登录远程服务器抓包

#!/bin/bash

# 远程服务器列表,以空格间隔,如IP1 IP2
SERVERS_IP="21.254.176.3 21.254.176.135 21.254.176.144 21.254.176.138 21.254.176.146 21.254.176.141 21.254.176.145 21.254.178.2 21.254.178.15 21.254.178.3 21.254.178.17 21.254.176.70 21.254.176.93 21.254.178.33 21.254.178.34 21.254.178.35 21.254.178.58 21.254.176.71 21.254.176.94 21.254.178.12 21.254.178.14 21.254.177.71 21.254.177.131 21.254.177.72 21.254.177.132 21.254.178.11 21.254.178.16 21.254.177.130 21.254.177.70"
USERNAME=root

if [ "$#" != "1" ];then
        echo "USAGE:$0 [start|stop|download]"
        exit 1
fi

# 登陆远程服务器,开启tcpdump命令
function start()
{
    for ip in $SERVERS_IP
    do
        nohup ssh $USERNAME@$ip "tcpdump -i eth1 -s 0 -w $ip.cap" > /dev/null 2> error.log &
        echo "$ip抓包开始............................"
    done
    
    echo "远程服务器抓包已全部开启"
}

# 登陆远程服务器,停止tcpdump命令
function stop()
{
    for ip in $SERVERS_IP
    do
        nohup ssh $USERNAME@$ip 'PID=`ps -ef | grep tcpdump | grep -v grep | awk "{print $2}"`;kill -9 $PID' > /dev/null 2> error.log &
        echo "$ip抓包停止............................"
    done

    echo "远程服务器抓包已全部停止"
}

# 下载远程服务器的CAP到本地
function download()
{
    for ip in $SERVERS_IP
    do
        echo "$ip.cap开始下载............................"
        scp $USERNAME@$ip:/root/$ip.cap .
    done
    
    echo "远程服务器抓包已全部下载"
}

function test()
{
    echo "远程服务器tcpdump进程判断开始" >> tcpdump.log
    for ip in $SERVERS_IP
    do
        echo "${ip}tcpdump进程是否杀掉............................" >> tcpdump.log
        nohup ssh $USERNAME@$ip "ps -ef | grep tcpdump | grep -v grep" >> tcpdump.log 2> error.log &
        sleep 1
    done
    
    echo "远程服务器tcpdump进程判断结束" >> tcpdump.log
}

case $1 in
start)
    start
        ;;
stop)
        stop
        ;;
download)
        download
        ;;
test)
    test
    ;;
*)
        echo "参数错误"
        ;;
esac

 

posted @ 2015-08-31 10:40  大盗—如风  阅读(929)  评论(0编辑  收藏  举报