linux抓包按时间命名,linuxÏÂÀûÓÃtcpdumpʵÏÖ24Сʱ×Ô¶¯×¥°ü

linuxÏÂÀûÓÃtcpdumpʵÏÖ24Сʱ×Ô¶¯×¥°ü

2019/10/10/17:45:33  ÔĶÁ£º1280  À´Ô´£º¹È¸èSEOËã·¨  ±êÇ©£º

ÍÚ¿ó

tcpdumpÄÜ°ïÖúÎÒÃDz¶×½²¢±£´æÍøÂç°ü,±£´æÏÂÀ´µÄÍøÂç°ü¿ÉÓÃÓÚ·ÖÎöÍøÂ縺ÔØÇé¿ö,°ü¿Éͨ¹ýtcpdumpÃüÁî½âÎö,Ò²¿ÉÒÔ±£´æ³Éºó׺ΪpcapµÄÎļþ,ʹÓÃwiresharkµÈÈí¼þ½øÐв鿴£¬ÏÂÃæÎÒÃǾÍÀ´¿´Ò»¸ötcpdumpʵÏÖ24Сʱ×Ô¶¯×¥°üʵÏÖÀý×Ó.

°²×°tcpdump,´úÂëÈçÏÂ:

# yum install tcpdump

½Å±¾ÀïÓÐ×¢ÊÍ#diyµÄ,±íʾÏÂÒ»ÐÐÐè×Ô¶¨ÒåÐÞ¸Ä,½Å±¾¶¼·ÅÔÚhomeĿ¼ÏÂ,crontabÀïд:**/6***/bin/bash/home/monitor_dump.sh

**/6***/bin/bash/home/monitor_disk.sh

¸ù¾Ýµ±´ÅÅÌ¿Õ¼äµÄ´óСºÍÁ÷Á¿µÄ´óСȷ¶¨crontabÀïµÄʱ¼ä¼ä¸ô,Òò¼ÓÁËcrontabҪʱ¼äµ½²ÅÖ´ÐÐ,ΪÁËÏÖÔÚÖ´ÐÐ,¿ÉÖ´ÐÐ:nohup sh /home/monitor_dump.sh &

vi³£ÓÃÃüÁî:

# vi /etc/crontab

insert½øÈë±à¼­×´Ì¬,ESC½øÈëÃüÁî״̬:wq±£´æÍ˳ö:qÍ˳ö,Ð޸ĺóÒªÖ´ÐÐ crontab /etc/crontab.

main_dump.sh (×¥°üµÄÖ÷³ÌÐò),ÿ¸ô1·ÖÖÓͨ¹ýËÀÑ­»·¼ì²â,ÈóÌÐò²»¶ÏµÄÈ¥×¥°ü,¿¼Âǵ½×¥°üµÄ½á¹û¿ÉÄÜÌ«´ó·ÖÎö¹¤¾ßÎÞ·¨´ò¿ª·ÖÎö,ËùÒÔÿ¸öÊý¾Ý°ü´óСÏÞÖÆԼΪ100M.²¢É趨ÁËÇ°Ò»¸ö°ü×¥Íê,¼ä¸ô5Ãë,¿ªÊ¼½øÐÐÏÂÒ»ÂÖ×¥°ü.

ÿÌìµÄÊý¾Ý°ü·ÅÔÚ/dataÏÂÒÔÈÕÆÚÃüÃûµÄĿ¼Èç:/data/2010-03-08£¬²¢½øÐÐѹËõ´æ´¢,°üµÄÃüÁî¸ñʽΪ:yyyy-mm-dd@hhmmss-hhmmss.pcap.gz;ÆäÖÐyyyy-mm-dd±íʾÈÕÆÚ,µÚÒ»¸öhhmmss±íʾ¿ªÊ¼×¥°üµÄʱ·ÖÃë,µÚ¶þ¸öhhmmss±íʾץ°ü½áÊøµÄʱ·ÖÃë,´úÂëÈçÏÂ:#!/bin/bash

#scriptname:/home/main_dump.sh

while:

do

STIME=`date+%F"@"%H%M%S`

DATE_DIR=`date+%F`

if[!-d/data/$DATE_DIR];then

mkdir-p/data/$DATE_DIR

fi

#diy#unit:byte;100MB

MAXSIZE=100000000

#diy

DUMPPID=`ps-ef|grep"tcpdump-ieth0"|greppcap|awk'{print$2}'`

if[!"$DUMPPID"];then

#diy

/usr/sbin/tcpdump-ieth0host113.105.152.180-w/data/$DATE_DIR/$STIME.pcap-s0&

fi

sleep1

#diy

DUMPPID=`ps-ef|grep"tcpdump-ieth0"|greppcap|awk'{print$2}'`

PACKSIZE=`ls-l/data/$DATE_DIR|grep"$STIME.pcap"|awk'{print$5}'`

while["$PACKSIZE"-lt"$MAXSIZE"];do

PACKSIZE=`ls-l/data/$DATE_DIR|grep"$STIME.pcap"|awk'{print$5}'`//phpfensi.com

sleep1m

done

kill-9$DUMPPID

ETIME=`date+%H%M%S`

mv/data/$DATE_DIR/$STIME.pcap/data/$DATE_DIR/$STIME-$ETIME.pcap

gzip/data/$DATE_DIR/*.pcap

sleep5

done

monitor_dump.sh(¼à¿Ø×¥°ü½Å±¾)

ΪÁ˱£Ö¤×¥°üÖ÷³ÌÐòÄܽ¡¿µÔËÐÐ,ͨ¹ýcrontab³ÌÐòÀ´µ÷¶Èmonitor_dump.sh,¼à¿Ø×¥°üÖ÷³ÌÐòÊÇÊÂÕý³£ÔËÐÐ,Èç¹ûûÓÐÔËÐÐ,ÔòÆô¶¯Ëü,´úÂëÈçÏÂ:#!/bin/bash

#scriptname:/home/monitor_dump.sh

DATE_DIR=`date+%F`

STIME=`date+%F"@"%H%M%S`

MAINDUMP=`ps-elf|grepmaindump|grep-vgrep`

#diy

DUMPPID=`ps-ef|grep"tcpdump-ieth0"|greppcap`

#checkmainprogrammestatus

if[!"$MAINDUMP"];then

/bin/bash/home/maindump.sh

fi

if[!"$DUMPPID"];then

#diy

/usr/sbin/tcpdump-ieth0host113.105.152.180-w/data/$DATE_DIR/$STIME.pcap-s0&

fi

monitor_disk.sh(¼à¿ØÓ²ÅÌ¿Õ¼ä)

¼à¿Ø´ÅÅ̵ĿÕÏпռä,µ±´ÅÅ̵ÄʹÓÃÂÊ´óÓÚµÈÓÚ30%ʱ(¿ÉÉèÖÃ),»á×Ô¶¯É¾³ý×îÔçÒ»Ìì×¥µ½µÄËùÔÚÊý¾Ý°ü,ÒÔ±£Ö¤´ÅÅ̵ĿÕÏпռä,´úÂëÈçÏÂ:#!/bin/bash

#scriptname:/home/monitor_disk.sh

#diy

FREEDISK=`df-h|grep"/dev/sda3"|awk'{print$5}'|awk-F%'{print$1}'`

HEADMOST=`ls-l/data|grep^d|awk'{print$NF}'|sort|head-n1`

#checkfreediskstatus

#diy

if["$FREEDISK"-ge"30"];then

rm-rf/data/"$HEADMOST"

fi