由于网络设备的某两个口子采用brctl ,桥接模式,桥接口没IP地址。产品原理是必须学到相关MAC地址和相关IP的对应关系,但有时经过学习不到,就猥琐的采用将流经桥接口报文实时抓下来,然后格式化输出绑定。

#!/bin/bash
#auto to bind the static mac_address
echo -en "\033[32m 请输入您的ip地址:\033[0m"
read ip
tcpdump -i eth0 host $ip -nn -e >> /root/mac.txt& //将tcpdump抓包采集丢入后台运行,将抓货的报文重定向到mac.txt,等待10s后关闭抓包进程
sleep 10
killall tcpdump
col1=`grep "$ip" /root/mac.txt |awk '{print $2,$4,$10,$12}'|awk '{print $1}'|head -n 1`
col2=`grep "$ip" /root/mac.txt |awk '{print $2,$4,$10,$12}'|awk '{print $2}'|head -n 1`
col3=`grep "$ip" /root/mac.txt |awk '{print $2,$4,$10,$12}'|sed -e 's/'$ip'\.[1-9]\{2,5\}/'$ip'/'g|awk '{print $3}'|head -n 1`
col4=`grep "$ip" /root/mac.txt |awk '{print $2,$4,$10,$12}'|sed -e 's/'$ip'\.[1-9]\{2,5\}:\?/'$ip'/'g|awk '{print $4}'|head -n 1`
col5=`grep "$ip" /root/mac.txt |awk '{print $2,$4,$10,$12}'|sed -e 's/'$ip'[:]/'$ip'/'g|awk '{print $4}'|head -n 1`
if [ "$ip" = "$col3" ];then
    arp -i eth0 -s $ip $col1
elif [ "$ip" = "$col4" ];then
    arp -i eth0 -s $ip $col2
elif [ "$ip" = "$col5" ];then
    arp -i eth0 -s $ip $col2
else
    echo -en "Unkown fail.."
fi
 抓到的报文内容为:11:47:01.089939 00:0c:29:ce:9e:c1 > 00:50:56:c0:00:01, ethertype IPv4 (0x0800), length 170: 172.168.1.4.22 > 172.168.1.1.2616: P 116:232(116) ack 1 win 8576
我们将MAC地址和IP地址按照一定格式输出:

grep '$ip' mac.txt |awk '{print $2,$4,$10,$12}'

 00:0c:29:ce:9e:c1 00:50:56:c0:00:01, 172.168.1.4.22 172.168.1.1.2616:

其中172.168.1.4对应的MAC地址为00:0c:29:ce:9e:c1,但这样还是有点问题,172.168.1.4后面可能跟着.22或者

172.168.1.4.22:多个冒号,我门需要将这种格式全部修正为标准的IP形式,去掉后面的端口号和冒号。方法,通过正则表达式进行替换,采用sed流编辑器。
00:0c:29:ce:9e:c1 00:50:56:c0:00:01, 172.168.1.4.22 172.168.1.1.2616:
00:50:56:c0:00:01 00:0c:29:ce:9e:c1, 172.168.1.1.2616 172.168.1.4.22:
00:50:56:c0:00:01 00:0c:29:ce:9e:c1, 172.168.1.1.2616 172.168.1.4.22:
00:0c:29:ce:9e:c1 00:50:56:c0:00:01, 172.168.1.4.22 172.168.1.1.1441: