Linux下统计局域网流量1:统计10.86.0.0/16网段的内网流量情况将下面脚本保存成文件traffic-lan.sh(运行后需要等待10秒抓包)tcpdump -nqt src net 10.86.0.0/16 and dst net ! 10.86.0.0/16 > /tmp/tcpdump_temp 2>&1 &sleep 10kill `ps aux | grep tcpdump | grep -v grep | awk "{print $2}"`#awk "{s[$2] += $6}END{ for(i in s){print i, s[i] } }" /tmp/tcpdump_tempcat /tmp/tcpdump_temp|grep "IP " |awk -F"[. ]" "{s[$2"."$3"."$4"."$5]+=$14}END{for(i in s){print i" "s[i]}}" |sort -n -r -k 2 2:统计到外网IP的流量情况将下面脚本保存成文件traffic-wan.sh(运行后需要等待10秒抓包)tcpdump -nqt src net 10.86.0.0/16 and dst net ! 10.86.0.0/16 > /tmp/tcpdump_temp 2>&1 &sleep 10kill `ps aux | grep tcpdump | grep -v grep | awk "{print $2}"`#awk "{s[$2] += $6}END{ for(i in s){print i, s[i] } }" /tmp/tcpdump_tempcat /tmp/tcpdump_temp|grep "IP " |awk -F"[. ]" "{s[$8"."$9"."$10"."$11]+=$14}END{for(i in s){if(s[i]>0)print i" "s[i] fi}}" |sort -n -r -k 2 3:可以统计UDP的改进版本tcpdump -i ens3 -nqt src net 10.86.0.0/16 and dst net ! 10.86.0.0/16|sed "s/.[0-9]+s>//g"|sed "s/.[0-9]+://g"|sed "s/, length//g"> /tmp/tcpdump_temp 2>&1 &sleep 5kill `ps aux | grep tcpdump | grep -v grep | awk "{print $2}"`cat /tmp/tcpdump_temp|awk "{s[$3]+=$5}END{for(i in s){if(s[i]>0)print i" "s[i] fi}}"|sort -n -r -k 2echo "finish."4:后来发现iftop也可以完成类似功能iftop -o destination -t -s 1 -L 105:找出发出流量最大的iftop -nNP -o destination -t -s 3 -L 1本文永久更新链接地址
易网时代-编程资源站