分析本地网络流量,使用 tshark 和 BASH 更新配额
我有一个有点奇怪的问题,我真的希望有人可以帮助解决这个问题:
我上大学,这里的无线网络每周为每次登录分配一定的配额(我的是 2GB)。这意味着每周我只能访问 2GB 的互联网 - 我的上传和下载总计不得超过 2GB(我可以访问一个告诉我剩余配额的网页)。我通常会被允许一些宽限 KB,但我们不要考虑这个问题。
我的笔记本电脑运行 Ubuntu 并安装了 conky 系统监视器,我已将其配置为显示(除其他外)我的剩余无线配额。最初,我让 conky 点击网页并grep获取剩余配额。然而,由于我的 conky 每 5 秒刷新一次,并且我的无线连接时间超过 12 小时,因此检查网页本身会耗尽我的无线配额。
为了解决这个问题,我想我可以做以下两件事之一:
- 减少访问网页的频率,这样就不会耗尽我的配额。
- 监视我的无线卡上的无线流量,并不断从 2GB 中减去它
(1),这是我到目前为止所做的:我设置了一个 cron 作业,每分钟访问网页,并将结果存储在文件中在我的本地文件系统上。然后 Conky 读取该文件 - 不需要它访问网页;得益于 conky,无线配额不会丢失。
这个解决方案的胜率是 12 倍,但这仍然不够。然而,我是实时数据的粉丝,不会进一步降低 cron 频率。
所以,我唯一的其他解决方案是(2)。这是我发现wireshark 和它的命令行版本tshark 的时候。现在,我认为我应该做的是:
- daemonize tshark
- 设置 tshark 来监视流经无线卡的流量量(以 KB 或 B 或 MB 为单位 - 我稍后可以转换)
- 继续将此流量信息附加到 file1
- 总结流量file1 中的信息并从 2GB 中减去它。将结果存储在 file2 中,
- 设置 conky 读取 file2 - 这是我的剩余配额,
- 设置一个 cron 作业,每周一早上 6.30 删除/擦除 file1 的内容(那时每周配额重置)
最后,我的问题是:
- 你看到更好的结果了吗 ?方法来做到这一点?
- 如果没有,我该如何设置 tshark 以使其执行我想要的操作?我可能还需要哪些其他脚本?
如果有帮助,网站告诉我我的剩余配额是 KB
我已经查看了 tshark 手册页,不幸的是,这对我来说没有什么意义,因为我是网络 n00b。
先感谢您。
I have a slightly weird problem and I really hope someone can help with this:
I go to university and the wireless network here issues every login a certain quota/week (mine is 2GB). This means that every week, I am only allowed to access 2GB of the Internet - my uploads and downloads together must total at most 2GB (I am allowed access to a webpage that tells me my remaining quota). I'm usually allowed a few grace KB but let's not consider that for this problem.
My laptop runs Ubuntu and has the conky system monitor installed, which I've configured to display (among other things, ) my remaining wireless quota. Originally, I had conky hit the webpage and grep for my remaining quota. However, since my conky refreshes every 5 seconds and I'm on the wireless connection for upwards of 12 hours, the checking of the webpage itself kills my wireless quota.
To solve this problem, I figured I could do one of two things:
- Hit the webpage much less frequently so that doing so doesn't kill my quota.
- Monitor the wireless traffic at my wireless card and keep subtracting it from 2GB
(1) is what I've done so far: I setup a cron job to hit the webpage every minute and store the result in file on my local filesystem. Conky then reads this file - no need for it to hit the webpage; no loss of wireless quota thanks to conky.
This solution is a win by a factor of 12, which is still not enough. However, I'm a fan of realtime data and will not reduce the cron frequency further.
So, the only other solution that I have is (2). This is when I found out about wireshark and it's commandline version tshark. Now, here's what I think I should do:
- daemonize tshark
- set tshark to monitor the amount (in KB or B or MB - I can convert this later) of traffic flowing through my wireless card
- keep appending this traffic information to file1
- sum up the traffic information in the file1 and subtract it from 2GB. Store the result in file2
- set conky to read file2 - that is my remaining quota
- setup a cron job to delete/erase_the_contents_of file1 every Monday at 6.30AM (that's when the weekly quota resets)
At long last, my questions:
- Do you see a better way to do this?
- If not, how do I setup tshark to make it do what I want? What other scripts might I need?
If it helps, the website tells me my remaining quota is KB
I've already looked at the tshark man page, which unfortunately makes little sense to me, being the network-n00b that I am.
Thank you in advance.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
有趣的问题。我没有使用tshark的经验,所以我个人会使用iptables来解决这个问题。
看一下:
我们看到 iptables 记录了通过每个链的字节数。因此,人们可以通过以下方式监控您的带宽使用情况:
-z选项)以下是使用 iptables 进行 IP 计费。
注意事项
这种方法有一些缺点。首先,您需要 root 访问权限才能运行 iptables,这意味着您需要以 root 身份运行 conky,或者运行一个 cron 守护进程,将当前值写入 conky 有权访问的文件中。
此外,并非所有 INPUT/OUTPUT 数据包都可能计入您的带宽分配,例如 Intranet 访问、DNS 等。可以通过匹配它们并将它们放置在单独的 iptables 链中来仅过滤掉相关连接(示例在上面给出的链接中)。一种更简单的方法(如果差异不是太大)是偶尔从网络上获取实时配额,重置您的值并重新开始。
当您现有的 iptables 规则要么很复杂,要么使用自定义链时,它也会变得有点棘手。然后,您将需要一些iptables知识来检索正确的值。
Interesting question. I've no experience using tshark, so personally I would approach this using iptables.
Looking at:
we see that
iptableskeeps a tally of the the bytes that passes through the each chain. So one can presumably go about monitoring your bandwidth usage by:-zoption)Here are some examples of using iptables for IP accounting.
Caveats
There are some drawbacks to this approach. First of all you need root access to run iptables, which means you need conky running as root, or run a cron daemon which writes the current values to a file which conky has access to.
Also, not all INPUT/OUTPUT packets may count towards your bandwidth allocation, e.g. intranet access, DNS, etc. One can filter out only relevant connections by matching them and placing them in a separate iptables chain (examples in the link given above). An easier approach (if the disparity is not too large) would be to occasionally grab your real time quota from the web, reset your values and start again.
It also gets a little tricky when you have existing iptables rules which are either complicated or uses custom chains. You'll then need some knowledge of iptables to retrieve the right values.