首页 > 代码库 > sehll流量检测脚本

sehll流量检测脚本

  1 #!/bin/bash  2   3 #write by zhumaohai(admin#centos.bz)  4 #author blog: www.centos.bz  5   6   7 #显示菜单(单选)  8 display_menu(){  9 local soft=$1 10 local prompt="which ${soft} you‘d select: " 11 eval local arr=(\${${soft}_arr[@]}) 12 while true 13 do 14     echo -e "#################### ${soft} setting ####################\n\n" 15     for ((i=1;i<=${#arr[@]};i++ )); do echo -e "$i) ${arr[$i-1]}"; done 16     echo 17     read -p "${prompt}" $soft 18     eval local select=\$$soft 19     if [ "$select" == "" ] || [ "${arr[$soft-1]}" == ""  ];then 20         prompt="input errors,please input a number: " 21     else 22         eval $soft=${arr[$soft-1]} 23         eval echo "your selection: \$$soft"             24         break 25     fi 26 done 27 } 28  29 #把带宽bit单位转换为人类可读单位 30 bit_to_human_readable(){ 31     #input bit value 32     local trafficValue=http://www.mamicode.com/$1"color: #008080;"> 33  34     if [[ ${trafficValue%.*} -gt 922 ]];then 35         #conv to Kb 36         trafficValue=http://www.mamicode.com/`awk -v value=$trafficValue BEGIN{printf "%0.1f",value/1024}` 37         if [[ ${trafficValue%.*} -gt 922 ]];then 38             #conv to Mb 39             trafficValue=http://www.mamicode.com/`awk -v value=$trafficValue BEGIN{printf "%0.1f",value/1024}` 40             echo "${trafficValue}Mb" 41         else 42             echo "${trafficValue}Kb" 43         fi 44     else 45         echo "${trafficValue}b" 46     fi 47 } 48  49 #判断包管理工具 50 check_package_manager(){ 51     local manager=$1 52     local systemPackage=‘‘ 53     if cat /etc/issue | grep -q -E -i "ubuntu|debian";then 54         systemPackage=apt 55     elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then 56         systemPackage=yum 57     elif cat /proc/version | grep -q -E -i "ubuntu|debian";then 58         systemPackage=apt 59     elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then 60         systemPackage=yum 61     else 62         echo "unkonw" 63     fi 64  65     if [ "$manager" == "$systemPackage" ];then 66         return 0 67     else 68         return 1 69     fi   70 } 71  72  73 #实时流量 74 realTimeTraffic(){ 75     local eth="" 76     local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`) 77     local nicLen=${#nic_arr[@]} 78     if [[ $nicLen -eq 0 ]]; then 79         echo "sorry,I can not detect any network device,please report this issue to author." 80         exit 1 81     elif [[ $nicLen -eq 1 ]]; then 82         eth=$nic_arr 83     else 84         display_menu nic 85         eth=$nic 86     fi   87  88     local clear=true 89     local eth_in_peak=0 90     local eth_out_peak=0 91     local eth_in=0 92     local eth_out=0 93  94     while true;do 95         #移动光标到0:0位置 96         printf "\033[0;0H" 97         #清屏并打印Now Peak 98         [[ $clear == true ]] && printf "\033[2J" && echo "$eth--------Now--------Peak-----------" 99         traffic_be=(`awk -v eth=$eth -F[: ]+ {if ($0 ~eth){print $3,$11}} /proc/net/dev`)100         sleep 2101         traffic_af=(`awk -v eth=$eth -F[: ]+ {if ($0 ~eth){print $3,$11}} /proc/net/dev`)102         #计算速率103         eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/2 ))104         eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/2 ))105         #计算流量峰值106         [[ $eth_in -gt $eth_in_peak ]] && eth_in_peak=$eth_in107         [[ $eth_out -gt $eth_out_peak ]] && eth_out_peak=$eth_out108         #移动光标到2:1109         printf "\033[2;1H"110         #清除当前行111         printf "\033[K"  112         printf "%-20s %-20s\n" "Receive:  $(bit_to_human_readable $eth_in)" "$(bit_to_human_readable $eth_in_peak)"113         #清除当前行114         printf "\033[K"115         printf "%-20s %-20s\n" "Transmit: $(bit_to_human_readable $eth_out)" "$(bit_to_human_readable $eth_out_peak)"116         [[ $clear == true ]] && clear=false117     done118 }119 120 #流量和连接概览121 trafficAndConnectionOverview(){122     if ! which tcpdump > /dev/null;then123         echo "tcpdump not found,going to install it."124         if check_package_manager apt;then125             apt-get -y install tcpdump126         elif check_package_manager yum;then127             yum -y install tcpdump128         fi129     fi130 131     local reg=""132     local eth=""133     local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`)134     local nicLen=${#nic_arr[@]}135     if [[ $nicLen -eq 0 ]]; then136         echo "sorry,I can not detect any network device,please report this issue to author."137         exit 1138     elif [[ $nicLen -eq 1 ]]; then139         eth=$nic_arr140     else141         display_menu nic142         eth=$nic143     fi144 145     echo "please wait for 20s to generate network data..."146     echo147     #当前流量值148     local traffic_be=(`awk -v eth=$eth -F[: ]+ {if ($0 ~eth){print $3,$11}} /proc/net/dev`)149     #tcpdump监听网络150     tcpdump -v -i $eth -tnn > /tmp/tcpdump_temp 2>&1 &151     sleep 20152     clear153     kill `ps aux | grep tcpdump | grep -v grep | awk {print $2}`154 155     #10s后流量值156     local traffic_af=(`awk -v eth=$eth -F[: ]+ {if ($0 ~eth){print $3,$11}} /proc/net/dev`)157     #打印10s平均速率158     local eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/10 ))159     local eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/10 ))160     echo -e "\033[32mnetwork device $eth average traffic in 10s: \033[0m"161     echo "$eth Receive: $(bit_to_human_readable $eth_in)/s"162     echo "$eth Transmit: $(bit_to_human_readable $eth_out)/s"163     echo164 165     local regTcpdump=$(ifconfig | grep -A 1 $eth | awk -F[: ]+ $0~/inet addr:/{printf $4"|"} | sed -e s/|$// -e s/^/(/ -e s/$/)\\\\\.[0-9]+:/)166  167     #新旧版本tcpdump输出格式不一样,分别处理168     if awk /^IP/{print;exit} /tmp/tcpdump_temp | grep -q ")$";then169         #处理tcpdump文件170         awk /^IP/{print;getline;print} /tmp/tcpdump_temp > /tmp/tcpdump_temp2171     else172         #处理tcpdump文件173         awk /^IP/{print} /tmp/tcpdump_temp > /tmp/tcpdump_temp2174         sed -i -r s#(.*: [0-9]+\))(.*)#\1\n    \2# /tmp/tcpdump_temp2175     fi176    177     awk {len=$NF;sub(/\)/,"",len);getline;print $0,len} /tmp/tcpdump_temp2 > /tmp/tcpdump178 179     #统计每个端口在10s内的平均流量180     echo -e "\033[32maverage traffic in 10s base on server port: \033[0m"181     awk -F[ .:]+ -v regTcpdump=$regTcpdump {if ($0 ~ regTcpdump){line="clients > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > clients"};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}} /tmp/tcpdump | 182     sort -k 4 -nr | head -n 10 | while read a b c d;do183         echo "$a $b $c $(bit_to_human_readable $d)/s"184     done185     echo -ne "\033[11A"186     echo -ne "\033[50C"187     echo -e "\033[32maverage traffic in 10s base on client port: \033[0m"188     awk -F[ .:]+ -v regTcpdump=$regTcpdump {if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > server"}else{line="server > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}} /tmp/tcpdump | 189     sort -k 4 -nr | head -n 10 | while read a b c d;do190             echo -ne "\033[50C"191             echo "$a $b $c $(bit_to_human_readable $d)/s"192     done  193        194     echo195 196     #统计在10s内占用带宽最大的前10个ip197     echo -e "\033[32mtop 10 ip average traffic in 10s base on server: \033[0m"198     awk -F[ .:]+ -v regTcpdump=$regTcpdump {if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}} /tmp/tcpdump | 199     sort -k 4 -nr | head -n 10 | while read a b c d;do200         echo "$a $b $c $(bit_to_human_readable $d)/s"201     done202     echo -ne "\033[11A"203     echo -ne "\033[50C"204     echo -e "\033[32mtop 10 ip average traffic in 10s base on client: \033[0m"205     awk -F[ .:]+ -v regTcpdump=$regTcpdump {if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11}else{line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}} /tmp/tcpdump | 206     sort -k 4 -nr | head -n 10 | while read a b c d;do207         echo -ne "\033[50C"208         echo "$a $b $c $(bit_to_human_readable $d)/s"209     done210 211     echo212     #统计连接状态213     local regSS=$(ifconfig | grep -A 1 $eth | awk -F[: ]+ $0~/inet addr:/{printf $4"|"} | sed -e s/|$//)214     ss -an | grep -v -E "LISTEN|UNCONN" | grep -E "$regSS" > /tmp/ss215     echo -e "\033[32mconnection state count: \033[0m"216     awk NR>1{sum[$(NF-4)]+=1}END{for (state in sum){print state,sum[state]}} /tmp/ss | sort -k 2 -nr217     echo218     #统计各端口连接状态219     echo -e "\033[32mconnection state count by port base on server: \033[0m"220     awk NR>1{sum[$(NF-4),$(NF-1)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}} /tmp/ss | sort -k 3 -nr | head -n 10  221     echo -ne "\033[11A"222     echo -ne "\033[50C"223     echo -e "\033[32mconnection state count by port base on client: \033[0m"224     awk NR>1{sum[$(NF-4),$(NF)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}} /tmp/ss | sort -k 3 -nr | head -n 10 | awk {print "\033[50C"$0}  225     echo  226     #统计端口为80且状态为ESTAB连接数最多的前10个IP227     echo -e "\033[32mtop 10 ip ESTAB state count at port 80: \033[0m"228     cat /tmp/ss | grep ESTAB | awk -F[: ]+ {sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}} | sort -k 2 -nr | head -n 10229     echo230     #统计端口为80且状态为SYN-RECV连接数最多的前10个IP231     echo -e "\033[32mtop 10 ip SYN-RECV state count at port 80: \033[0m"232     cat /tmp/ss | grep -E "$regSS" | grep SYN-RECV | awk -F[: ]+ {sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}} | sort -k 2 -nr | head -n 10233 }234 235 main(){236     while true; do237         echo -e "1) real time traffic.\n2) traffic and connection overview.\n"238         read -p "please input your select(ie 1): " select239         case  $select in240             1) realTimeTraffic;break;;241             2) trafficAndConnectionOverview;break;;242             *) echo "input error,please input a number.";;243         esac244     done  245 }246 247 main

 

sehll流量检测脚本