|
| 發表者 |
討論內容 |
冷日
(冷日) |
發表時間:2005/4/2 18:20 |
- Webmaster
- 註冊日: 2008/2/19
- 來自:
- 發表數: 15771
|
- [分享]用bandwidthd進行網絡流量檢測和分析
- 用bandwidthd進行網絡流量檢測和分析
在流量統計軟體中有MRTG,NTOP,BANDWIDTHD等多種,
MRTG 只是顯示某一網路連接埠(port)的總量,
NTOP詳細的多也很佔系統資源.
但不知道大家用過bandwidthd沒有,我就很喜歡它,因為它精簡,直觀.很容易配置.
好處:在任何一台電腦可以通過web界面用瀏覽器查看經過網路閘道器的各個ip流量,而且是分協定,分顏色顯示,已經有直觀的圖像曲線.
在日常維護中, 網管人員最頭痛的是內部網經常有人在大量傳送文件而導致本來可憐的頻寬變得更加狼狽.
如果在網路閘道器上裝上'bandwidthd' ,就可以追蹤的是各個的 IP 的流量,而且可以用圖像曲線顯示各個ip的相應不同協定顯示,還能分時段查看
例如包含HTTP, TCP, UDP, ICMP, VPN 以及 P2P 協定的各自流量,以ip為統計對象.
預設的顏色,TCP為綠色;HTTP為藍色;FTP為淺藍;P2P為粉紅;UDP為棕褐色; ICMP為紅色.
安裝修正還可以增加你想檢測連接埠(port).
例子:http://bandwidthd.sourceforge.net/demo/
安裝 bandwidthd 很簡單.
1.條件:
要先安裝有以下函式庫(Library):
如果沒有請到相關網址下載:
libpcap 相關網址 http://www.tcpdump.org/
libpng相關網址 http://www.libpng.org/
gd相關網址 http://www.boutell.com/gd/
系統須有支援 System V IPC (基本上Linux都有)
RedHat 9.0 內建的rpm也可以,要裝有下面的:
gd-1.8.4-4
gd-devel-1.8.4-4
libpng-1.2.2-16
libpng-devel-1.2.2-16
libpcap-0.7.2-1
分別執行 rpm -ivh rpm_filename 安裝即可.
2.下載:
bandwidthd原始網址如下:
http://bandwidthd.sourceforge.net/
裡面有下載地址的連接,目前最新的版本是 bandwidthd-2.0.1
下載bandwidthd-2.0.1.tgz 放在/home/中(這個目錄是我的習慣而已).
3. 安裝
3.1 [code:1:ab1496c3b4]tar -xvzf bandwidthd-2.0.1.tgz[/code:1:ab1496c3b4]
顯示:[code:1:ab1496c3b4]
[root@mail bandwidthd]# tar zxvf bandwidthd-2.0.1.tgz
bandwidthd-2.0.1/
bandwidthd-2.0.1/config.sub
bandwidthd-2.0.1/INSTALL.Windows
bandwidthd-2.0.1/configure.in
bandwidthd-2.0.1/schema.postgresql
bandwidthd-2.0.1/etc/
bandwidthd-2.0.1/etc/bandwidthd.conf
bandwidthd-2.0.1/conf.tab.c
bandwidthd-2.0.1/bandwidthd.h
bandwidthd-2.0.1/bandwidthd.c
bandwidthd-2.0.1/TODO
bandwidthd-2.0.1/configure
bandwidthd-2.0.1/graph.c
bandwidthd-2.0.1/INSTALL.Unix
bandwidthd-2.0.1/conf.l
bandwidthd-2.0.1/conf.y
bandwidthd-2.0.1/config.h.in
bandwidthd-2.0.1/phphtdocs/
bandwidthd-2.0.1/phphtdocs/config.conf
bandwidthd-2.0.1/phphtdocs/index.php
bandwidthd-2.0.1/phphtdocs/footer.php
bandwidthd-2.0.1/phphtdocs/bd_pgsql_purge.sh
bandwidthd-2.0.1/phphtdocs/details.php
bandwidthd-2.0.1/phphtdocs/logo.gif
bandwidthd-2.0.1/phphtdocs/graph.php
bandwidthd-2.0.1/phphtdocs/legend.gif
bandwidthd-2.0.1/phphtdocs/include.php
bandwidthd-2.0.1/conf.l.c
bandwidthd-2.0.1/config.guess
bandwidthd-2.0.1/conf.tab.h
bandwidthd-2.0.1/README
bandwidthd-2.0.1/Makefile.in
bandwidthd-2.0.1/htdocs/
bandwidthd-2.0.1/htdocs/logo.gif
bandwidthd-2.0.1/htdocs/legend.gif
bandwidthd-2.0.1/install-sh
bandwidthd-2.0.1/CHANGELOG
[/code:1:ab1496c3b4]
3.2 [code:1:ab1496c3b4]cd bandwidthd-2.0.1[/code:1:ab1496c3b4]
3.3我們來看依下有哪些 configure
[code:1:ab1496c3b4]./configure --help[/code:1:ab1496c3b4]
顯示:[code:1:ab1496c3b4]
# ./configure --help
`configure' configures this package to adapt to many kinds of systems.
Usage: ./configure [OPTION]... [VAR=VALUE]...
To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE. See below for descriptions of some of the useful variables.
Defaults for the options are specified in brackets.
Configuration:
-h, --help display this help and exit
--help=short display options specific to this package
--help=recursive display the short help of all the included packages
-V, --version display version information and exit
-q, --quiet, --silent do not print `checking...' messages
--cache-file=FILE cache test results in FILE [disabled]
-C, --config-cache alias for `--cache-file=config.cache'
-n, --no-create do not create output files
--srcdir=DIR find the sources in DIR [configure dir or `..']
Installation directories:
--prefix=PREFIX install architecture-independent files in PREFIX
[/usr/local]
--exec-prefix=EPREFIX install architecture-dependent files in EPREFIX
[PREFIX]
By default, `make install' will install all the files in
`/usr/local/bin', `/usr/local/lib' etc. You can specify
an installation prefix other than `/usr/local' using `--prefix',
for instance `--prefix=$HOME'.
For better control, use the options below.
Fine tuning of the installation directories:
--bindir=DIR user executables [EPREFIX/bin]
--sbindir=DIR system admin executables [EPREFIX/sbin]
--libexecdir=DIR program executables [EPREFIX/libexec]
--datadir=DIR read-only architecture-independent data [PREFIX/share]
--sysconfdir=DIR read-only single-machine data [PREFIX/etc]
--sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com]
--localstatedir=DIR modifiable single-machine data [PREFIX/var]
--libdir=DIR object code libraries [EPREFIX/lib]
--includedir=DIR C header files [PREFIX/include]
--oldincludedir=DIR C header files for non-gcc [/usr/include]
--infodir=DIR info documentation [PREFIX/info]
--mandir=DIR man documentation [PREFIX/man]
X features:
--x-includes=DIR X include files are in DIR
--x-libraries=DIR X library files are in DIR
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST build programs to run on HOST [BUILD]
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--with-x use the X Window System
Some influential environment variables:
CC C compiler command
CFLAGS C compiler flags
LDFLAGS linker flags, e.g. -L<lib dir> if you have libraries in a
nonstandard directory <lib dir>
CPPFLAGS C/C++ preprocessor flags, e.g. -I<include dir> if you have
headers in a nonstandard directory <include dir>
CPP C preprocessor
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.[/code:1:ab1496c3b4]
然後我習慣給定 prefix,所以變成[code:1:ab1496c3b4]
# ./configure '--prefix=/usr/local'[/code:1:ab1496c3b4]
顯示如下:[code:1:ab1496c3b4]
# ./configure '--prefix=/usr/local'
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking for bison... bison -y
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for executable suffix...
checking for object suffix... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for a BSD compatible install... /usr/bin/install -c
checking for flex... flex
checking for yywrap in -lfl... yes
checking lex output file root... lex.yy
checking whether yytext is a pointer... yes
checking how to run the C preprocessor... gcc -E
checking for X... libraries /usr/X11R6/lib, headers /usr/X11R6/include
checking for /sw/lib... no
checking for /sw/include... no
checking for /usr/pkg/lib... no
checking for /usr/pkg/include... no
checking for connect in -lsocket... no
checking for gethostbyname in -lnsl... yes
checking for inet_aton in -lresolv... yes
checking for pow in -lm... yes
checking for libiconv_open in -liconv... yes
checking for png_read_info in -lpng... yes
checking for gdImageCreate in -lgd... yes
checking for pcap_open_live in -lpcap... yes
checking for /usr/local/pgsql/lib... no
checking for /usr/local/pgsql/include... no
checking for PQconnectdb in -lpq... yes
checking for PQexecParams in -lpq... no
configure: WARNING: libpq exists but is too old... bandwidthd requires support for PQexecParams
checking for dirent.h that defines DIR... yes
checking for opendir in -ldir... no
checking for gd.h... yes
checking for gdfonts.h... yes
checking for pcap.h... yes
checking for arpa/inet.h... yes
checking for errno.h... yes
checking for netdb.h... yes
checking for netinet/in.h... yes
checking for stddef.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for sys/socket.h... yes
checking for sys/time.h... yes
checking for sys/wait.h... yes
checking for syslog.h... yes
checking for unistd.h... yes
checking for arpa/nameser.h... yes
checking for resolv.h... yes
checking for gcc option to accept ANSI C... none needed
checking for an ANSI C-conforming const... yes
checking for inline... inline
checking for ANSI C header files... yes
checking for stdlib.h... (cached) yes
checking for string.h... (cached) yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for unistd.h... (cached) yes
checking for pid_t... yes
checking for size_t... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking for struct tcphdr.source... yes
checking for struct tcphdr.th_sport... no
checking for struct tcphdr.dest... yes
checking for struct tcphdr.th_dport... no
checking for stdlib.h... (cached) yes
checking for working malloc... yes
checking for ANSI C header files... (cached) yes
checking whether time.h and sys/time.h may both be included... yes
checking for sys/time.h... (cached) yes
checking for unistd.h... (cached) yes
checking for alarm... yes
checking for working mktime... yes
checking return type of signal handlers... void
checking whether lstat dereferences a symlink specified with a trailing slash... yes
checking whether stat accepts an empty string... no
checking for alarm... (cached) yes
checking for gethostbyaddr... yes
checking for inet_ntoa... yes
checking for memset... yes
checking for strdup... yes
checking for strftime... yes
checking for pcap_findalldevs... no
configure: creating ./config.status
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config.h [/code:1:ab1496c3b4]
3.4 執行 [code:1:ab1496c3b4]make && make install[/code:1:ab1496c3b4]
顯示:[code:1:ab1496c3b4]
# make && make install
gcc -Wall -g -O2 -I/usr/local/include -DHAVE_CONFIG_H -DINSTALL_DIR=""/usr/local/bandwidthd"" -c -o bandwidthd.o bandwidthd.c
gcc -Wall -g -O2 -I/usr/local/include -DHAVE_CONFIG_H -DINSTALL_DIR=""/usr/local/bandwidthd"" -c -o graph.o graph.c
gcc -Wall -g -O2 -I/usr/local/include -DHAVE_CONFIG_H -DINSTALL_DIR=""/usr/local/bandwidthd"" -c -o conf.tab.o conf.tab.c
gcc -g -O2 -I/usr/local/include -DHAVE_CONFIG_H -c -o conf.l.o conf.l.c
gcc -Wall -g -O2 -I/usr/local/include -DHAVE_CONFIG_H -DINSTALL_DIR=""/usr/local/bandwidthd"" bandwidthd.o graph.o conf.tab.o conf.l.o -o bandwidthd -L/usr/X11R6/lib -L/usr/local/lib -lpcap -lgd -lpng -liconv -lm -lresolv -lnsl
/usr/bin/install -c -d /usr/local/bandwidthd/etc
/usr/bin/install -c -d /usr/local/bandwidthd/htdocs
/usr/bin/install -c -m755 -s bandwidthd /usr/local/bandwidthd
if [ ! -f /usr/local/bandwidthd/etc/bandwidthd.conf ] ; then /usr/bin/install -c -m644 etc/bandwidthd.conf /usr/local/bandwidthd/etc/ ; fi
/usr/bin/install -c -m644 htdocs/legend.gif /usr/local/bandwidthd/htdocs
/usr/bin/install -c -m644 htdocs/logo.gif /usr/local/bandwidthd/htdocs[/code:1:ab1496c3b4]
3.5 至此即已安裝完成,它會將 bandwidthd 安裝 至 /usr/local/bandwidthd 下
4. 設定 ,配置bandwidthd.conf
bandwidthd 的設定也很簡單,一個配置文件搞定,
一般修改一下網段和子網路遮罩,其他的用預設值即可,如果你熟悉英文,就看看其他選項.大概如下
編輯:[code:1:ab1496c3b4]
/usr/local/bandwidthd/etc/bandwidthd.conf
####################################################
# Bandwidthd.conf
#
# Commented out options are here to provide
# documentation and represent defaults
# Subnets to collect statistics on
#subnet 10.0.0.0 255.0.0.0
#subnet 208.16.191.0 255.255.255.0
subnet 192.168.1.250 255.255.255.0 #以一網段為例
# Device to listen on
dev "eth0" #(這是你要檢測的網卡,可以調整為對應的網絡連接?#93;備)
#把其中 subnet 的?#93;定,以一網段為例:
subnet 192.168.1.0 255.255.255.0
###################################################
# Options that don't usually get changed
# An interval is 2.5 minutes, this is how many
# intervals to skip before doing a graphing run
#skip_intervals 0 #預?#93;間隔?#123;2.5 minutes 刷新
# Graph cutoff is how many k must be transfered by an
# ip before we bother to graph it
#graph_cutoff 1024 #預?#93;間1M 以上的流量才有圖形
#Put interface in promiscuous mode to score to traffic
#that may not be routing through the host machine.
#promiscuous true #讓網卡在混雜模式中記錄
#Log data to cdf file htdocs/log.cdf 在bandwidthd中產生log2.cdf log.cdf格式數據記錄
output_cdf true
#Read back the cdf file on startup 在啟動bandwidth時重新讀取cdf的數據
recover_cdf true
#Libpcap format filter string used to control what bandwidthd see's
#Please always include "ip" in the string to avoid strange problems
#以ip為過濾對象
filter "ip"
#Draw Graphs
graph true
#以下是我安裝修正bandwidthd-cp3-1.2.1b.patch才有的,
# List of controled protocols
# format: item "item_name" rgb_color protocol ports 這是記錄的格式:連接埠(port)名字,RGB顏色,連接埠(port)號
# obs.: The yellow (0xffff00) color is predefined to the "TOTAL" item 黃色預?#93;為TOTAL的顏色
item "TCP" 0x00ff00 tcp all
item "HTTP" 0x0000ff tcp 80 443
item "FTP" 0xc0c0ff tcp 20 21
item "P2P" 0xff00ff tcp 1044 1045 1214 4661 4661 4665 5190 5500 5501 5502 5503 6346 6347 6666 6667 7788 8888 8889 28864 288
65
item "UDP" 0x800000 udp all
item "ICMP" 0xff0000 icmp all
item "SMTP" 0xFF8C00 tcp 25
item "POP3" 0x00FFFF tcp 110
[/code:1:ab1496c3b4]
其中SMTP和POP3是我為了更詳細的數據流而增加上去的.你也可以增加你想檢測的連接埠(port).
存檔之後,便可執行。
5. 運行 ,要先轉到安裝目錄才能執行[code:1:ab1496c3b4]
cd /usr/local/bandwidthd
./bandwidthd[/code:1:ab1496c3b4]
6. 顯示:
在web 主目錄下做個軟連接,執行[code:1:ab1496c3b4]
ln -s /usr/local/bandwidthd/htdocs bandwidthd[/code:1:ab1496c3b4]
接著您便可用 http://你的主機/bandwidthd
這樣就可以在瀏覽器裡面檢測你需要的流量了
另外,更多配置方法:
1. 把設定檔中的 dev 增加更多的dev,或設成 any 可以監控更多設備
2. 如果認為TOP20太少了,
就在還沒MAKE時候先改graph.c
graph.c中尋找[code:1:ab1496c3b4]
for (Counter=0; Counter < 21 && Counter < NumIps; Counter++)[/code:1:ab1496c3b4]
把21改成101
就變成TOP100
然後尋找TOP20改為字符串TOP100
然後存檔,再 make install 即可.
此方法我已經實踐通過,特意寫成文檔,以分享並感謝提供bandwidthd的開發者,如果覺得有更好的配置和使用方法,請互相交流. 如果有誤請賜教.
本bandwidthd進行網絡流量檢測和分析如果結合tc+iptables進行流量控制,是一個絕妙的組合. 這樣你就可以隨時檢測和控制網內所有機器及連接埠(port)的流量了.
|
|
|
|
