tcpdump -v port $myport 获取经过具体某个端口的数据包;
数据包的信息为:
16:25:12.052300 IP (tos 0x0, ttl 114, id 20678, offset 0, flags [DF], proto: TCP (6), length: 40) x.x.x.125.63444 > 192.168.238.96.webcache: ., cksum 0x37b4 (correct), ack 2578740717 win 65535
length: 40)为这个数据包的大少;通过统计这些数据包的大少就得出流量。(不知道我这种想法对不对)
不过在尝试阶段,继续了解。
具体代码:
#!/bin/bash
PATH="/var/PROGRAM/MANAGEMENT/modules/xbash:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:"
LANG=zh_CN
export PATH LANG
usage="-t : which module (perl or bash shell) to be used;"
usage2="-p : which port to be watched;"
if [[ $# -eq 0 ]]
then
echo $usage
echo $usage2
exit
fi
NUM=100
TYPE=p
PORT=80
while getopts "t:p:" options;do
case $options in
t) TYPE="$OPTARG" ;;
p) PORT="$OPTARG";;
*) echo usage
echo usage2;;
esac
done
if echo $TYPE | grep -q "p"
then
for myport in `echo $PORT | sed "s/:/ /g" | xargs`
do
tcpdump -c $NUM -v port $myport | perl -ne '$rev=substr($_,index($_, "length: ")); print $rev' | perl -ne '$rev=$rev=substr($_,length("length: "),index($_,")")-index($_,": ")-2); print $rev,"\n"' | awk 'BEGIN{sum=0}{sum+=$1;}END{print "Total_Network:" sum" bytes"}'
done
else if echo $TYPE | grep -q "s"
then
for myport in `echo $PORT | sed "s/:/ /g" | xargs`
do
tcpdump -c $NUM -v port $myport | grep length:* | awk '{print $(17)}' | sed "s#)##" | awk 'BEGIN{sum=0}{sum+=$1};END{print "Total_Network:" sum" bytes"}'
done
fi
fi
通过tcpdump 观察系统上具体端口的流量
作者: libin1201119 发布时间: 2010-09-28