1、抓包脚本
# cat capturepackages.sh
#!/usr/bin/sh
#
while [ 1 ]
do
STIME=`date +%F"@"%H%M%S`
DATE_DIR=`date +%F`
if [ ! -d /tnm/capture/$DATE_DIR ];then
mkdir -p /tnm/capture/$DATE_DIR
fi
/usr/local/sbin/tcpdump -w /tnm/capture/$DATE_DIR/$STIME.log -s 5000 -i lan0
done
2、停抓包的脚本
# cat stopscript.sh
#!/usr/bin/sh
STIME=`date +%F"@"%H%M%S`
zhuabao=`ps -ef|grep tcpdump|awk '/lan0/ { print $2 }'`
jiaoben=`ps -ef|grep capturepackages|awk '/bin/ { print $2 }'`
if [ -n "$zhuabao" ] && [ -n "$jiaoben" ];
then
kill -9 $jiaoben
kill -9 $zhuabao
echo " This $STIME the script is execute success! " >> /tnm/capture/messages
else
echo " The script has problem! "
fi
3、把这两个脚本加入crontab定时任务
本文转自服务器运维博客51CTO博客,原文链接http://blog.51cto.com/shamereedwine/1869567如需转载请自行联系原作者
neijiade10000
