Created
February 19, 2019 12:31
-
-
Save wcc526/12c40c8598c06acc74ad1370a269b1d6 to your computer and use it in GitHub Desktop.
网络分析脚本
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
#显示菜单(单选) | |
display_menu(){ | |
local soft=$1 | |
local prompt="which ${soft} you'd select: " | |
eval local arr=(\${${soft}_arr[@]}) | |
while true | |
do | |
echo -e "#################### ${soft} setting ####################\n\n" | |
for ((i=1;i<=${#arr[@]};i++ )); do echo -e "$i) ${arr[$i-1]}"; done | |
echo | |
read -p "${prompt}" $soft | |
eval local select=\$$soft | |
if [ "$select" == "" ] || [ "${arr[$soft-1]}" == "" ];then | |
prompt="input errors,please input a number: " | |
else | |
eval $soft=${arr[$soft-1]} | |
eval echo "your selection: \$$soft" | |
break | |
fi | |
done | |
} | |
#把带宽bit单位转换为人类可读单位 | |
bit_to_human_readable(){ | |
#input bit value | |
local trafficValue=$1 | |
if [[ ${trafficValue%.*} -gt 922 ]];then | |
#conv to Kb | |
trafficValue=`awk -v value=$trafficValue 'BEGIN{printf "%0.1f",value/1024}'` | |
if [[ ${trafficValue%.*} -gt 922 ]];then | |
#conv to Mb | |
trafficValue=`awk -v value=$trafficValue 'BEGIN{printf "%0.1f",value/1024}'` | |
echo "${trafficValue}Mb" | |
else | |
echo "${trafficValue}Kb" | |
fi | |
else | |
echo "${trafficValue}b" | |
fi | |
} | |
#判断包管理工具 | |
check_package_manager(){ | |
local manager=$1 | |
local systemPackage='' | |
if cat /etc/issue | grep -q -E -i "ubuntu|debian";then | |
systemPackage='apt' | |
elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then | |
systemPackage='yum' | |
elif cat /proc/version | grep -q -E -i "ubuntu|debian";then | |
systemPackage='apt' | |
elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then | |
systemPackage='yum' | |
else | |
echo "unkonw" | |
fi | |
if [ "$manager" == "$systemPackage" ];then | |
return 0 | |
else | |
return 1 | |
fi | |
} | |
#实时流量 | |
realTimeTraffic(){ | |
local eth="" | |
local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`) | |
local nicLen=${#nic_arr[@]} | |
if [[ $nicLen -eq 0 ]]; then | |
echo "sorry,I can not detect any network device,please report this issue to author." | |
exit 1 | |
elif [[ $nicLen -eq 1 ]]; then | |
eth=$nic_arr | |
else | |
display_menu nic | |
eth=$nic | |
fi | |
local clear=true | |
local eth_in_peak=0 | |
local eth_out_peak=0 | |
local eth_in=0 | |
local eth_out=0 | |
while true;do | |
#移动光标到0:0位置 | |
printf "\033[0;0H" | |
#清屏并打印Now Peak | |
[[ $clear == true ]] && printf "\033[2J" && echo "$eth--------Now--------Peak-----------" | |
traffic_be=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`) | |
sleep 2 | |
traffic_af=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`) | |
#计算速率 | |
eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/2 )) | |
eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/2 )) | |
#计算流量峰值 | |
[[ $eth_in -gt $eth_in_peak ]] && eth_in_peak=$eth_in | |
[[ $eth_out -gt $eth_out_peak ]] && eth_out_peak=$eth_out | |
#移动光标到2:1 | |
printf "\033[2;1H" | |
#清除当前行 | |
printf "\033[K" | |
printf "%-20s %-20s\n" "Receive: $(bit_to_human_readable $eth_in)" "$(bit_to_human_readable $eth_in_peak)" | |
#清除当前行 | |
printf "\033[K" | |
printf "%-20s %-20s\n" "Transmit: $(bit_to_human_readable $eth_out)" "$(bit_to_human_readable $eth_out_peak)" | |
[[ $clear == true ]] && clear=false | |
done | |
} | |
#流量和连接概览 | |
trafficAndConnectionOverview(){ | |
if ! which tcpdump > /dev/null;then | |
echo "tcpdump not found,going to install it." | |
if check_package_manager apt;then | |
apt-get -y install tcpdump | |
elif check_package_manager yum;then | |
yum -y install tcpdump | |
fi | |
fi | |
local reg="" | |
local eth="" | |
local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`) | |
local nicLen=${#nic_arr[@]} | |
if [[ $nicLen -eq 0 ]]; then | |
echo "sorry,I can not detect any network device,please report this issue to author." | |
exit 1 | |
elif [[ $nicLen -eq 1 ]]; then | |
eth=$nic_arr | |
else | |
display_menu nic | |
eth=$nic | |
fi | |
echo "please wait for 10s to generate network data..." | |
echo | |
#当前流量值 | |
local traffic_be=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`) | |
#tcpdump监听网络 | |
tcpdump -v -i $eth -tnn > /tmp/tcpdump_temp 2>&1 & | |
sleep 10 | |
clear | |
kill `ps aux | grep tcpdump | grep -v grep | awk '{print $2}'` | |
#10s后流量值 | |
local traffic_af=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`) | |
#打印10s平均速率 | |
local eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/10 )) | |
local eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/10 )) | |
echo -e "\033[32mnetwork device $eth average traffic in 10s: \033[0m" | |
echo "$eth Receive: $(bit_to_human_readable $eth_in)/s" | |
echo "$eth Transmit: $(bit_to_human_readable $eth_out)/s" | |
echo | |
local regTcpdump=$(ifconfig | grep -A 1 $eth | awk -F'[: ]+' '$0~/inet addr:/{printf $4"|"}' | sed -e 's/|$//' -e 's/^/(/' -e 's/$/)\\\\\.[0-9]+:/') | |
#新旧版本tcpdump输出格式不一样,分别处理 | |
if awk '/^IP/{print;exit}' /tmp/tcpdump_temp | grep -q ")$";then | |
#处理tcpdump文件 | |
awk '/^IP/{print;getline;print}' /tmp/tcpdump_temp > /tmp/tcpdump_temp2 | |
else | |
#处理tcpdump文件 | |
awk '/^IP/{print}' /tmp/tcpdump_temp > /tmp/tcpdump_temp2 | |
sed -i -r 's#(.*: [0-9]+\))(.*)#\1\n \2#' /tmp/tcpdump_temp2 | |
fi | |
awk '{len=$NF;sub(/\)/,"",len);getline;print $0,len}' /tmp/tcpdump_temp2 > /tmp/tcpdump | |
#统计每个端口在10s内的平均流量 | |
echo -e "\033[32maverage traffic in 10s base on server port: \033[0m" | |
awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line="clients > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > clients"};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \ | |
sort -k 4 -nr | head -n 10 | while read a b c d;do | |
echo "$a $b $c $(bit_to_human_readable $d)/s" | |
done | |
echo -ne "\033[11A" | |
echo -ne "\033[50C" | |
echo -e "\033[32maverage traffic in 10s base on client port: \033[0m" | |
awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > server"}else{line="server > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \ | |
sort -k 4 -nr | head -n 10 | while read a b c d;do | |
echo -ne "\033[50C" | |
echo "$a $b $c $(bit_to_human_readable $d)/s" | |
done | |
echo | |
#统计在10s内占用带宽最大的前10个ip | |
echo -e "\033[32mtop 10 ip average traffic in 10s base on server: \033[0m" | |
awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \ | |
sort -k 4 -nr | head -n 10 | while read a b c d;do | |
echo "$a $b $c $(bit_to_human_readable $d)/s" | |
done | |
echo -ne "\033[11A" | |
echo -ne "\033[50C" | |
echo -e "\033[32mtop 10 ip average traffic in 10s base on client: \033[0m" | |
awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11}else{line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \ | |
sort -k 4 -nr | head -n 10 | while read a b c d;do | |
echo -ne "\033[50C" | |
echo "$a $b $c $(bit_to_human_readable $d)/s" | |
done | |
echo | |
#统计连接状态 | |
local regSS=$(ifconfig | grep -A 1 $eth | awk -F'[: ]+' '$0~/inet addr:/{printf $4"|"}' | sed -e 's/|$//') | |
ss -an | grep -v -E "LISTEN|UNCONN" | grep -E "$regSS" > /tmp/ss | |
echo -e "\033[32mconnection state count: \033[0m" | |
awk 'NR>1{sum[$(NF-4)]+=1}END{for (state in sum){print state,sum[state]}}' /tmp/ss | sort -k 2 -nr | |
echo | |
#统计各端口连接状态 | |
echo -e "\033[32mconnection state count by port base on server: \033[0m" | |
awk 'NR>1{sum[$(NF-4),$(NF-1)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}}' /tmp/ss | sort -k 3 -nr | head -n 100 | |
echo -ne "\033[11A" | |
echo -ne "\033[50C" | |
echo -e "\033[32mconnection state count by port base on client: \033[0m" | |
awk 'NR>1{sum[$(NF-4),$(NF)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}}' /tmp/ss | sort -k 3 -nr | head -n 100 | awk '{print "\033[50C"$0}' | |
echo | |
#统计端口为80且状态为ESTAB连接数最多的前100个IP | |
echo -e "\033[32mtop 10 ip ESTAB state count at port 80: \033[0m" | |
cat /tmp/ss | grep ESTAB | awk -F'[: ]+' '{sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}}' | sort -k 2 -nr | head -n 100 | |
echo | |
#统计端口为80且状态为SYN-RECV连接数最多的前100个IP | |
echo -e "\033[32mtop 10 ip SYN-RECV state count at port 80: \033[0m" | |
cat /tmp/ss | grep -E "$regSS" | grep SYN-RECV | awk -F'[: ]+' '{sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}}' | sort -k 2 -nr | head -n 100 | |
} | |
main(){ | |
while true; do | |
echo -e "1) real time traffic.\n2) traffic and connection overview.\n" | |
read -p "please input your select(ie 1): " select | |
case $select in | |
1) realTimeTraffic;break;; | |
2) trafficAndConnectionOverview;break;; | |
*) echo "input error,please input a number.";; | |
esac | |
done | |
} | |
main |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment