#!/bin/bash # 远程服务器列表,以空格间隔,如IP1 IP2 SERVERS_IP="21.254.176.3 21.254.176.135 21.254.176.144 21.254.176.138 21.254.176.146 21.254.176.141 21.254.176.145 21.254.178.2 21.254.178.15 21.254.178.3 21.254.178.17 21.254.176.70 21.254.176.93 21.254.178.33 21.254.178.34 21.254.178.35 21.254.178.58 21.254.176.71 21.254.176.94 21.254.178.12 21.254.178.14 21.254.177.71 21.254.177.131 21.254.177.72 21.254.177.132 21.254.178.11 21.254.178.16 21.254.177.130 21.254.177.70" USERNAME=root if [ "$#" != "1" ];then echo "USAGE:$0 [start|stop|download]" exit 1 fi # 登陆远程服务器,开启tcpdump命令 function start() { for ip in $SERVERS_IP do nohup ssh $USERNAME@$ip "tcpdump -i eth1 -s 0 -w $ip.cap" > /dev/null 2> error.log & echo "$ip抓包开始............................" done echo "远程服务器抓包已全部开启" } # 登陆远程服务器,停止tcpdump命令 function stop() { for ip in $SERVERS_IP do nohup ssh $USERNAME@$ip 'PID=`ps -ef | grep tcpdump | grep -v grep | awk "{print $2}"`;kill -9 $PID' > /dev/null 2> error.log & echo "$ip抓包停止............................" done echo "远程服务器抓包已全部停止" } # 下载远程服务器的CAP到本地 function download() { for ip in $SERVERS_IP do echo "$ip.cap开始下载............................" scp $USERNAME@$ip:/root/$ip.cap . done echo "远程服务器抓包已全部下载" } function test() { echo "远程服务器tcpdump进程判断开始" >> tcpdump.log for ip in $SERVERS_IP do echo "${ip}tcpdump进程是否杀掉............................" >> tcpdump.log nohup ssh $USERNAME@$ip "ps -ef | grep tcpdump | grep -v grep" >> tcpdump.log 2> error.log & sleep 1 done echo "远程服务器tcpdump进程判断结束" >> tcpdump.log } case $1 in start) start ;; stop) stop ;; download) download ;; test) test ;; *) echo "参数错误" ;; esac