用户名: 密码: 忘记密码? 注册

通过tcpdump 观察系统上具体端口的流量

作者:  时间: 2010-09-28
tcpdump  -v port $myport  获取经过具体某个端口的数据包;
数据包的信息为:
16:25:12.052300 IP (tos 0x0, ttl 114, id 20678, offset 0, flags [DF], proto: TCP (6), length: 40) x.x.x.125.63444 > 192.168.238.96.webcache: ., cksum 0x37b4 (correct), ack 2578740717 win 65535


length: 40)为这个数据包的大少;通过统计这些数据包的大少就得出流量。(不知道我这种想法对不对)





不过在尝试阶段,继续了解。


具体代码:

#!/bin/bash
PATH="/var/PROGRAM/MANAGEMENT/modules/xbash:/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:"
LANG=zh_CN
export PATH LANG

usage="-t : which module (perl or bash shell) to be used;"
usage2="-p : which port to be watched;"

if [[ $# -eq 0 ]]
   then
      echo $usage
      echo $usage2
      exit
fi

NUM=100

TYPE=p
PORT=80

while getopts "t:p:" options;do
        case $options in
                t) TYPE="$OPTARG" ;;
                p) PORT="$OPTARG";;
                *) echo  usage
                   echo  usage2;;
        esac
done


if echo $TYPE | grep -q "p"
  then
    for myport in `echo $PORT | sed "s/:/ /g" | xargs`
      do
        tcpdump -c $NUM -v port $myport | perl -ne '$rev=substr($_,index($_, "length: ")); print $rev' | perl -ne '$rev=$rev=substr($_,length("length: "),index($_,")")-index($_,": ")-2); print $rev,"\n"'  | awk 'BEGIN{sum=0}{sum+=$1;}END{print "Total_Network:" sum" bytes"}'
      done
else if echo $TYPE | grep -q "s"
     then
       for myport in `echo $PORT | sed "s/:/ /g" | xargs`
         do
          tcpdump  -c $NUM -v port $myport | grep length:*  | awk '{print $(17)}' | sed "s#)##" | awk 'BEGIN{sum=0}{sum+=$1};END{print "Total_Network:" sum" bytes"}'
         done
     fi

fi