目录
1.ping脚本
1.1批量ping和tcpping文件中ip
#!/bin/bash
# ping and tcpping ip or domain name in file
ip_file=$1
while :;do
for i in $(cat $ip_file);do
ip=$(echo $i|awk -F'#' '{print $2}')
ping -c 3 $ip >/dev/null
status1=$(echo $?)
status2=$(tcpping $ip -p 53 -c 1 |tr '
' ';'|awk '{if($1=="OK")print "0" ;else print "1" }') 2>/dev/null
if [ "$status1" -ne 0 ] || [ "$status2" -ne 0 ];then
cdn_name=$(echo $i|awk -F'#' '{print $1}')
if [ "$status1" -ne 0 ] && [ "$status2" -ne 0 ];then
python /root/ping_to_mail.py "$cdn_name$ip Server Ping and Tcpping 53 Port is down"
echo "$ip:status1:$status1 - $i:status2:$status2"
elif [ "$status1" -ne 0 ];then
python /root/ping_to_mail.py "$cdn_name$ip Server Ping is down"
echo "$ip:status1:$status1"
else
python /root/ping_to_mail.py "$cdn_name$ip Server Tcpping 53 Port is down "
echo "$ip:status2:$status2"
fi
fi
done
sleep 180
done
1.2批量ping IP的成功率和丢包率
#!/bin/bash
#参数1 IP地址文件
ip_file=$1
#参数2 ping包个数
pingCount=$2
#脚本里修改并发线程
THREAD=8
TMPFIFO=/tmp/$$.fifo
mkfifo $TMPFIFO
exec 5<>${TMPFIFO}
rm -rf ${TMPFIFO}
for (( i=1 ; i<=$THREAD ; i++ ))
do
echo ;
done >&5
pingIP(){
ip=$1
count=$2
ping ${ip} -i 0.01 -W 3 -c ${count} >/tmp/${ip}_ 2>/tmp/${ip}_
}
cat ${ip_file} |while read i
do
read -u5
{
pingIP $i $pingCount
C_pkt=`cat /tmp/${i}_ |grep 'packets transmitted' |tr ',' '
'|grep 'packets transmitted'|awk '{ print $1}'`
R_pkt=`cat /tmp/${i}_ |grep 'packets transmitted' |tr ',' '
'|grep 'received'|awk '{ print $1}'`
L_pkt=`cat /tmp/${i}_ |grep 'packets transmitted' |tr ',' '
'|grep 'packet loss'|awk '{ print $1}'`
pd=`echo "${i}" |grep -E "([0-9]{1,3}.){3}[0-9]{1,3}"`
if [ -z ${pd} ];then
domain_ip=`cat /tmp/${i}_ |grep 'PING' |awk -F['('] '{ print $2}' |awk -F[')'] '{ print $1}'`
if [ $L_pkt == "100%" ];then
echo "${i}(${domain_ip}) result:$C_pkt $R_pkt $L_pkt| ERROR "
else
echo "${i}(${domain_ip}) result:$C_pkt $R_pkt $L_pkt|`cat /tmp/${i}_ |grep '/avg/' | awk -F['/'] '{ print $5}'` ms"
fi
else
if [ $L_pkt == "100%" ];then
echo "${i} result:$C_pkt $R_pkt $L_pkt| ERROR "
else
echo "${i} result:$C_pkt $R_pkt $L_pkt|`cat /tmp/${i}_ |grep '/avg/' | awk -F['/'] '{ print $5}'` ms"
fi
fi
echo "" >&5
}&
done
wait
exec 5>&-
while true
do
pingproc=`ps -ef|grep "$0" |grep -v 'grep' |grep -v 'vim'|awk '{ print $2}' |wc -l`
if [ $pingproc -le 2 ];then
echo "$0 $1 $2 Finish!"
rm -rf /tmp/*_
break
fi
done
2解析脚本
2.1循环解析某些域名,将结果存入日志中
#!/bin/bash
TestDomains="www.qq.com www.baidu.com www.taobao.com www.jd.com www.sina.com.cn"
device_ip=$1
pwd_dir="/opt"
logfile="$pwd_dir/monitor_${device_ip}.log"
size=`du -sh $logfile|awk -F'M' '{print $1}'`
checkrs() {
for i in ${TestDomains[@]}
do
now=`date +"%Y-%m-%d %H:%M:%S"`
DNSUP=`dig +time=1 +retry=0 +short @$device_ip $i |grep [0-9]$|wc -l`
if [ 0 -ge $DNSUP ]; then
echo "$now|ERROR $i" >>$logfile
else
echo "$now|$device_ip $i success" >> $logfile
fi
if [ $size -ge 900 ];then
> $logfile
fi
done
}
while :; do
checkrs
sleep 3
done
2.2查询ip的归属地
#!/bin/bash
ip_file=$1
while read i;do
ip=`echo $i | awk '{print $1}'`
# addr=`echo $i |awk '{print $2}'`
url="http://opendata.baidu.com/api.php?query=${ip}&co=&resource_id=6006&t=1412300361645&ie=utf8&oe=gbk&cb=op_aladdin_callback&format=json&tn=baidu&cb=jQuery1102026811896078288555_1412299994977&_=1412299994981"
path=`curl -s $url |iconv -fgb2312 -t utf-8|awk -F: '{ print $6}' |awk -F["] '{ print $2}'`
echo "${i} ${path}"
done<$ip_file
2.3解析域名取出命中的地址
#!/bin/bash
domain=$1
for i in $(cat $domain);do
a=`dig +short $i|grep -E "([0-9]{1,3}.){3}[0-9]{1,3}" |awk 'NR==1'`
if [ ! -z $a ];then
echo "$a" "$i"
fi
done
2.4查看ip经过的路由
#!/bin/bash
ip=$1
for i in $(cat $ip);do
status1=`traceroute -m 9 $i|grep -E '([0-9]{1,3}.){3}[0-9]{1,3}'|awk '{print $2}'|grep -E -v '[a-z]'|tr '
' ';'`
echo "$i""|trace地址:""$status1"
done
#!/bin/bash
domain=$1
for i in $(cat $domain);do
status1=`mtr -r -c 1 $i|awk '{print $2}'|grep -E '([0-9]{1,3}.){3}[0-9]{1,3}'|tr '
' ';'`
echo "$i" "$status1"
done
3其他脚本
3.1实时查看网卡流量
#!/bin/bash
#传入网卡名字
ethn=$1
#RX表示网卡流入流量,TX表示网卡流出流量
while true
do
RX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}')
TX_pre=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}')
sleep 1
RX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $2}')
TX_next=$(cat /proc/net/dev | grep $ethn | sed 's/:/ /g' | awk '{print $10}')
clear
echo -e " RX `date +%k:%M:%S` TX"
RX=$((${RX_next}-${RX_pre}))
TX=$((${TX_next}-${TX_pre}))
if [[ $RX -lt 1024 ]];then
RX="${RX}B/s"
elif [[ $RX -gt 1048576 ]];then
RX=$(echo $RX | awk '{print $1/1048576 "MB/s"}')
else
RX=$(echo $RX | awk '{print $1/1024 "KB/s"}')
fi
if [[ $TX -lt 1024 ]];then
TX="${TX}B/s"
elif [[ $TX -gt 1048576 ]];then
TX=$(echo $TX | awk '{print $1/1048576 "MB/s"}')
else
TX=$(echo $TX | awk '{print $1/1024 "KB/s"}')
fi
echo -e "$ethn $RX $TX "
done
3.2多线程执行任务
#!/bin/bash
#文件路径
filepath=$1
#声明并发线程并发个数,这个是此应用的关键,也就是设置管道的最大任务数
THREAD=2
TMPFIFO=/tmp/$$.fifo
mkfifo $TMPFIFO
exec 5<>${TMPFIFO}
rm -rf ${TMPFIFO}
for (( i=1 ; i<=$THREAD ; i++ ))
do
echo ;
done >&5
if [ ! -f $2 ];then
touch $2
fi
start_date=`date +%s`
#需多线程执行的文本,循环
for i in `cat ${filepath}`
do
read -u5
{
#填入你要对 $i 执行的操作
echo "" >&5
} &
done
wait
exec 5>&-
end_date=`date +%s`
echo "域名解析所用总时间:`expr $end_date - $start_date`S"
exit 0
3.3DNS配置文件list增加域名
#!/bin/bash
# add.sh 要插入的文件名
# add.sh example.file
# 域名所在目录
dir="/var/named/domain"
# 待添加域名列表文件
add_file="$dir/domain.txt"
# 重复域名输出文件
add_err="$dir/add.err"
# 获取插入格式
line=`grep ^zone $1 | tail -n 1`
# 插入日期标签
dmark=`date +"%Y-%m-%d %H:%M:%S"`
cat $1 | grep "################$dmark##########" &> /dev/null
if [ ! "$?" -eq "0" ]
then
echo "################$dmark##########" >> $1
fi
# 第一层循环,读取待插入列表文件中的一个域名。
for add_dname in `cat $add_file`
do
# 重复标记
mark=false
# 第二层循环,获取当前目录下的所有域名文件。
for fname in `ls $dir/*.list /var/named/web/*`
do
# 第三层循环,获取当前域名文件中的记录。
for dname in `awk -F'"' '{print $2}' $fname`
do
if [[ $add_dname = $dname ]]
then
mark=true
echo "$add_dname ---->> $fname" >> $add_err
fi
done
done
# 有重复记录,跳过此次循环,没有重复记录就插入
if [[ $mark = "true" ]]
then
continue
else
# 插入记录.
a=`echo $line | awk -F'"' -v n="$add_dname" '{print $1,""",n,""",$3}'`
# 去掉域名前后的空格
echo $a | sed "s/ $add_dname /$add_dname/" >> $1
fi
done
4python脚本
4.1把带掩码位的ip拆分为集体地址
带掩码位ip实例(192.168.5.1/24)
#!/usr/bin/python
# -*- coding: utf-8 -*-
import IPy
import sys
from multiprocessing import Pool
#ip段地址文件
ips_file="C:\UsersAdministratorDesktopIPS.txt"
#ip段解析文件
save_file="C:\UsersAdministratorDesktopIPS_result.txt"
def write_to_txt(addr):
with open(save_file, 'a+') as fw:
txt = str(addr)
fw.write(txt + '
')
if __name__ == "__main__" :
pool = Pool(8)
ip_set=set()
with open(ips_file,'r') as fr:
for line in fr:
if line != '':
line = line.strip('
')
try:
ips = IPy.IP(line, make_net=True)
except Exception as e:
print(e)
print('ERROR:'+line)
continue
for i in ips:
ip_list = str(i).split('.')
ip_d = ip_list[0]+'.'+ip_list[1]+'.'+ip_list[2]+'.'+ip_list[3]
ip_set.add(ip_d)
else:
continue
for j in ip_set:
print(j)
write_to_txt(j)
pool.close()
pool.join()
4.2分析抓包文件并汇总为excel
#coding=utf-8
import datetime
import os
import pyshark
import sys
import time
from multiprocessing import Process, Pool
import xlwt
def get_count(pcapfile,filter):
num = 0
cap = pyshark.FileCapture(pcapfile, display_filter=filter)
for pkt in cap:
num += 1
cap.close()
return num
def get_Result(pcapfile,excel_dict):
print(pcapfile)
time_start = time.time()
f_name = filename_formate(os.path.basename(pcapfile))
f_split = f_name.split('-')
#局点名称
judian_name = f_split[0]
#出口名称
chukou_name = f_split[1]
#出口总带宽
chukou_cont = f_split[2]
#负出口载
chukou_fz = f_split[3]
#报文总数
num = get_count(pcapfile,filter='');
# 长度大于1300的报文
count = get_count(pcapfile,filter='frame.len >=1300');
# 长度大于1300的TCP报文
tcp_cont = get_count(pcapfile,filter='frame.len >=1300 && tcp');
# 长度大于1300的UDP报文
udp_cont = get_count(pcapfile,filter='frame.len >=1300 && udp');
# 重传大于1300的报文
tar_cont = get_count(pcapfile,filter='tcp.analysis.retransmission && tcp.len >=1300');
# 乱序大于1300的报文
tao_cont = get_count(pcapfile,filter='tcp.analysis.out_of_order && tcp.len >=1300');
# 重发大于1300的报文
tad_cont = get_count(pcapfile,filter='tcp.analysis.duplicate_ack && tcp.len >=1300');
time_end = time.time()
content = "**********"+str(pcapfile)+"***********
"
"报文总数:"+str(num)+"
"
"长度大于1300的TCP报文:"+str(tcp_cont)+"
"
"长度大于1300的UDP报文:"+str(udp_cont)+"
"
"长度大于1300的报文:" + str(count) + "
"
"重传大于1300的报文:"+str(tar_cont)+"
"
"乱序大于1300的报文:"+str(tao_cont)+"
"
"重发大于1300的报文:"+str(tad_cont)+"
"
"date:"+(str(time_end - time_start))+"
"
"*************************************************************"
print(content);
list1 = [chukou_name, float(chukou_cont), float(chukou_fz), int(num), int(tcp_cont), int(udp_cont), int(count), int(tar_cont), int(tao_cont), int(tad_cont)]
update_dict(excel_dict=excel_dict,judian_name=judian_name,list1=list1)
#print('字典:', excel_dict, "
")
def filename_formate(name):
name = name.replace(' ', '')
if '(' in name or '(' in name :
name = name.replace('(','')
name = name.replace('(','')
if ')' in name or ')' in name :
name = name.replace(')', '-')
name = name.replace(')', '-')
if '--' in name :
name = name.replace('--','-')
return name
def update_dict(excel_dict,judian_name,list1):
if judian_name in excel_dict :
lists = excel_dict[judian_name]
lists.append(list1)
excel_dict[judian_name] = lists
else:
lists = []
lists.append(list1)
excel_dict[judian_name] = lists
def import_excel(excel_dict,save_exel,save_name):
ws = xlwt.Workbook(encoding = 'utf-8')
table = ws.add_sheet('出口抓包分析_' + save_name)
styleBlueBkg = xlwt.easyxf(' font: bold on;')
borders = xlwt.Borders() #设置边框线
borders.left = 1 #左边框
borders.right = 1 #右边框
borders.top = 1 #上边框
borders.bottom = 1 #下边框
borders.bottom_colour = 0x3A # 边框线颜色
style = xlwt.XFStyle()
style.borders = borders
alignment = xlwt.Alignment()
style.alignment.horz = 2 # 水平居中 值为2
style.alignment.vert = 1 # 垂直居中 值为1
style.alignment.wrap = 1 # 自动换行
style.alignment = alignment
table.write(0, 0, '局点', styleBlueBkg)
table.write(0, 1, '出口', styleBlueBkg)
table.col(1).width = 6000
table.write(0, 2, '出口带宽G', styleBlueBkg)
table.col(2).width = 5000
table.write(0, 3, '负载', styleBlueBkg)
table.write(0, 4, '总抓包数', styleBlueBkg)
table.write(0, 5, 'tcp报文', styleBlueBkg)
table.write(0, 6, 'udp报文', styleBlueBkg)
table.write(0, 7, 'len大于1300总包数', styleBlueBkg)
table.col(7).width = 5000
table.write(0, 8, '大于1300重传', styleBlueBkg)
table.col(8).width = 5000
table.write(0, 9, '重传率', styleBlueBkg)
table.write(0, 10, '大于1300乱序', styleBlueBkg)
table.col(10).width = 5000
table.write(0, 11, '乱序率', styleBlueBkg)
table.write(0, 12, '大于1300重发包', styleBlueBkg)
table.col(12).width = 5000
table.write(0, 13, '重发率', styleBlueBkg)
table.write(0, 14, '异常报文总数', styleBlueBkg)
table.col(14).width = 5000
table.write(0, 15, '异常报文比例', styleBlueBkg)
table.col(15).width = 5000
table.write(0, 16, 'TCP报文占比', styleBlueBkg)
table.col(16).width = 5000
table.write(0, 17, 'UDP报文占比', styleBlueBkg)
table.col(17).width = 3000
table.write(0, 18, 'TCP灌水率', styleBlueBkg)
table.col(18).width = 5000
table.write(0, 19, '备注', styleBlueBkg)
ws.save(save_exel)
col = 1
for key,value in excel_dict.items():
judian_name = key
lists = value
judian_int = len(lists)
col_end = col+judian_int - 1
table.write_merge(col , col_end ,0 ,0 , judian_name , style)
for i in lists:
data_list = i
#出口
table.write(col, 1, data_list[0], style)
#出口带宽G
table.write(col, 2, data_list[1], style)
#负载
table.write(col, 3, data_list[2], style)
#总抓包数
table.write(col, 4, data_list[3], style)
#TCP报文
table.write(col, 5, data_list[4], style)
#UDP报文
table.write(col, 6, data_list[5], style)
#Len大于1300总数
table.write(col, 7, data_list[6], style)
#重传数
table.write(col, 8, data_list[7], style)
if data_list[6] != 0:
# 重传率
table.write(col, 9, str(float('%.2f' % ((data_list[7]) / data_list[6] * 100))) + "%", style)
# 乱序率
table.write(col, 11, str(float('%.2f' % ((data_list[8]) / data_list[6] * 100))) + "%", style)
# 重发率
table.write(col, 13, str(float('%.2f' % ((data_list[9]) / data_list[6] * 100))) + "%", style)
# 异常报文比例
table.write(col, 15, str(
float('%.2f' % ((data_list[9] + data_list[8] + data_list[7]) / data_list[6] * 100))) + "%", style)
# TCP报文占比
table.write(col, 16, str(float('%.2f' % ((data_list[4]) / data_list[6] * 100))) + "%", style)
# UDP报文占比
table.write(col, 17, str(float('%.2f' % ((data_list[5]) / data_list[6] * 100))) + "%", style)
else:
table.write(col, 9, str(0.0)+"%" ,style)
table.write(col, 11, str(0.0) + "%", style)
table.write(col, 13, str(0.0) + "%", style)
table.write(col, 15, str(0.0) + "%", style)
table.write(col, 16, str(0.0) + "%", style)
table.write(col, 17, str(0.0) + "%", style)
#乱序数
table.write(col, 10, data_list[8], style)
#重发数
table.write(col, 12, data_list[9], style)
#异常报文数
table.write(col, 14, data_list[9]+data_list[8]+data_list[7],style)
#TCP灌水率
if data_list[4] != 0:
table.write(col, 18, str(float('%.2f' % ((data_list[9]+data_list[8]+data_list[7])/data_list[4]*100)))+"%",style)
else:
table.write(col, 18, str(0.0) + "%", style)
ws.save(save_exel)
col += 1
col = col_end + 1
if __name__ == '__main__':
filedir = sys.argv[1]
# thread_int = sys.argv[2]
save_name = datetime.datetime.now().strftime('%Y%m%d')
save_exel = os.path.join(filedir,"pcap_"+save_name+".xls")
time_start = time.time()
excel_dict = {}
for i in os.listdir(filedir):
filepath = os.path.join(filedir,i)
if os.path.isfile(filepath) and os.path.splitext(i)[1] == '.pcap':
get_Result(filepath,excel_dict)
time_end = time.time()
print('Write to Execl file...')
import_excel(excel_dict,save_exel,save_name)
print('Main Processing End.date:'+(str(time_end - time_start)))
4.3发邮件脚本
#!/usr/bin/python
# -*- coding: UTF-8 -*-
# encoding=utf-8
import time
import os
import smtplib
from email.mime.text import MIMEText
from email.header import Header
DNSNAME='标题'
mail_host="smtp.exmail.qq.com"
mail_user="发送的邮箱"
mail_pass="发送邮箱的密码"
now = int(time.time())
timeStruct = time.localtime(now)
strTime = time.strftime("%Y/%m/%d_%H:%M:%S", timeStruct)
sender = '发送邮箱'
receivers = ['接受邮箱']
msg = os.popen("/root/ComputerInfoToMail.sh")
msgstr=msg.read()
message = MIMEText(str(msgstr), 'plain', 'utf-8')
message['From'] = Header('yybmonitor@net-east.com', 'utf-8')
message['To'] = ";".join(receivers)
subject = DNSNAME+'-发送内容-'+strTime
message['Subject'] = Header(subject, 'utf-8')
try:
smtpObj = smtplib.SMTP()
smtpObj.connect(mail_host, 25)
smtpObj.login(mail_user,mail_pass)
smtpObj.sendmail(sender, receivers, message.as_string())
print "successful!"
except smtplib.SMTPException:
print "Error: Fail!"
4.4查看某个ip属不属于某个运营商的地址段
运营商地址段格式实例:移动#192.168.0.0/24;(可写入文件中)
ip地址格式:192.168.0.1(可写入文件中)
# -*- coding: utf-8 -*-
# coding=utf-8
import sys
import IPy
defaultencoding = 'utf-8'
if sys.getdefaultencoding() != defaultencoding:
reload(sys)
sys.setdefaultencoding(defaultencoding)
def judge_ip(ip, ips):
if IPy.IP(ip).version() == 4:
for i in ips:
ipy_ip = IPy.IP(i)
if ip in ipy_ip:
return True
return False
else:
return False
# CP地址段 文本解析
# 文件内容格式 阿里#113.214.xxx.xxx/24;
def parse_ips(ips_file):
dict_ips = dict()
with open(ips_file, "r+") as fr:
for line in fr:
line = line.strip("
").decode("utf-8")
txt_spli = str(line).split("#")
name = txt_spli[0]
ips_list = str(txt_spli[1]).split(";")
ips_set = set()
for i in ips_list:
if len(i) > 1:
ips_set.add(i)
if name not in dict_ips.keys():
dict_ips[name] = ips_set
else:
tmp_set = dict_ips[name]
tmp_set1 = tmp_set.union(ips_set)
dict_ips[name] = tmp_set1
return dict_ips
if __name__ == "__main__":
CP_file = sys.argv[1]
ip = sys.argv[2]
dict_ips = parse_ips(CP_file)
for key,value in dict_ips.items():
if judge_ip(ip,value):
print ip,key
exit()
print ip,"其他"
执行方法:python 脚本名 运营商地址文件 要查看的ip文件