1. Speedtest脚本





get https://托盘.com/乌克拉/下载/下载文件?文件路径=乌克拉速度测试1.0.0x86_64linux.tgz O 速度测试cli.tgz && 柏油 xfvz 速度测试cli.tgz && 回声 | ./速度测试
[[email protected] ~]# get //bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-x86_64-linux.tgz -O 速度测试-cli.tgz && 柏油 xfvz 速度测试-cli.tgz && 回声 是 | ./speedtest
--2020-04-16 17:21:41--  //bintray.com/ookla/download/download_file?file_path=ookla-speedtest-1.0.0-x86_64-linux.tgz
Resolving 托盘.com (bintray.com)... 108.168.194.93
Connecting to 托盘.com (bintray.com)|108.168.194.93|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: //dl.bintray.com/ookla/download/ookla-speedtest-1.0.0-x86_64-linux.tgz?expiry=1587057731446&signature=N%2F%2FEyyWnLJRqFhHwYJ08IM0%2B0OU66hX1%2BgGCWG43CaY3dmuJOyA0M8gy36G2RwtgfT8Elro6jQpIhBd8yTOKNQ%3D%3D [following]
--2020-04-16 17:21:41--  //dl.bintray.com/ookla/download/ookla-speedtest-1.0.0-x86_64-linux.tgz?expiry=1587057731446&signature=N%2F%2FEyyWnLJRqFhHwYJ08IM0%2B0OU66hX1%2BgGCWG43CaY3dmuJOyA0M8gy36G2RwtgfT8Elro6jQpIhBd8yTOKNQ%3D%3D
Resolving dl.bintray.com (dl.bintray.com)... 52.26.64.218, 52.11.170.179
Connecting to dl.bintray.com (dl.bintray.com)|52.26.64.218|:443... connected.
HTTP request sent, awaiting response... 302 
Location: //akamai.bintray.com/5f/5fe2028f0d4427e4f4231d9f9cf70e6691bb890a70636d75232fe4d970633168?__gda__=exp=1587058421~hmac=bcc7e0e4e8f71f5d0af7ebf6178ae0534027fb63a80234c4870051da23c2fbfa&response-content-disposition=attachment%3Bfilename%3D%22ookla-speedtest-1.0.0-x86_64-linux.tgz%22&response-content-type=application%2Fgzip&requestInfo=U2FsdGVkX19FmhEAfVfGnWNhHLMH9_FIedcu869F-5_L6eYlhAQ-vBUL-KjMmlOg3_Pt0gfPKOS-M8PpIXM7iVCKOdekGMaDStQwm92EfjfQDX_lGbiCXiYR9ao_wwmHjKOiB6RTgnyrDECxGx8spA&response-X-Checksum-Sha1=41ca19b8bea7614c27370453be3c6ef7ea7fa76a&response-X-Checksum-Sha2=5fe2028f0d4427e4f4231d9f9cf70e6691bb890a70636d75232fe4d970633168 [following]
--2020-04-16 17:21:41--  //akamai.bintray.com/5f/5fe2028f0d4427e4f4231d9f9cf70e6691bb890a70636d75232fe4d970633168?__gda__=exp=1587058421~hmac=bcc7e0e4e8f71f5d0af7ebf6178ae0534027fb63a80234c4870051da23c2fbfa&response-content-disposition=attachment%3Bfilename%3D%22ookla-speedtest-1.0.0-x86_64-linux.tgz%22&response-content-type=application%2Fgzip&requestInfo=U2FsdGVkX19FmhEAfVfGnWNhHLMH9_FIedcu869F-5_L6eYlhAQ-vBUL-KjMmlOg3_Pt0gfPKOS-M8PpIXM7iVCKOdekGMaDStQwm92EfjfQDX_lGbiCXiYR9ao_wwmHjKOiB6RTgnyrDECxGx8spA&response-X-Checksum-Sha1=41ca19b8bea7614c27370453be3c6ef7ea7fa76a&response-X-Checksum-Sha2=5fe2028f0d4427e4f4231d9f9cf70e6691bb890a70636d75232fe4d970633168
Resolving akamai.bintray.com (akamai.bintray.com)... 23.66.53.169
Connecting to akamai.bintray.com (akamai.bintray.com)|23.66.53.169|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 930614 (909K) [application/gzip]
Saving to: ‘speedtest-cli.tgz’100%[=========================================================================>] 930,614     --.-K/s   in 0.08s   

2020-04-16 17:21:41 (10.5 MB/s) - ‘speedtest-cli.tgz’ saved [930614/930614]

speedtest
speedtest.md
speedtest.5
==============================================================================

You may 上ly use this Speedtest software and information generated
from it for personal, non-commercial use, through a command line
interface 上 a personal computer. Your use of this software is subject
to the End User License Agreement, Terms of Use and Privacy Policy at
these URLs:

        //www.speedtest.net/about/eula
        //www.speedtest.net/about/terms
        //www.speedtest.net/about/privacy

==============================================================================

Do you accept the license? [type YES to accept]: License acceptance recorded. Continuing.


   Speedtest by Ookla

     Server: ZeptoVM - Ashburn, VA (id = 30561)
        ISP: Google 云
    Latency:    25.69 ms   (4.63 ms jitter)
   Download:  3977.15 Mbps (data used: 6.2 GB)                               
     Upload:   918.83 Mbps (data used: 1.5 GB)                               
Packet Loss:     0.0%
 Result URL: 
[[email protected] ~]# 


2.网络流量分析脚本

实际上,我主要使用此脚本来查看端口占用率以及哪个IP拼命运行流量。 
该脚本中包括的功能是:
1.实时监视任何网卡的流量
2.计算10秒内的平均流量
3.计算 的平均流量 每个端口在10秒内,基于客户端和服务器的端口统计信息。 可以看出哪个端口占用了更多流量。对于Web服务器,通常使用端口80。 当其他端口受到攻击时,可能会有其他端口的流量较大。 这样可以帮助我们检查端口流量是否正常。
4.计算10秒钟内最大带宽的前10个IP。 此功能可以帮助我们确定是否存在恶意IP占用带宽。
5.统计连接状态。 此功能使我们可以查看哪个连接状态相对较大。 如果存在更多SYN-RECV状态,则可能存在半连接攻击。 如果ESTABLISED很大,但是发现通过日志没有太多请求,或者通过tcpdump找到了大量IP,并且仅建立连接而不请求数据,则可能是完全连接攻击。添加监听80推迟以防止。
6.计算每个端口的连接状态。 当有可能受到攻击时,此功能可以帮助我们发现哪个端口受到了攻击。
7.统计端口是80,并且ESTAB连接数最多的前10个IP。 此功能可以帮助我们找出太多的连接来创建Ip,然后进行屏蔽。
8.计算端口80的前10个IP以及连接最多的状态SYN-RECV。 遭受半连接攻击时,此功能可以帮助我们找到恶意ip。

在您的linux命令行中运行:

get https://生的.githubusercontent.com/91yun/91云码//网络分析.sh && 重击 网络分析.sh
$get //raw.githubusercontent.com/91yun/91yuncode/master/network-analysis.sh && 重击 网络-analysis.sh


$ 重击 网络-analysis.sh
1) real time traffic.
2) traffic and connection overview.

please input your select(ie 1): 2
tcpdump not found,going to install it.
network-analysis.sh: line 125: apt-get: command not found

#################### nic setting ####################

1) docker0
2) eth0
3) eth1
4) veth49c9398

which nic you'd select: 3
your selection: eth1
please wait for 10s to generate 网络 data...


network device ens3 average traffic in 10s:
ens3 Receive: 4.9Kb/s
ens3 Transmit: 8.7Kb/s                            average traffic in 10s base 上 client port:
                                                  10.0.0.2:34421 > server 8.1Kb/s
average traffic in 10s base 上 server port:       140.204.0.165:443 > server 4.2Kb/s
clients > 140.204.0.165:443 8.1Kb/s               169.254.169.254:53 > server 396b/s
clients > 10.0.0.2:34421 4.2Kb/s                  10.0.0.2:36428 > server 150b/s
clients > 10.0.0.2:36428 396b/s                   10.0.0.2:22 > server 83b/s
clients > 169.254.169.254:53 150b/s               169.254.169.254:123 > server 60b/s
clients > 160.32.192.89:7520 83b/s                10.0.0.2:57613 > server 60b/s
clients > 169.254.169.254:123 60b/s               top 10 ip average traffic in 10s base 上 client:
clients > 10.0.0.2:57613 60b/s                    10.0.0.2:34421 > 140.204.0.165 8.1Kb/s
top 10 ip average traffic in 10s base 上 server:  140.204.0.165:443 > 10.0.0.2 4.2Kb/s
10.0.0.2 > 140.204.0.165:443 8.1Kb/s              169.254.169.254:53 > 10.0.0.2 396b/s
140.204.0.165 > 10.0.0.2:34421 4.2Kb/s            10.0.0.2:36428 > 169.254.169.254 150b/s
69.254.169.254 > 10.0.0.2:36428 396b/s           10.0.0.2:22 > 160.32.192.89 83b/s
10.0.0.2 > 169.254.169.254:53 150b/s              169.254.169.254:123 > 10.0.0.2 60b/s
10.0.0.2 > 160.32.192.89:7520 83b/s               10.0.0.2:57613 > 169.254.169.254 60b/s
169.254.169.254 > 10.0.0.2:57613 60b/s            160.32.192.89:7520 > 10.0.0.2 32b/s
10.0.0.2 > 169.254.169.254:123 60b/s
connection state count: :22 32b/s
0 102
TIME-WAIT 6
CLOSE-WAIT 6
ESTAB 1


connection state count by port base 上 server:    connection state count by port base 上 client:
0 * 102                                           TIME-WAIT 140.204.0.165:443 5
TIME-WAIT 10.0.0.2:34421 1                        CLOSE-WAIT 169.254.169.254:80 4
TIME-WAIT 10.0.0.2:34420 1                        CLOSE-WAIT 140.204.0.151:443 2
TIME-WAIT 10.0.0.2:34419 1                        TIME-WAIT 169.254.169.254:80 1
TIME-WAIT 10.0.0.2:34417 1                        ESTAB 160.32.192.89:7520 1
TIME-WAIT 10.0.0.2:34416 1                        0 23041 1
TIME-WAIT 10.0.0.2:34061 1                        0 23040 1
ESTAB 10.0.0.2:22 1                               0 22575 1
CLOSE-WAIT 10.0.0.2:47916 1                       0 22574 1
CLOSE-WAIT 10.0.0.2:47910 1                       0 22111 1

top 10 ip ESTAB state count at port 80:
* 102
160.32.192.89 1

top 10 ip SYN-RECV state count at port 80:
[[email protected]centos7-test1 ~]#

通过 约翰

发表评论