统计当前网络对内和对外连接的流量
脚本:
根据需要修改抓包数量,我设置成100,
cat traffic.sh
#!/bin/bash
ipaddr=`ifconfig $1 | egrep -o "\b[0-9]{1,3}(\.[0-9]{1,3}){3}\b" | head -n 1`
while :
do
tcpdump -tnnv -c 100 src host $ipaddr -i $1 | awk -F ',' '{print $7}' | awk -F "\:" '{print $0}'| tr -d ')>' | awk '{print $2,$4}' | egrep -o "\b[0-9]{1,4} [0-9]{1,3}(\.[0-9]{1,3}){3}\b" | sort -k 2 | awk '{arr[$2]+=$1} END {for (i in arr) {print i,arr[i]}}' | sort -n -k 2 -r
done
运行:
sudo bash
./traffic.sh eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
100 packets captured
101 packets received by filter
0 packets dropped by kernel
x.x.x.245 11877
x.x.x..106 2135
x.x.x.106 2061
x.x.x.18 1574
x.x.x.118 756
根据需要修改抓包数量,我设置成100,
cat traffic.sh
#!/bin/bash
ipaddr=`ifconfig $1 | egrep -o "\b[0-9]{1,3}(\.[0-9]{1,3}){3}\b" | head -n 1`
while :
do
tcpdump -tnnv -c 100 src host $ipaddr -i $1 | awk -F ',' '{print $7}' | awk -F "\:" '{print $0}'| tr -d ')>' | awk '{print $2,$4}' | egrep -o "\b[0-9]{1,4} [0-9]{1,3}(\.[0-9]{1,3}){3}\b" | sort -k 2 | awk '{arr[$2]+=$1} END {for (i in arr) {print i,arr[i]}}' | sort -n -k 2 -r
done
运行:
sudo bash
./traffic.sh eth0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
100 packets captured
101 packets received by filter
0 packets dropped by kernel
x.x.x.245 11877
x.x.x..106 2135
x.x.x.106 2061
x.x.x.18 1574
x.x.x.118 756
浙公网安备 33010602011771号