Àíàëèç òðàôèêà íà wl500gP

**SinClaus** · 06-09-2007, 11:55

Íó ðåáÿòà, óæ åñëè âû íå â êóðñå, ÷òî ñêðèïò èñïîëíÿåòñÿ øåëëîì ïðè çàãðóçêå, òî êòî æå âàñ áóäåò ó÷èòü Ëèíóêñó ab ovo?

**lexass** · 02-12-2007, 18:07

ðàäèîñëóøàòåëè äîâîëüíû!

âîïðîñ, à ìîíî ïðè ïîìîùè îãî æå sh
óáèòü âñå èç âûâîäà, êðîìå âõîäÿùåãî è èñõîäÿùåãî â öèôðàõ?

ÇÛ
÷òî-òî òèïà ýòîãî:

PHP Code:


$ipstuff=`/sbin/iptables -L -Z ACCT_IN_$name -v -x`;

# Âûäåëèì èç âûâîäà ïðåäûäóùåé êîìàíäû çíà÷åíèå ñ÷åò÷èêà

@IPTBMASS=split(/\n/,$ipstuff);

chomp $IPTBMASS[2];

$string=$IPTBMASS[2];

$string=~ s/\s{1,}/ /g;

@INFOMASS=split(/ /,$string);

$IP_IN=$INFOMASS[2];

# Ñíèìåì äàííûå ñî ñ÷åò÷èêà èñõîäÿùåãî òðàôèêà è îáíóëèì

$ipstuff=`/sbin/iptables -L -Z ACCT_OUT_$name -v -x`;

# Âûäåëèì èç âûâîäà ïðåäûäóùåé êîìàíäû çíà÷åíèå ñ÷åò÷èêà

@IPTBMASS=split(/\n/,$ipstuff);

$string=$IPTBMASS[2];

$string=~ s/\s{1,}/ /g;

@INFOMASS2=split(/ /,$string);

$IP_OUT=$INFOMASS2[2];

**Mam(O)n** · 02-12-2007, 23:33

Åñëè áðàòü â ïîìîùü awk òî áóäåò ÷òîòî òèïà òèïà òàêîãî:

Code:

#!/bin/sh
IP_IN=$(iptables -L -Z ACCT_IN_$name -vnx | awk '/^ *[0-9]+ *[0-9]+.*/{print $2; exit}')
IP_OUT=$(iptables -L -Z ACCT_OUT_$name -vnx | awk '/^ *[0-9]+ *[0-9]+.*/{print $2; exit}')

**lexass** · 03-12-2007, 18:26

Originally Posted by Mam(O)n

Åñëè áðàòü â ïîìîùü awk òî áóäåò ÷òîòî òèïà òèïà òàêîãî:

÷òî-òî òèïà íå çàïóñêàåòñÿ

**Mam(O)n** · 03-12-2007, 18:35

È êàêóþ îøèáêó âûäà¸ò?

upd
Èëè íåïîíÿòíî ÷òî äåëàåò îí? Äà òîæå ñàìîå ÷òî è ïðèâåä¸ííûé òîáîé ñêðèïò íà ïåðëå. Â ïåðåìåííóþ IP_IN ïîìåùàåò çíà÷åíèå âòîðîãî ñòîëáöà âòîðîé ñòðîêè âûâîäà iptables -L -Z ACCT_IN_$name -vnx. Â ïåðåìåííóþ IP_OUT ïîìåùàåòñÿ òîæå íî èç öåïî÷êè ACCT_OUT_$name. Â ïåðåìåííîé $name äîëæåí áûòü ïîñòôèêñ îò íàçâàíèÿ öåïî÷êè.

**lexass** · 03-12-2007, 19:20

iptables: Table does not exist (do you need to insmod?)

**Mam(O)n** · 03-12-2007, 19:27

Íó à öåïî÷êà â òàáëèöå iptables ñóùåñòâóåò íóæíàÿ? Â ïåðåìåííîé $name çàäàí ïîñòôèêñ?

**lexass** · 03-12-2007, 19:43

îîî, çàðàáîòàëî

ðó÷êè øÀëîâëèâûå

ÑÏÑÈÁ!!!

**almuerto** · 04-12-2007, 16:16

Ïîìîãèòå, ïîæàëóéñòà, ðîóòåð wl500gp, êàáåëüíûé ìîäåì ìîòîðîëëà, ïîñòîÿííî ìèãàåò ëàìïî÷êà àêòèâíîñòè âàí ïîðòà. Ïðè ïðÿìîì ïîäêëþ÷åíèè ìîäåìà ê ñåòåâîé êàðòå êîìïüþòåðà ëàìïî÷êà íå ìèãàåò. Àíàëîãè÷íî áûëî ïîâåäåíèå ðîóòåðà îò äëèíê.
Âîò ëîã

Code:

tcpdump -i vlan1

18:56:18.406758 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1503+[|domain]
18:56:18.414960 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1504+[|domain]
18:56:18.426470 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1505+[|domain]
18:56:18.435410 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1506+[|domain]
18:56:18.442518 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1507+[|domain]
18:56:18.463147 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1508+[|domain]
18:56:18.556207 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1517+[|domain]
18:56:18.564151 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1517 NXDomain*[|domain]
18:56:18.564579 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1518+[|domain]
18:56:18.573355 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1518 NXDomain*[|domain]
18:56:18.573775 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1519+[|domain]
18:56:18.577640 arp who-has av109928.oops tell 10.0.192.1
18:56:18.692543 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1532+[|domain]
18:56:18.701015 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1532[|domain]
18:56:18.702768 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1533+[|domain]
18:56:18.716410 arp who-has 10.1.207.8 tell 10.1.192.1
18:56:18.721542 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1533 NXDomain*[|domain]
18:56:18.721972 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1534+[|domain]
18:56:18.730718 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1535+[|domain]
18:56:18.744826 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1536+[|domain]
18:56:18.753320 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1537+[|domain]
18:56:18.761542 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1538+[|domain]
18:56:18.773464 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1539+[|domain]
18:56:18.780434 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1540+[|domain]
18:56:18.872921 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1548+[|domain]
18:56:18.881235 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1548 NXDomain*[|domain]
18:56:18.881660 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1549+[|domain]
18:56:18.891084 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1549 NXDomain*[|domain]
18:56:18.891506 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1550+[|domain]
18:56:18.905401 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1551+[|domain]
18:56:18.911905 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1552+[|domain]
18:56:18.921675 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1553+[|domain]
18:56:18.935738 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1554+[|domain]
18:56:19.045464 arp who-has 10.1.195.124 tell 10.1.192.1
18:56:19.047802 arp who-has av43850.oops tell 10.0.192.1
18:56:19.050453 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1563+[|domain]
18:56:19.057606 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1563 NXDomain*[|domain]
18:56:19.058057 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1564+[|domain]
18:56:19.066539 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1564 NXDomain*[|domain]
18:56:19.066961 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1565+[|domain]
18:56:19.084554 arp who-has av40850.oops tell 10.0.192.1
18:56:19.084983 IP dns04.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1565 ServFail[|domain]
18:56:19.085398 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1566+[|domain]
18:56:19.091728 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1566 NXDomain*[|domain]
18:56:19.092149 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1567+[|domain]
18:56:19.100088 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1567 NXDomain*[|domain]
18:56:19.100511 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1568+[|domain]
18:56:19.109851 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1569+[|domain]
18:56:19.118915 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1570+[|domain]
18:56:19.126422 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1571+[|domain]
18:56:19.160084 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1572+[|domain]
18:56:19.167810 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1573+[|domain]
18:56:19.180710 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1574+[|domain]
18:56:19.279857 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1578+[|domain]
18:56:19.287093 arp who-has av129572.oops tell 10.0.192.1
18:56:19.287766 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1578*[|domain]
18:56:19.289761 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1579+[|domain]
18:56:19.298621 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1579 NXDomain*[|domain]
18:56:19.299086 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1580+[|domain]
18:56:19.305844 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1580 NXDomain*[|domain]
18:56:19.306261 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1581+[|domain]
18:56:19.314180 IP dns04.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1581 ServFail[|domain]
18:56:19.314598 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1582+[|domain]
18:56:19.321354 IP dns02.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1582 NXDomain*[|domain]
18:56:19.321799 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1583+[|domain]
18:56:19.329956 IP dns01.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1583 NXDomain*[|domain]
18:56:19.330388 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1584+[|domain]
18:56:19.340486 IP dns04.catv.ext.ru.domain > 83.167.xxx.xxx.1027:  1584 ServFail[|domain]
18:56:19.340906 IP 83.167.xxx.xxx.1027 > dns02.catv.ext.ru.domain:  1585+[|domain]
18:56:19.348596 arp who-has av167544.oops tell 10.0.192.1
18:56:19.351109 IP 83.167.xxx.xxx.1027 > dns01.catv.ext.ru.domain:  1586+[|domain]
18:56:19.359044 IP 83.167.xxx.xxx.1027 > dns04.catv.ext.ru.domain:  1587+[|domain]
18:56:19.424762 arp who-has 10.1.219.117 tell 10.1.192.1
18:56:19.425838 arp who-has 10.1.194.130 tell 10.1.192.1

1009 packets captured
4926 packets received by filter
3855 packets dropped by kernel

**Mam(O)n** · 04-12-2007, 16:20

Èìõî ì.á. ìóëüòèêàñò, íî â ýòîì äàìïå åãî ÿ íå íàáëþäàþ. Òàì òîëüêî çàïðîñû ê äíñ è âîçìîæíî îò ñàìîãî tcpdump'a. Ïîïðîáóé ëó÷øå ïîñìîòðåòü òàê: tcpdump -ni vlan1, òî åñòü áåç ðàçðåøåíèÿ èìåí.

**almuerto** · 04-12-2007, 16:27

Âîò íàñûïàëîñü çà ïàðó ñåêóíä:

Code:

16:09.679005 arp who-has 10.1.199.179 tell 10.1.192.1
19:16:09.701848 arp who-has 10.0.199.89 tell 10.0.192.1
19:16:09.723035 arp who-has 10.0.202.21 tell 10.0.192.1
19:16:09.745191 arp who-has 10.1.221.170 tell 10.1.192.1
19:16:09.758107 arp who-has 10.0.218.214 tell 10.0.192.1
19:16:09.782786 arp who-has 10.0.223.55 tell 10.0.192.1
19:16:09.789481 arp who-has 10.1.208.237 tell 10.1.192.1
19:16:09.800630 arp who-has 10.0.212.44 tell 10.0.192.1
19:16:09.804046 arp who-has 10.0.205.108 tell 10.0.192.1
19:16:09.810406 arp who-has 10.0.202.42 tell 10.0.192.1
19:16:09.815424 arp who-has 10.0.211.219 tell 10.0.192.1
19:16:09.825626 arp who-has 10.0.202.31 tell 10.0.192.1
19:16:09.827712 arp who-has 10.0.202.29 tell 10.0.192.1
19:16:09.830786 arp who-has 10.0.202.34 tell 10.0.192.1
19:16:09.831912 arp who-has 10.0.202.33 tell 10.0.192.1
19:16:09.885777 arp who-has 10.0.208.140 tell 10.0.192.1
19:16:09.886666 arp who-has 10.0.213.6 tell 10.0.192.1
19:16:09.898215 arp who-has 10.0.194.176 tell 10.0.192.1
19:16:09.906374 arp who-has 83.167.109.130 tell 83.167.109.1
19:16:09.946850 arp who-has 10.0.202.36 tell 10.0.192.1
19:16:09.951475 arp who-has 10.0.220.87 tell 10.0.192.1
19:16:09.975348 arp who-has 10.1.219.243 tell 10.1.192.1
19:16:10.001494 arp who-has 10.1.215.143 tell 10.1.192.1
19:16:10.026270 arp who-has 10.0.205.109 tell 10.0.192.1
19:16:10.033157 arp who-has 83.167.109.36 tell 83.167.109.1
19:16:10.038041 arp who-has 10.1.193.93 tell 10.1.192.1
19:16:10.091671 arp who-has 10.1.203.213 tell 10.1.192.1
19:16:10.145591 arp who-has 10.0.212.66 tell 10.0.192.1
19:16:10.146903 arp who-has 217.10.45.91 tell 217.10.45.1
19:16:10.157891 arp who-has 10.1.223.10 tell 10.1.192.1
19:16:10.169914 arp who-has 10.1.198.109 tell 10.1.192.1
19:16:10.245448 arp who-has 10.0.220.225 tell 10.0.192.1
19:16:10.262076 arp who-has 10.0.209.70 tell 10.0.192.1
19:16:10.277128 arp who-has 10.1.219.244 tell 10.1.192.1
19:16:10.283661 arp who-has 10.1.219.163 tell 10.1.192.1

503 packets captured
503 packets received by filter
0 packets dropped by kernel

Êàê ýòî áåçîáðàçèå ïðèêðûòü? Êóäà êîïàòü?
Íå íðàâèòñÿ ïîñòîÿííîå ìîðãàíèå, õî÷åòñÿ ÷òîáû ìîðãàëî, êîãäà ðåàëüíî òðàôèê ãåíåðèðóåòñÿ...

**Mam(O)n** · 04-12-2007, 16:38

Ýòî ïðîñòî êòî òî ñêàíèò ñåòü. Íè÷åãî ñòðàøíîãî.

È ýòîò êòî-òî ïîõîäó ñåðâ àêàäû.

**djet** · 04-12-2007, 16:43

tcpdump'îì ïîëüçîâàòüñÿ óìååòå, à ïðî ARP íå ñëûõàëè? Äà íå ìîæåò áûòü.

**almuerto** · 04-12-2007, 17:02

Ïðî ARP ñëûõàëè. Íî äåëî íå â íåì.

Code:

24 packets captured
3740 packets received by filter
3563 packets dropped by kernel

Ìîæíî ëè ïîñìîòðåòü äðîïíóòûå ïàêåòû? Ìîæåò äåëî â íèõ?

**Mam(O)n** · 04-12-2007, 17:09

Originally Posted by man tcpdump

packets ‘‘dropped by kernel’’ (this is the number of packets that were dropped, due to a lack of buffer space, by the packet
capture mechanism in the OS on which tcpdump is running, if the OS reports that information to applications; if not, it will be
reported as 0).

Òî åñòü ýòî òå ïàêåòû ÷òî íå ñìîã(íå óñïåë) îòðàáîòàòü tcpdump. ÒÎãäà ïîñìîòðè, ÷òî õîäèò êðîìå àðïà: tcpdump -ni vlan1 not arp

Thread: Àíàëèç òðàôèêà íà wl500gP

Thread Tools

Rate This Thread

Display

Àêàäî - ñòðàííûé òðàôôèê

Similar Threads

Ïðîáëåìû ñ ðîóòåðîì Asus ïîñëå ïðîøèâêè DD-WRT

Ïîääåðæêà SIP ïðîòîêîëà

Ïðîáëåìû ñ DNS íà WL-500gP

Âîïðîñ ïî íàñòðîéêå Kismet, ettercap, etc íà ðîóòåðå.

Asus WL-520gC - íàñòðîéêà ðîóòåðà

Tags for this Thread

Posting Permissions