Build your own powerful tool for internal network supervision

This economic crisis has severely hurt large enterprises. In addition to some domestic demand-oriented enterprises, companies have begun to make decisions in the cold winter. During this period, in order to successfully launch the award and reduce corporate compensation, we have used some of the methods we do not usually use. Everything is done for employees who make mistakes and for all employees who make mistakes. Although this article describes the monitoring solution, we hope that readers can use the following story to introduce some solutions.

As the saying goes, the sky is unpredictable. Two days ago, I played the swordsman world with Leng Yang leisurely. Over the past two days, our boss talked to me about the harmonious population. There were too many people in the company. Taking into account that the company wants me to roll it back, we should take advantage of the resources that can be used.

Although the company does not pay much attention to the network, the equipment is still very willing to invest: The network built by the three-tier H3C switch. In order to be a good person for the last time, I decided to help the boss catch a few guys who go to work and see the website in disorder, so that he could open it all in one breath and save money.

Sniffing

Next Sniffer Pro, the installation process is simple, remember to restart, do not restart can not catch packets note ①.

There must be a JAVA, do not show the dashboard information, open the http://www.java.com/zh_CN/, Red JAVA + waiting for you to come. 1.

After installing everything, you can work. However, this stuff can be sniffed directly in the LAN, so we have to set port image note ②.

This time I started the switch with my most expensive one. Generally, a vro has two interfaces: an external interface and an internal interface. The normal connection method is an optical cat with an external interface and a vswitch with an internal interface. But I don't need this low-level method. Why? Because the company has money and the bandwidth is MB, this is a waste. Alas, such a rich company still wants to open me.

The final method is to connect the optical cat to the vswitch, and then the two ports of the vro are also connected to the vswitch. There are two advantages: 1. You can set an Internet IP address for other hosts on the vswitch; 2. You can use the vswitch to directly limit the speed and VLAN of each port, or isolate the network.

Insert a vswitch to the Intranet entry, at port 23. Find a PC, access the vswitch, and at Port 11.

Start to configure the H3C switch. You can do it all with the mouse. No command line is required, as shown in figure 2.

Click port> image to set the monitoring port and Image Port.

In fact, if there is no web interface, it is easy to write with statements. Telnet to the IP address of the vswitch and start the following configuration file to give a full configuration. The vswitch is basically useless, so the configuration list is refreshing.

**************************************** **************************************** *

Copyright (c) 2004-2007 Hangzhou H3C Tech. co ., ltd. all rights reserved. ** Without the owners prior written consent, ** no decompiling or reverse-engineering shall be allowed. **************************************** **************************************** *

Login authentication Username: tt (enter the user) Password: (enter the Password, implied)

% Apr 12 08: 38: 16: 685 2000 H3C SHELL/5/LOGIN:-1-Runtime (172.30.38.21) in unit1 logi ndis

^ % Incomplete command found at ^ position. sy

(To enter the system mode, both Huawei and Cisco devices can be abbreviated as long as there is no ambiguity, but it can be short, but obviously, the minimum is 2 bytes .)

System View: return to User View with Ctrl + Z.

[H3C] the abbreviation of "display current-configuration" (dis cu) is used to print configuration files. As a cool-looking IT engineer, you must learn the abbreviation, otherwise, I have to lose my job ..)

#

Sysname H3C

#

Super password level 3 simple ******* (the configuration is not changed, in plaintext... A dedicated IT engineer must save the password in plain text to ensure that the password can be retrieved after leaving the company .)

#

Radius scheme system # domain system

#

Local-user h3c

Password simple h3c

Service-type telnet

Level 3

Local-user tt

Password simple ***** (z is actually a plaintext password)

Service-type telnet

Level 3

#

Vlan 1

#

Interface Vlan-interface1

Ip address 172.30.30.204 255.255.0.0

#

Interface Aux1/0/0

#

Interface Ethernet1/0/1

#

Interface Ethernet1/0/2

#

Interface Ethernet1/0/3

#

Interface Ethernet1/0/4

#

Interface Ethernet1/0/5

#

Interface Ethernet1/0/6

#

Interface Ethernet1/0/7

#

Interface Ethernet1/0/8

#

Interface Ethernet1/0/9

#

Interface Ethernet1/0/10

#

Interface Ethernet1/0/11

Monitor-port (monitor this port)

#

Interface Ethernet1/0/12

#

Interface Ethernet1/0/13

#

Interface Ethernet1/0/14

#

Interface Ethernet1/0/15
#

Interface Ethernet1/0/16

#

Interface Ethernet1/0/17

#

Interface Ethernet1/0/18

#

Interface Ethernet1/0/19

#

Interface Ethernet1/0/20

#

Interface Ethernet1/0/21

Line-rate inbound 32000

Line-rate outbound 40000

Processing ing-port both (speed limit and mirroring)

#

Interface Ethernet1/0/22

#

Interface Ethernet1/0/23

Line-rate inbound 32000

Line-rate outbound 40000

#

Interface Ethernet1/0/24

#

Interface GigabitEthernet1/1/1

#

Interface GigabitEthernet1/1/2

#

Interface GigabitEthernet1/1/3

#

Interface GigabitEthernet1/1/4

#

Undo irf-fabric authentication-mode

#

Interface NULL0

#

Voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000

#

Snmp-agent

Snmp-agent local-engineid 800063A2000FE25E69A26877

Snmp-agent sys-info version v3

#

User-interface aux 0 7

Ser-interface vty 0 4

Authentication-mode scheme

#

Return

 

Huawei's machine is actually very simple, such as manually setting port 21, giving it a speed limit and a port image.

Interface Ethernet1/0/42 line-rate inbound 0/21 line-rate outbound 32000 trimming ing-port both

In the configuration section, we can reverse the command line and telnet to the switch:

[H3C] int (after entering three letters, click tab to automatically link the following words)

[H3C] interface [H3C] interface? (The command is followed? Can list possible parameters)

Aux interface Ethernet

Ethernet interface GigabitEthernet interface LoopBack

LoopBack interface NULL

NULL interface Vlan-interface VLAN interface [H3C] interface Ethernet?

<1-1> Unit number (The Unit interface you are prompted to set)

[H3C] interface Ethernet 1/0/21 [H3C-Ethernet1/0/21] [H3C-Ethernet1/0/21]

Processing ing-port both [H3C-Ethernet1/0/21] sa (save configuration file)

Comrades have taken a closer look. The so-called configuration file is made up of command lines stacked like blocks, and the difficulty of configuring switches is very low.

Of course, the purpose of the above operations is to solve the problem by using the mouse twice at first.

Complete the task and proceed to the next step. See that Sniffer pro works.

Because the image is configured, the sniffer works normally. A dashboard is displayed after opening, and the data is intuitive. 3.

Click the "Computer icon" in the "2nd" button to view the ranking list and select "IP Mode" in the lower left corner, because the mode displays the MAC address, which is not intuitive.

As you can see, the most traffic is used at the top of the ranking. If the machine card is used,