python通过解析tcpdump输出，以IP维度给出服务器上的流量数据

概述python通过解析tcpdump输出，以IP维度给出服务器上的流量数据

下面是内存溢出 jb51.cc 通过网络收集整理的代码片段。

内存溢出小编现在分享给大家，也给大家做个参考。

#!/bin/env pythonimport timeimport datetimeimport subprocess as subfrom optparse import OptionParserimport os,sysimport socketdef dump_dict(flow_dict,timestr,log_file,top_n,deBUG):    try:        timestamp = datetime.datetime.fromtimestamp(int(time.time())).strftime(timestr)    except Exception as e:        print(e)        sys.exit(1)    #get top values    top_n_List = sorted(flow_dict.iteritems(),key=lambda x:-x[1])[:top_n]    for item in top_n_List:        line = 'time=%s`src_ip=%s`src_port=%s`dst_ip=%s`dst_port=%s`bytes=%s' %(timestamp,item[0][0],item[0][1],item[0][2],item[0][3],item[1])        log_file.write(line + '\n')        if deBUG: print(line)    log_file.flush()def get_host_ip():    return socket.gethostbyname(socket.gethostname())def add_bytes_to_dict(line_List,flow_dict):    '''    accept a List which contains tcpdump info,and set into the dictionary given as the second arg.    the tcpdump info line is like this:    ['IP','10.46.64.148.9922','>','100.84.32.188.56300:','tcp','100']    '''    src_ip = '.'.join(line_List[1].split('.')[0:4])    src_port = line_List[1].split('.')[4]    dst_ip = '.'.join(line_List[3].split('.')[0:4])    dst_port = line_List[3].split('.')[4].strip(':')    bytes = int(line_List[5])    tmp_key = (src_ip,src_port,dst_ip,dst_port)    if tmp_key in flow_dict.keys():        flow_dict[tmp_key] +=  bytes    else:        flow_dict[tmp_key] =  bytesdef x_parser():    parser = OptionParser()    parser.add_option("-i","--interval",action="store",dest="INTERVAL",help="dump result every INTERVAL seconds,default 60")    parser.add_option("-f","--file",dest="file",help="Where the data file should be,required")    parser.add_option("-D","--deBUG",action="store_true",dest="isDeBUG",default=False,help="open deBUG mode if selected(only print to stddin)")    parser.add_option("-n","--topn",dest="topN",help="top n values to dump,default 50")    parser.add_option("-e","--Expression",dest="Expression",help="this arg will pass to tcpdump,ext. 'tcp src port 80',required")    parser.add_option("-T","--timeStr",dest="TIMESTR",help="timeStamp format,default is like 'date +\"%Y-%m-%d %H:%M:%s\"'")    return parserdef main():    parser = x_parser()    (options,args) = parser.parse_args()    interval = int(options.INTERVAL or 60)    timestr = options.TIMESTR or '''%Y-%m-%d %H:%M:%s'''    top_n = int(options.topN) or 50    if not options.file:        print("NO log file given,exit.")        sys.exit(1)    else:        log_file = open(options.file,'w')    #dictionary use to keep the flow data,'(src_ip,dst_port)' as a key,value 'bytes'    flow_dict_in = {}    flow_dict_out = {}    my_ip = get_host_ip()    t1 = time.time()    if options.Expression:        #please refer to tcpdump's man page for details,we don't need the packet's info when it's an ACK/SYN,so have this Expression: (((ip[2:2]....!= 0)        #and also shuld make tcpdump line buffer,that's why  we use '-l'        p = sub.Popen(['tcpdump','(((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) and tcp and ',options.Expression,'-l','-nn','-q','-t'],stdout=sub.PIPE)    else:        print("No Expression given,exit.")        sys.exit(1)    for line in iter(p.stdout.readline,b''):        #the line contains '\n',hate it...        line_List = line.strip().split(' ')        if my_ip in line_List[1]:            add_bytes_to_dict(line_List,flow_dict_out)        elif my_ip in line_List[3]:            add_bytes_to_dict(line_List,flow_dict_in)        else:            print("ERROR,don't kNow what it is: %s." %(line))        t2 = time.time()        #print the result every interval seconds,and zero out the dictionary,start again        if t2 - t1 > interval:           t1 = time.time()           dump_dict(flow_dict_in,options.isDeBUG)           dump_dict(flow_dict_out,options.isDeBUG)           flow_dict_in = {}           flow_dict_out = {}    log_file.close()if __name__ == '__main__':    main()

以上是内存溢出(jb51.cc)为你收集整理的全部代码内容，希望文章能够帮你解决所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。

总结

以上是内存溢出为你收集整理的python通过解析tcpdump输出，以IP维度给出服务器上的流量数据全部内容，希望文章能够帮你解决python通过解析tcpdump输出，以IP维度给出服务器上的流量数据所遇到的程序开发问题。

如果觉得内存溢出网站内容还不错，欢迎将内存溢出网站推荐给程序员好友。