anduin revised this gist . Go to revision
1 file changed, 101 insertions
Program.cs(file created)
| @@ -0,0 +1,101 @@ | |||
| 1 | + | //<PackageReference Include="Aiursoft.AiurObserver.Command" Version="8.0.4" /> | |
| 2 | + | //<PackageReference Include="Aiursoft.AiurObserver.Extensions" Version="8.0.3" /> | |
| 3 | + | //<PackageReference Include="Microsoft.Extensions.Logging.Console" Version="8.0.1" /> | |
| 4 | + | ||
| 5 | + | using Aiursoft.AiurObserver; | |
| 6 | + | using Aiursoft.AiurObserver.Command; | |
| 7 | + | using Microsoft.Extensions.Logging; | |
| 8 | + | using Aiursoft.AiurObserver.Extensions; | |
| 9 | + | ||
| 10 | + | namespace Moni; | |
| 11 | + | ||
| 12 | + | public abstract class Program | |
| 13 | + | { | |
| 14 | + | private BlockRule[] _rules = new[] | |
| 15 | + | { | |
| 16 | + | // 8MiB/s, 80MiB in 10 seconds | |
| 17 | + | new BlockRule | |
| 18 | + | { | |
| 19 | + | MaxBytesTransferred = 0x500_0000, | |
| 20 | + | IntervalSeconds = 10 | |
| 21 | + | }, | |
| 22 | + | // 6MiB/s, 360MiB in 60 seconds | |
| 23 | + | new BlockRule | |
| 24 | + | { | |
| 25 | + | MaxBytesTransferred = 0x1680_0000, | |
| 26 | + | IntervalSeconds = 60 | |
| 27 | + | }, | |
| 28 | + | // 5MiB/s, 1500MiB in 300 seconds (5 minutes) | |
| 29 | + | new BlockRule | |
| 30 | + | { | |
| 31 | + | MaxBytesTransferred = 0x5DC0_0000, | |
| 32 | + | IntervalSeconds = 300 | |
| 33 | + | }, | |
| 34 | + | // 4MiB/s, 2400MiB in 600 seconds (10 minutes) | |
| 35 | + | new BlockRule | |
| 36 | + | { | |
| 37 | + | MaxBytesTransferred = 0x9600_0000, | |
| 38 | + | IntervalSeconds = 600 | |
| 39 | + | }, | |
| 40 | + | // 3MiB/s, 3600MiB in 1200 seconds (20 minutes) | |
| 41 | + | new BlockRule | |
| 42 | + | { | |
| 43 | + | MaxBytesTransferred = 0xE10_0000, | |
| 44 | + | IntervalSeconds = 1200 | |
| 45 | + | } | |
| 46 | + | }; | |
| 47 | + | ||
| 48 | + | private static Dictionary<string, long> IpTrafficUsage { get; } = new(); | |
| 49 | + | ||
| 50 | + | public static async Task Main(string[] args) | |
| 51 | + | { | |
| 52 | + | if (args.Length != 1) | |
| 53 | + | { | |
| 54 | + | Console.WriteLine("Please provide the network interface name."); | |
| 55 | + | return; | |
| 56 | + | } | |
| 57 | + | ||
| 58 | + | var interfaceName = args[0]; | |
| 59 | + | ||
| 60 | + | var logger = LoggerFactory.Create(logging => logging.AddConsole()).CreateLogger<LongCommandRunner>(); | |
| 61 | + | var runner = new LongCommandRunner(logger); | |
| 62 | + | ||
| 63 | + | // Returns every 10 seconds | |
| 64 | + | runner.Output.InNewThread().Subscribe(OnLog); | |
| 65 | + | ||
| 66 | + | await runner.Run( | |
| 67 | + | bin: "/usr/bin/bash", | |
| 68 | + | arg: $"/usr/local/bin/moninet {interfaceName}", | |
| 69 | + | path: "/"); | |
| 70 | + | } | |
| 71 | + | ||
| 72 | + | private static Task OnLog(string rawOutput) | |
| 73 | + | { | |
| 74 | + | var outputLines = rawOutput.Split("\n"); | |
| 75 | + | foreach (var line in outputLines.Select(outputLine => outputLine.Trim())) | |
| 76 | + | { | |
| 77 | + | if (line.StartsWith("IP Address")) continue; | |
| 78 | + | if (line.StartsWith("===")) continue; | |
| 79 | + | var parts = line.Split(" ", StringSplitOptions.RemoveEmptyEntries) | |
| 80 | + | .Select(part => part.Trim()) | |
| 81 | + | .ToArray(); | |
| 82 | + | if (parts.Length != 3) continue; | |
| 83 | + | ||
| 84 | + | var ipAddr = parts[0]; | |
| 85 | + | var download = long.Parse(parts[1]); | |
| 86 | + | var upload = long.Parse(parts[2]); | |
| 87 | + | Console.WriteLine($"In the past 10 seconds, remote IP {ipAddr} downloaded {download} bytes and uploaded {upload} bytes."); | |
| 88 | + | var totalTraffic = download + upload; | |
| 89 | + | IpTrafficUsage[ipAddr] = IpTrafficUsage.TryGetValue(ipAddr, out var usage) ? usage + totalTraffic : totalTraffic; | |
| 90 | + | } | |
| 91 | + | ||
| 92 | + | return Task.CompletedTask; | |
| 93 | + | } | |
| 94 | + | } | |
| 95 | + | ||
| 96 | + | public class BlockRule | |
| 97 | + | { | |
| 98 | + | public long MaxBytesTransferred { get; set; } | |
| 99 | + | ||
| 100 | + | public int IntervalSeconds { get; set; } | |
| 101 | + | } | |
anduin revised this gist . Go to revision
1 file changed, 2 insertions, 1 deletion
install.sh
| @@ -1 +1,2 @@ | |||
| 1 | - | sudo wget https://gist.aiursoft.cn/anduin/e66120d03c9945dda921d0fb2039cb38/raw/HEAD/MoniTraffic.sh -O /usr/local/bin/moninet | |
| 1 | + | sudo wget https://gist.aiursoft.cn/anduin/e66120d03c9945dda921d0fb2039cb38/raw/HEAD/MoniTraffic.sh -O /usr/local/bin/moninet | |
| 2 | + | sudo chmod +x /usr/local/bin/moninet | |
anduin revised this gist . Go to revision
1 file changed, 1 insertion
install.sh(file created)
| @@ -0,0 +1 @@ | |||
| 1 | + | sudo wget https://gist.aiursoft.cn/anduin/e66120d03c9945dda921d0fb2039cb38/raw/HEAD/MoniTraffic.sh -O /usr/local/bin/moninet | |
anduin revised this gist . Go to revision
1 file changed, 54 insertions, 41 deletions
MoniTraffic.sh
| @@ -1,6 +1,6 @@ | |||
| 1 | 1 | #!/bin/bash | |
| 2 | 2 | ||
| 3 | - | function get_top_ip() { | |
| 3 | + | function monitor_traffic() { | |
| 4 | 4 | if [ -z "$1" ]; then | |
| 5 | 5 | echo "Usage: $0 <network_interface>" | |
| 6 | 6 | echo "Available network interfaces:" | |
| @@ -9,52 +9,65 @@ function get_top_ip() { | |||
| 9 | 9 | fi | |
| 10 | 10 | ||
| 11 | 11 | INTERFACE=$1 | |
| 12 | - | DURATION=10 # Duration in seconds (3 minutes) | |
| 12 | + | DURATION=10 # Duration in seconds for each capture window | |
| 13 | 13 | ||
| 14 | - | # Temp file to store tcpdump output | |
| 15 | - | TMP_FILE=$(mktemp) | |
| 16 | - | trap "rm -f $TMP_FILE" EXIT # Ensure cleanup on exit | |
| 14 | + | # Output header only once | |
| 15 | + | printf "IP Address\tDownload (bytes)\tUpload (bytes)\n" | |
| 17 | 16 | ||
| 18 | - | # Capture IPv4 traffic on the specified interface | |
| 19 | - | echo "Capturing network traffic on $INTERFACE for $DURATION seconds..." | |
| 20 | - | sudo timeout $DURATION tcpdump -i $INTERFACE -nn -q -tt 'ip' > $TMP_FILE | |
| 17 | + | # Handle SIGINT (Ctrl+C) to gracefully exit the loop | |
| 18 | + | trap "echo 'Exiting...'; exit 0" SIGINT | |
| 21 | 19 | ||
| 22 | - | echo "Processing captured traffic data..." | |
| 20 | + | while true; do | |
| 21 | + | # Temp file to store tcpdump output | |
| 22 | + | TMP_FILE=$(mktemp) | |
| 23 | + | trap "rm -f $TMP_FILE" EXIT # Ensure cleanup on exit or interruption | |
| 23 | 24 | ||
| 24 | - | # Calculate traffic statistics | |
| 25 | - | awk ' | |
| 26 | - | /IP/ { | |
| 27 | - | # Extract source and destination IPs using a stricter pattern to ensure only IPs are captured | |
| 28 | - | if (match($3, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 29 | - | src_ip = substr($3, RSTART, RLENGTH) | |
| 30 | - | } | |
| 31 | - | if (match($5, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 32 | - | dst_ip = substr($5, RSTART, RLENGTH) | |
| 33 | - | } | |
| 25 | + | # Capture IPv4 traffic on the specified interface for the specified duration | |
| 26 | + | sudo timeout $DURATION tcpdump -i $INTERFACE -nn -q -tt 'ip' > $TMP_FILE 2>/dev/null | |
| 34 | 27 | ||
| 35 | - | # Calculate packet size (bytes) - field 8 (better validation) | |
| 36 | - | size = $NF | |
| 37 | - | if (size ~ /^[0-9]+$/) { | |
| 38 | - | # Count download (dst_ip) and upload (src_ip) for traffic | |
| 39 | - | download[dst_ip] += size | |
| 40 | - | upload[src_ip] += size | |
| 41 | - | } | |
| 42 | - | } | |
| 43 | - | END { | |
| 44 | - | print "Top 10 IPs by Traffic:" | |
| 45 | - | printf "%-15s\t%-15s\t%-15s\n", "IP Address", "Download (bytes)", "Upload (bytes)" | |
| 46 | - | for (ip in download) { | |
| 47 | - | total_bytes[ip] = download[ip] + upload[ip] | |
| 48 | - | } | |
| 49 | - | n = asorti(total_bytes, sorted_ips, "@val_num_desc") | |
| 50 | - | for (i = 1; i <= 10 && i <= n; i++) { | |
| 51 | - | ip = sorted_ips[i] | |
| 52 | - | download_data = download[ip] > 0 ? download[ip] " bytes" : "0 bytes" | |
| 53 | - | upload_data = upload[ip] > 0 ? upload[ip] " bytes" : "0 bytes" | |
| 54 | - | printf "%-15s\t%-15s\t%-15s\n", ip, download_data, upload_data | |
| 28 | + | # Calculate traffic statistics | |
| 29 | + | awk ' | |
| 30 | + | /IP/ { | |
| 31 | + | # Extract source and destination IPs using a stricter pattern to ensure only IPs are captured | |
| 32 | + | if (match($3, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 33 | + | src_ip = substr($3, RSTART, RLENGTH) | |
| 34 | + | } | |
| 35 | + | if (match($5, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 36 | + | dst_ip = substr($5, RSTART, RLENGTH) | |
| 37 | + | } | |
| 38 | + | ||
| 39 | + | # Calculate packet size (bytes) - field 8 (better validation) | |
| 40 | + | size = $NF | |
| 41 | + | if (size ~ /^[0-9]+$/) { | |
| 42 | + | # Count download (dst_ip) and upload (src_ip) for traffic | |
| 43 | + | download[dst_ip] += size | |
| 44 | + | upload[src_ip] += size | |
| 45 | + | } | |
| 55 | 46 | } | |
| 56 | - | }' $TMP_FILE | |
| 47 | + | END { | |
| 48 | + | # Create a combined total_bytes array for sorting | |
| 49 | + | for (ip in download) { | |
| 50 | + | total_bytes[ip] = download[ip] + upload[ip] | |
| 51 | + | } | |
| 52 | + | ||
| 53 | + | # Sort IPs by total bytes in descending order | |
| 54 | + | n = asorti(total_bytes, sorted_ips, "@val_num_desc") | |
| 55 | + | ||
| 56 | + | for (i = 1; i <= n; i++) { | |
| 57 | + | ip = sorted_ips[i] | |
| 58 | + | download_data = download[ip] > 0 ? download[ip] : 0 | |
| 59 | + | upload_data = upload[ip] > 0 ? upload[ip] : 0 | |
| 60 | + | printf "%-15s\t%-15d\t%-15d\n", ip, download_data, upload_data | |
| 61 | + | } | |
| 62 | + | }' $TMP_FILE | |
| 63 | + | ||
| 64 | + | # Print separator line | |
| 65 | + | echo "=======================================" | |
| 66 | + | ||
| 67 | + | # Clean up the temporary file | |
| 68 | + | rm -f $TMP_FILE | |
| 69 | + | done | |
| 57 | 70 | } | |
| 58 | 71 | ||
| 59 | 72 | # Call function with passed argument (network interface) | |
| 60 | - | get_top_ip $1 | |
| 73 | + | monitor_traffic $1 | |
anduin revised this gist . Go to revision
1 file changed, 1 insertion, 1 deletion
MoniTraffic.sh
| @@ -9,7 +9,7 @@ function get_top_ip() { | |||
| 9 | 9 | fi | |
| 10 | 10 | ||
| 11 | 11 | INTERFACE=$1 | |
| 12 | - | DURATION=180 # Duration in seconds (3 minutes) | |
| 12 | + | DURATION=10 # Duration in seconds (3 minutes) | |
| 13 | 13 | ||
| 14 | 14 | # Temp file to store tcpdump output | |
| 15 | 15 | TMP_FILE=$(mktemp) | |
anduin revised this gist . Go to revision
1 file changed, 60 insertions
MoniTraffic.sh(file created)
| @@ -0,0 +1,60 @@ | |||
| 1 | + | #!/bin/bash | |
| 2 | + | ||
| 3 | + | function get_top_ip() { | |
| 4 | + | if [ -z "$1" ]; then | |
| 5 | + | echo "Usage: $0 <network_interface>" | |
| 6 | + | echo "Available network interfaces:" | |
| 7 | + | ip link show | awk -F': ' '/^[0-9]+: /{print $2}' | |
| 8 | + | exit 1 | |
| 9 | + | fi | |
| 10 | + | ||
| 11 | + | INTERFACE=$1 | |
| 12 | + | DURATION=180 # Duration in seconds (3 minutes) | |
| 13 | + | ||
| 14 | + | # Temp file to store tcpdump output | |
| 15 | + | TMP_FILE=$(mktemp) | |
| 16 | + | trap "rm -f $TMP_FILE" EXIT # Ensure cleanup on exit | |
| 17 | + | ||
| 18 | + | # Capture IPv4 traffic on the specified interface | |
| 19 | + | echo "Capturing network traffic on $INTERFACE for $DURATION seconds..." | |
| 20 | + | sudo timeout $DURATION tcpdump -i $INTERFACE -nn -q -tt 'ip' > $TMP_FILE | |
| 21 | + | ||
| 22 | + | echo "Processing captured traffic data..." | |
| 23 | + | ||
| 24 | + | # Calculate traffic statistics | |
| 25 | + | awk ' | |
| 26 | + | /IP/ { | |
| 27 | + | # Extract source and destination IPs using a stricter pattern to ensure only IPs are captured | |
| 28 | + | if (match($3, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 29 | + | src_ip = substr($3, RSTART, RLENGTH) | |
| 30 | + | } | |
| 31 | + | if (match($5, /^[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+/)) { | |
| 32 | + | dst_ip = substr($5, RSTART, RLENGTH) | |
| 33 | + | } | |
| 34 | + | ||
| 35 | + | # Calculate packet size (bytes) - field 8 (better validation) | |
| 36 | + | size = $NF | |
| 37 | + | if (size ~ /^[0-9]+$/) { | |
| 38 | + | # Count download (dst_ip) and upload (src_ip) for traffic | |
| 39 | + | download[dst_ip] += size | |
| 40 | + | upload[src_ip] += size | |
| 41 | + | } | |
| 42 | + | } | |
| 43 | + | END { | |
| 44 | + | print "Top 10 IPs by Traffic:" | |
| 45 | + | printf "%-15s\t%-15s\t%-15s\n", "IP Address", "Download (bytes)", "Upload (bytes)" | |
| 46 | + | for (ip in download) { | |
| 47 | + | total_bytes[ip] = download[ip] + upload[ip] | |
| 48 | + | } | |
| 49 | + | n = asorti(total_bytes, sorted_ips, "@val_num_desc") | |
| 50 | + | for (i = 1; i <= 10 && i <= n; i++) { | |
| 51 | + | ip = sorted_ips[i] | |
| 52 | + | download_data = download[ip] > 0 ? download[ip] " bytes" : "0 bytes" | |
| 53 | + | upload_data = upload[ip] > 0 ? upload[ip] " bytes" : "0 bytes" | |
| 54 | + | printf "%-15s\t%-15s\t%-15s\n", ip, download_data, upload_data | |
| 55 | + | } | |
| 56 | + | }' $TMP_FILE | |
| 57 | + | } | |
| 58 | + | ||
| 59 | + | # Call function with passed argument (network interface) | |
| 60 | + | get_top_ip $1 | |
Newer
Older