniffer University 1-1Sniffer 软件使用介绍Sniffer University 1-2Sniffer介绍与 Netxray比较, Sniffer支持的协议更丰富,例如 PPPOE协议等在 Netxray并不支持,在Sniffer上能够进行快速解码分析 Netxray不能在 Windows 2000和 Windows XP上正常运行, Sniffer Pro 4.6可以运行在各种Windows平台上。 Sniffer软件比较大,运行时需要的计算机内存比较大 Sniffer University 1-3功能介绍捕获网络流量进行详细分析 利用专家分析系统诊断问题 实时监
2、控网络活动 收集网络利用率和错误等 在进行流量捕获之前首先选择网络适配器,确定从计算机的哪个网络适配器上接收数据。位置: File-select settings Sniffer University 1-4Adapter ToolsPingTrace RouteDNS LookupFingerWho IsTriggerName DiscoveryAlarmsMonitor FiltersMonitor ApplicationsDashboardHost TableMatrixARTHistory SamplesProtocol DistributionGlobal StatisticsCap
3、ture FiltersDisplay FiltersDisplays DecodeMatrixHost TableProtocol DistStatisticsProbe DirProfilesConfigsAddr BkDatabaseTraces Exported DataSniffer Portable OperationSniffer University 1-5系统要求 Windows 98 SE, 2000, or NT 4.0 Sniffer Portable Software (Provided by Network Associates) Microsoft Interne
4、t Explorer with MS Virtual Machine and media player Pentium 400 MHz CPU with minimum 128 MB RAM (256 MB recommended) and minimum 125 MB free disk space Network Interface Card with NDIS 3.0+ driver Enhanced NAI drivers for selected cards enhance performance and allow error frames to be captured and a
5、nalyzedSniffer University 1-6支持的接口类型Ethernet 10/100Token Ring 4/16FDDIHSSIFull Duplex (supported with a pod) ATMWANGigabit Ethernet802.11b Wireless LANSniffer University 1-7The OSI Model and FramesFrames include headers at several layers of the OSI model The number of headers in a frame is protocol-
6、dependentEach header has multiple fields that are also protocol-dependent The Sniffer Network Analyzer reads the entire frame and decodes each byte (and sometimes each bit) into an English explanation of the values DLC ApplicationPresentationSessionTransportNetworkLLCRISniffer University 1-8启用 Sniff
7、erSniffer University 1-9开启 Sniffer开启 SNIFFER.EXE应用程序选择 File- Select Settings. 选择想用的本地代理Adapters must be previously configured in Windows and use NAI enhanced or NDIS 3.0+ compliant drivers 应用程序自动开始通过活动的本地代理监控流量Sniffer University 1-10本地代理 ?本地代理指一组设定、地址及与网卡相关的配置文件的逻辑概念在 Sniffer 的程序目录中,每个本地代理都有唯一的目录;所作的修改奖杯保存在活动本地代理的目录中AdapterLocal Agent 2ConfigurationsThresholdsAddress BookProfiles (Filters)Local Agent 1ConfigurationsThresholdsAddress BookProfiles (Filters)
