linux流量统计脚本

释放双眼,带上耳机,听听看~!

**linux流量统计脚本:**linux怎么使用脚本来统计流量呢?希望下面的文章对大家有所帮助。


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
1#!/bin/bash
2
3#write by zhumaohai(admin#centos.bz)
4#author blog: www.centos.bz
5
6
7#显示菜单(单选)
8display_menu(){
9local soft=$1
10local prompt="which ${soft} you'd select: "
11eval local arr=(\${${soft}_arr[@]})
12while true
13do
14    echo -e "#################### ${soft} setting ####################\n\n"
15    for ((i=1;i<=${#arr[@]};i++ )); do echo -e "$i) ${arr[$i-1]}"; done
16    echo
17    read -p "${prompt}" $soft
18    eval local select=\$$soft
19    if [ "$select" == "" ] || [ "${arr[$soft-1]}" == ""  ];then
20        prompt="input errors,please input a number: "
21    else
22        eval $soft=${arr[$soft-1]}
23        eval echo "your selection: \$$soft"            
24        break
25    fi
26done
27}
28
29#把带宽bit单位转换为人类可读单位
30bit_to_human_readable(){
31    #input bit value
32    local trafficValue=$1
33
34    if [[ ${trafficValue%.*} -gt 922 ]];then
35        #conv to Kb
36        trafficValue=`awk -v value=$trafficValue 'BEGIN{printf "%0.1f",value/1024}'`
37        if [[ ${trafficValue%.*} -gt 922 ]];then
38            #conv to Mb
39            trafficValue=`awk -v value=$trafficValue 'BEGIN{printf "%0.1f",value/1024}'`
40            echo "${trafficValue}Mb"
41        else
42            echo "${trafficValue}Kb"
43        fi
44    else
45        echo "${trafficValue}b"
46    fi
47}
48
49#判断包管理工具
50check_package_manager(){
51    local manager=$1
52    local systemPackage=''
53    if cat /etc/issue | grep -q -E -i "ubuntu|debian";then
54        systemPackage='apt'
55    elif cat /etc/issue | grep -q -E -i "centos|red hat|redhat";then
56        systemPackage='yum'
57    elif cat /proc/version | grep -q -E -i "ubuntu|debian";then
58        systemPackage='apt'
59    elif cat /proc/version | grep -q -E -i "centos|red hat|redhat";then
60        systemPackage='yum'
61    else
62        echo "unkonw"
63    fi
64
65    if [ "$manager" == "$systemPackage" ];then
66        return 0
67    else
68        return 1
69    fi  
70}
71
72
73#实时流量
74realTimeTraffic(){
75    local eth=""
76    local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`)
77    local nicLen=${#nic_arr[@]}
78    if [[ $nicLen -eq 0 ]]; then
79        echo "sorry,I can not detect any network device,please report this issue to author."
80        exit 1
81    elif [[ $nicLen -eq 1 ]]; then
82        eth=$nic_arr
83    else
84        display_menu nic
85        eth=$nic
86    fi  
87
88    local clear=true
89    local eth_in_peak=0
90    local eth_out_peak=0
91    local eth_in=0
92    local eth_out=0
93
94    while true;do
95        #移动光标到0:0位置
96        printf "\033[0;0H"
97        #清屏并打印Now Peak
98        [[ $clear == true ]] && printf "\033[2J" && echo "$eth--------Now--------Peak-----------"
99        traffic_be=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`)
100        sleep 2
101        traffic_af=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`)
102        #计算速率
103        eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/2 ))
104        eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/2 ))
105        #计算流量峰值
106        [[ $eth_in -gt $eth_in_peak ]] && eth_in_peak=$eth_in
107        [[ $eth_out -gt $eth_out_peak ]] && eth_out_peak=$eth_out
108        #移动光标到2:1
109        printf "\033[2;1H"
110        #清除当前行
111        printf "\033[K"  
112        printf "%-20s %-20s\n" "Receive:  $(bit_to_human_readable $eth_in)" "$(bit_to_human_readable $eth_in_peak)"
113        #清除当前行
114        printf "\033[K"
115        printf "%-20s %-20s\n" "Transmit: $(bit_to_human_readable $eth_out)" "$(bit_to_human_readable $eth_out_peak)"
116        [[ $clear == true ]] && clear=false
117    done
118}
119
120#流量和连接概览
121trafficAndConnectionOverview(){
122    if ! which tcpdump > /dev/null;then
123        echo "tcpdump not found,going to install it."
124        if check_package_manager apt;then
125            apt-get -y install tcpdump
126        elif check_package_manager yum;then
127            yum -y install tcpdump
128        fi
129    fi
130
131    local reg=""
132    local eth=""
133    local nic_arr=(`ifconfig | grep -E -o "^[a-z0-9]+" | grep -v "lo" | uniq`)
134    local nicLen=${#nic_arr[@]}
135    if [[ $nicLen -eq 0 ]]; then
136        echo "sorry,I can not detect any network device,please report this issue to author."
137        exit 1
138    elif [[ $nicLen -eq 1 ]]; then
139        eth=$nic_arr
140    else
141        display_menu nic
142        eth=$nic
143    fi
144
145    echo "please wait for 10s to generate network data..."
146    echo
147    #当前流量值
148    local traffic_be=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`)
149    #tcpdump监听网络
150    tcpdump -v -i $eth -tnn > /tmp/tcpdump_temp 2>&1 &
151    sleep 10
152    clear
153    kill `ps aux | grep tcpdump | grep -v grep | awk '{print $2}'`
154
155    #10s后流量值
156    local traffic_af=(`awk -v eth=$eth -F'[: ]+' '{if ($0 ~eth){print $3,$11}}' /proc/net/dev`)
157    #打印10s平均速率
158    local eth_in=$(( (${traffic_af[0]}-${traffic_be[0]})*8/10 ))
159    local eth_out=$(( (${traffic_af[1]}-${traffic_be[1]})*8/10 ))
160    echo -e "\033[32mnetwork device $eth average traffic in 10s: \033[0m"
161    echo "$eth Receive: $(bit_to_human_readable $eth_in)/s"
162    echo "$eth Transmit: $(bit_to_human_readable $eth_out)/s"
163    echo
164
165    local regTcpdump=$(ifconfig | grep -A 1 $eth | awk -F'[: ]+' '$0~/inet addr:/{printf $4"|"}' | sed -e 's/|$//' -e 's/^/(/' -e 's/$/)\\\\\.[0-9]+:/')
166
167    #新旧版本tcpdump输出格式不一样,分别处理
168    if awk '/^IP/{print;exit}' /tmp/tcpdump_temp | grep -q ")$";then
169        #处理tcpdump文件
170        awk '/^IP/{print;getline;print}' /tmp/tcpdump_temp > /tmp/tcpdump_temp2
171    else
172        #处理tcpdump文件
173        awk '/^IP/{print}' /tmp/tcpdump_temp > /tmp/tcpdump_temp2
174        sed -i -r 's#(.*: [0-9]+\))(.*)#\1\n    \2#' /tmp/tcpdump_temp2
175    fi
176
177    awk '{len=$NF;sub(/\)/,"",len);getline;print $0,len}' /tmp/tcpdump_temp2 > /tmp/tcpdump
178
179    #统计每个端口在10s内的平均流量
180    echo -e "\033[32maverage traffic in 10s base on server port: \033[0m"
181    awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line="clients > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > clients"};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \
182    sort -k 4 -nr | head -n 10 | while read a b c d;do
183        echo "$a $b $c $(bit_to_human_readable $d)/s"
184    done
185    echo -ne "\033[11A"
186    echo -ne "\033[50C"
187    echo -e "\033[32maverage traffic in 10s base on client port: \033[0m"
188    awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > server"}else{line="server > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \
189    sort -k 4 -nr | head -n 10 | while read a b c d;do
190            echo -ne "\033[50C"
191            echo "$a $b $c $(bit_to_human_readable $d)/s"
192    done  
193
194    echo
195
196    #统计在10s内占用带宽最大的前10个ip
197    echo -e "\033[32mtop 10 ip average traffic in 10s base on server: \033[0m"
198    awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12}else{line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \
199    sort -k 4 -nr | head -n 10 | while read a b c d;do
200        echo "$a $b $c $(bit_to_human_readable $d)/s"
201    done
202    echo -ne "\033[11A"
203    echo -ne "\033[50C"
204    echo -e "\033[32mtop 10 ip average traffic in 10s base on client: \033[0m"
205    awk -F'[ .:]+' -v regTcpdump=$regTcpdump '{if ($0 ~ regTcpdump){line=$2"."$3"."$4"."$5":"$6" > "$8"."$9"."$10"."$11}else{line=$2"."$3"."$4"."$5" > "$8"."$9"."$10"."$11":"$12};sum[line]+=$NF*8/10}END{for (line in sum){printf "%s %d\n",line,sum[line]}}' /tmp/tcpdump | \
206    sort -k 4 -nr | head -n 10 | while read a b c d;do
207        echo -ne "\033[50C"
208        echo "$a $b $c $(bit_to_human_readable $d)/s"
209    done
210
211    echo
212    #统计连接状态
213    local regSS=$(ifconfig | grep -A 1 $eth | awk -F'[: ]+' '$0~/inet addr:/{printf $4"|"}' | sed -e 's/|$//')
214    ss -an | grep -v -E "LISTEN|UNCONN" | grep -E "$regSS" > /tmp/ss
215    echo -e "\033[32mconnection state count: \033[0m"
216    awk 'NR>1{sum[$(NF-4)]+=1}END{for (state in sum){print state,sum[state]}}' /tmp/ss | sort -k 2 -nr
217    echo
218    #统计各端口连接状态
219    echo -e "\033[32mconnection state count by port base on server: \033[0m"
220    awk 'NR>1{sum[$(NF-4),$(NF-1)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}}' /tmp/ss | sort -k 3 -nr | head -n 10  
221    echo -ne "\033[11A"
222    echo -ne "\033[50C"
223    echo -e "\033[32mconnection state count by port base on client: \033[0m"
224    awk 'NR>1{sum[$(NF-4),$(NF)]+=1}END{for (key in sum){split(key,subkey,SUBSEP);print subkey[1],subkey[2],sum[subkey[1],subkey[2]]}}' /tmp/ss | sort -k 3 -nr | head -n 10 | awk '{print "\033[50C"$0}'  
225    echo  
226    #统计端口为80且状态为ESTAB连接数最多的前10个IP
227    echo -e "\033[32mtop 10 ip ESTAB state count at port 80: \033[0m"
228    cat /tmp/ss | grep ESTAB | awk -F'[: ]+' '{sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}}' | sort -k 2 -nr | head -n 10
229    echo
230    #统计端口为80且状态为SYN-RECV连接数最多的前10个IP
231    echo -e "\033[32mtop 10 ip SYN-RECV state count at port 80: \033[0m"
232    cat /tmp/ss | grep -E "$regSS" | grep SYN-RECV | awk -F'[: ]+' '{sum[$(NF-2)]+=1}END{for (ip in sum){print ip,sum[ip]}}' | sort -k 2 -nr | head -n 10
233}
234
235main(){
236    while true; do
237        echo -e "1) real time traffic.\n2) traffic and connection overview.\n"
238        read -p "please input your select(ie 1): " select
239        case  $select in
240            1) realTimeTraffic;break;;
241            2) trafficAndConnectionOverview;break;;
242            *) echo "input error,please input a number.";;
243        esac
244    done  
245}
246
247main
248

给TA打赏
共{{data.count}}人
人已打赏
安全运维

Kafka实战(二) - 摸清 Kafka 的"黑话"

2021-12-12 17:36:11

安全运维

OpenSSH-8.8p1离线升级修复安全漏洞

2022-1-9 9:47:55

个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索