Description of Router port configuration statement

Configuring the router port is a very important part of the router configuration, and its steps are complex. First download the packet analysis software windump (download address: http://windump.polito.it). On a computer, install it, and then connect to the RJ45 router port that will be mirrored. On the B computer, Windump is also installed and connected to the current VLAN1 (gateway: 222.222.222.1, Mask: 255.255.255.0).





when everything is ready, the router port mirroring begins. Log on to the router using computer B, enter configuration mode, and enter the following command: SSR (config) # port mirroring Dst-ports et.1.3 src-ports gi.4.1, the above command mirrors the upper-end port (gi.4.1) to the destination port (et.1.3), which is the router port that computer a connects to. On Computer A, go to the DOS prompt, go to the directory where Windump is located, and enter the command:





c:> windump–n


windump30alpha:listening on Devicenpf_{911db410-c01e-49e8-b524-50132c6a56a8}


.........


15:57:17.516203 IP 222.222.222.17.80 > 221.215.142.50.1264:


. 46721:48181 (1460) ACK 0 win 16336 (DF)


15:57:17.516337 IP 222.222.222.17.80 > 221.215.142.50.1264:


. 48181:49641 (1460) ACK 0 win 16336 (DF)


15:57:17.518043 IP 220.198.22.202.3196 > 222.222.222.99.8882:


. 137236:138676 (1440) Ack 260501 win 64800 (DF)


15:57:17.518162 IP 218.79.246.212.64627 > 222.222.222.191.16881:


S 2898301189:2898301189 (0) win 64240 (DF)


15:57:17.518558 IP 209.24.79.200> 218.79.246.212:icmp 36:


host 222.222.222.191 unreachable (DF)


...........





The record above has been filtered. The argument "-N" in the first sentence indicates that the IP address or the router port number is converted to the hostname or router ports name, and the second sentence indicates that windump starts listening on the selected network card, and the third sentence begins with the Windump record information. Also run windump:www.3lian.com on computer B





c:> windump–n


windump30alpha:listening on DEVICENPF_{911DB410-C01E-49E8-B524-50132C6A56B4}


............


15:57:54.695935 arp Who-has 222.222.222.191 tell 222.222.222.1


15:57:55.191475 arp Who-has 222.222.222.136 tell 222.222.222.1


15:57:57.033354 arp Who-has 222.222.222.210 tell 222.222.222.1


15:57:57.039057 arp Who-has 222.222.222.69 tell 222.222.222.1


............ (Filter already made)





look at the logs on the router, I randomly find one of the records about ICMP:





June 15:51:50%acl_log-i-permit, ACL [out]


on "uplink" ICMP 210.29.42.70-> 218.79.246.212





the data collected in Computer A, several records (last two) contain "218.79.246.212" IP and this record match. From the records of these two sentences, the first line indicates that packets are sent from 218.79.246.212 TCP port 64627 to the 222.222.222.191 16881 router port. The S flag indicates that the SYN flag is set, the stream sequence number of the message is 2898301189, no data, the valid receive window is 4096 bytes, the maximum segment size (max-segment-size) option, the request setting MSS is 1452 bytes. Obviously, this is a request message. The second sentence indicates that the router has returned a "unreachable (host unreachable)" ICMP message to 218.79.246.212. This indicates that a computer with an IP address of "222.222.222.191" has not been found in this network segment.