📄 modelgen
字号:
#! /bin/sh#!/usr/bin/tclsh## Copyright (C) 2001 by USC/ISI# All rights reserved.## Redistribution and use in source and binary forms are permitted# provided that the above copyright notice and this paragraph are# duplicated in all such forms and that any documentation, advertising# materials, and other materials related to such distribution and use# acknowledge that the software was developed by the University of# Southern California, Information Sciences Institute. The name of the# University may not be used to endorse or promote products derived from# this software without specific prior written permission.## THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED# WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.## ModelGen is a set of scripts that take tcpdump trace as input and# output a set of CDF files that model Web traffic. It also outputs# a time series of traffic size (in 1ms block) for further wavelet # scaling analysis## usage:# ./ModelGen <tcpdump trace> <threshold> <network prefix>## <tcpdump trace> : tcpdump trace file generated using# tcpdump -w option# <threshold> : the threshold time value (in millisecond)# that distinguishes idle periods in order # to infer user "think" times between # requests for new top-level pages.# <network prefix>: network prefix used to distinguish# inbound vs. outbound traffic## example: ./ModelGen tracefile 1000 128.9## Note that current it's only tested on Linux system## This work is supported by DARPA through SAMAN Project# (http://www.isi.edu/saman/), administered by the Space and Naval# Warfare System Center San Diego under Contract No. N66001-00-C-8066###dateecho "*** parsing tcpdump file ***"echo "*** parsing .all ***"./tcpdump -n -tt -q -r $1 > $1.alldateecho "*** parsing .www ***"./tcpdump -n -tt -r $1 tcp port 80 > $1.www#./tcpdump -n -tt -r $1 port ftp or port ftp-data > $1.ftpdateecho "*** parsing .ftp ***"./tcpdump -n -tt -r $1 port ftp > $1.ftp1cat $1.ftp1 | getFTPclient.pl > $1.ftp2cat $1.all | getFTP.pl -r $1.ftp2 > $1.ftp#./tcpdump -q -n -tt -r $1 port ftp or port ftp-data > $1.ftps#./tcpdump -n -tt -r $1 port domain > $1.dnsdateecho "*** parsing .http-srv ***"./tcpdump -n -tt -r $1 tcp src port 80 > $1.http-srvdateecho "*** analyze traffic mix ***"#cat $1.all | io.pl -s $3 -w $1.all#cat $1.all.inbound | traffic-classify > $1.traffic.cnt.inbound#cat $1.all.outbound | traffic-classify > $1.traffic.cnt.outbounddateecho "*** analyze flow statistics ***"#awk -f flow.awk < $1.all.outbound > $1.all.outbound.flow#awk -f flow.awk < $1.all.inbound > $1.all.inbound.flow#sort -s -o $1.all.outbound.flow.sort -T /tmp $1.all.outbound.flow#sort -s -o $1.all.inbound.flow.sort -T /tmp $1.all.inbound.flow#cat $1.all.outbound.flow.sort | flow.pl -w $1.outbound.flow#cat $1.all.inbound.flow.sort | flow.pl -w $1.inbound.flow#sort -s -o $1.inbound.flow.start.sort $1.inbound.flow.start#sort -s -o $1.outbound.flow.start.sort $1.outbound.flow.start#awk -f arrive2inter.awk < $1.outbound.flow.start.sort > $1.outbound.flow.arrival#awk -f arrive2inter.awk < $1.inbound.flow.start.sort > $1.inbound.flow.arrival#dat2cdf -e 1024 -i 1024 -d 1024 -t $1.outbound.flow.size#dat2cdf -e 1024 -i 1024 -d 1024 -t $1.inbound.flow.size#dat2cdf -e 0 -i 1 -d 1 -t $1.outbound.flow.dur#dat2cdf -e 0 -i 1 -d 1 -t $1.inbound.flow.dur#dat2cdf -e 0 -i 0.001 -d 1 -t $1.outbound.flow.arrival#dat2cdf -e 0 -i 0.001 -d 1 -t $1.inbound.flow.arrivaldateecho "*** seperate Inbound and Outbound traffic ***"echo "DNS"#io.tcl $1.dnsdateecho "WWW"#cat $1.www | io.www.pl -s $3 -w $1.wwwcat $1.http-srv | io.www.pl -s $3 -w $1.http-srvdateecho "FTP"#cat $1.ftp | io.ftp.pl -s $3 -w $1.ftp#cat $1.ftps | io.ftp.pl -s $3 -w $1.ftps##############################date/bin/rm -rf *.time-series/bin/rm -rf *connect.time*echo "*** Analyze Inbound traffic ***"echo "run http_connect"sort -s -o $1.in.http-srv-sort +1 -2 +3 -4 +0 -1 -T /tmp $1.http-srv.inboundhttp_connect -r $1.in.http-srv-sort -w $1.in.http-srv.connectgrep "ACT" $1.in.http-srv.connect > $1.in.http-srv.connect.timesort $1.in.http-srv.connect.time > $1.in.http-srv.connect.time.sortdateecho "run http_active"sort -s -o $1.in.http-srv.connect.sort +1 -2 +0 -1 -T /tmp $1.in.http-srv.connecthttp_active -r $1.in.http-srv.connect.sort -w $1.in.http-srv.active -I $2dateecho "compute CDF statistics"cat $1.in.http-srv.active.activity | outputCDF -e inbounddateecho "compute time series (1ms block)"bw.tcl $1.http-srv.inboundcat $1.http-srv.inbound.bw | time-series.pl > $1.in.time-series##############################dateecho "*** Analyze Outbound traffic ***"echo "run http_connect"sort -s -o $1.out.http-srv-sort +1 -2 +3 -4 +0 -1 -T /tmp $1.http-srv.outboundhttp_connect -r $1.out.http-srv-sort -w $1.out.http-srv.connectgrep "ACT" $1.out.http-srv.connect > $1.out.http-srv.connect.timesort $1.out.http-srv.connect.time > $1.out.http-srv.connect.time.sortdateecho "run http_active"sort -s -o $1.out.http-srv.connect.sort +1 -2 +0 -1 -T /tmp $1.out.http-srv.connecthttp_active -r $1.out.http-srv.connect.sort -w $1.out.http-srv.active -I $2dateecho "compute CDF statistics"cat $1.out.http-srv.active.activity | outputCDF -e outbounddateecho "compute time series (1ms block)"bw.tcl $1.http-srv.outboundcat $1.http-srv.outbound.bw | time-series.pl > $1.out.time-series######################################echo "*** Delay and Bandwidth estimation ***"echo "WWW traffic"dateecho "output traffic between web servers and clients"cat $1.www | BW-seq.pl -s $3 -p 80sort inbound.seq -o inbound.seq.sortedsort outbound.seq -o outbound.seq.sorteddateecho "search for DATA/ACK packets which have the same seqence number for outbound traffic"cat outbound.seq.sorted | BW-pair.pl > $1.outbound.pairdateecho "estimate the bandwidth for inbound/outbound traffic"cat $1.outbound.pair | BW.out.pl -w $1.wwwcat inbound.seq.sorted | BW.in.pl -w $1.wwwdat2cdf -e 0 -i 0.001 -d 1 -t $1.www.outbound.BWdat2cdf -e 0 -i 0.001 -d 1 -t $1.www.inbound.BWdat2cdf -e 0 -i 0.001 -d 1 -t $1.www.outbound.delaydateecho "Locate SYN connection"cat $1.www | delay.pl -p 80 > $1.syncsort -s -o $1.sync.sorted -T /tmp $1.syncdateecho "compute delay for each SYN connection pair between servers and clients"pair.tcl $1.sync.sorted > $1.sync.delaysort -s -o $1.sync.delay.sorted -T /tmp $1.sync.delayawk -f delay.awk < $1.sync.delay.sorted > $1.www.inbound.delaydat2cdf -e 0 -i 0.001 -d 1 -t $1.www.inbound.delay######################################echo "FTP traffic"dateecho "output traffic between ftp servers and clients"cat $1.ftp | BW-seq.pl -s $3 -p 20sort inbound.seq -o inbound.seq.sortedsort outbound.seq -o outbound.seq.sorteddateecho "search for DATA/ACK packets which have the same seqence number for outbound traffic"cat outbound.seq.sorted | BW-pair.pl > $1.outbound.pairdateecho "estimate the bandwidth for inbound/outbound traffic"cat $1.outbound.pair | BW.out.pl -w $1.ftpcat inbound.seq.sorted | BW.in.pl -w $1.ftpdat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.outbound.BWdat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.inbound.BWdat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.outbound.delaydateecho "Locate SYN connection"cat $1.ftp | delay.pl -p 21 > $1.syncsort -s -o $1.sync.sorted -T /tmp $1.syncdateecho "compute delay for each SYN connection pair between servers and clients"pair.tcl $1.sync.sorted > $1.sync.delaysort -s -o $1.sync.delay.sorted -T /tmp $1.sync.delayawk -f delay.awk < $1.sync.delay.sorted > $1.ftp.inbound.delaydat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.inbound.delay######################################echo "Output statistics for FTP traffic"dategrep ".20 >" $1.ftps.outbound | awk -f ftp.awk | sort > $1.ftp.outbound.conncat $1.ftp.outbound.conn | ftp.pl -w $1.ftp.outboundsort -o $1.ftp.outbound.sess.arrive.sort $1.ftp.outbound.sess.arrivegrep ".20 >" $1.ftps.inbound | awk -f ftp.awk | sort > $1.ftp.inbound.conncat $1.ftp.inbound.conn | ftp.pl -w $1.ftp.inboundsort -o $1.ftp.inbound.sess.arrive.sort $1.ftp.inbound.sess.arrivedat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.outbound.file.interdat2cdf -e 0 -i 1000 -d 1000 -t $1.ftp.outbound.sizedat2cdf -e 0 -i 1 -d 1 -t $1.ftp.outbound.filenodat2cdf -e 0 -i 0.001 -d 1 -t $1.ftp.inbound.file.interdat2cdf -e 0 -i 1000 -d 1000 -t $1.ftp.inbound.sizedat2cdf -e 0 -i 1 -d 1 -t $1.ftp.inbound.filenoawk -f arrive2inter.awk < $1.ftp.outbound.sess.arrive.sort > $1.ftp.outbound.sess.interdat2cdf -e 0 -i 0.01 -d 1 -t $1.ftp.outbound.sess.interawk -f arrive2inter.awk < $1.ftp.inbound.sess.arrive.sort > $1.ftp.inbound.sess.interdat2cdf -e 0 -i 0.01 -d 1 -t $1.ftp.inbound.sess.inter######################################echo "Output TCP window sizedateecho "WWW"grep " S " $1.www.outbound | grep ".80 >" > $1.www.outbound.svr.wingrep " S " $1.www.inbound | grep ".80 >" > $1.www.inbound.svr.wingrep " S " $1.www.outbound | grep ".80:" > $1.www.outbound.clnt.wingrep " S " $1.www.inbound | grep ".80:" > $1.www.inbound.clnt.winawk -f win.awk < $1.www.outbound.svr.win > $1.www.outbound.winsawk -f win.awk < $1.www.inbound.svr.win > $1.www.inbound.winsawk -f win.awk < $1.www.outbound.clnt.win > $1.www.outbound.wincawk -f win.awk < $1.www.inbound.clnt.win > $1.www.inbound.wincdat2cdf -e 1024 -i 1024 -d 1024 -t $1.www.outbound.winsdat2cdf -e 1024 -i 1024 -d 1024 -t $1.www.outbound.wincdat2cdf -e 1024 -i 1024 -d 1024 -t $1.www.inbound.winsdat2cdf -e 1024 -i 1024 -d 1024 -t $1.www.inbound.wincecho "FTP"grep " S " $1.ftp.outbound | grep ".20 >" > $1.ftp.outbound.svr.wingrep " S " $1.ftp.inbound | grep ".20 >" > $1.ftp.inbound.svr.wingrep " S " $1.ftp.outbound | grep ".20:" > $1.ftp.outbound.clnt.wingrep " S " $1.ftp.inbound | grep ".20:" > $1.ftp.inbound.clnt.winawk -f win.awk < $1.ftp.outbound.svr.win > $1.ftp.outbound.winsawk -f win.awk < $1.ftp.inbound.svr.win > $1.ftp.inbound.winsawk -f win.awk < $1.ftp.outbound.clnt.win > $1.ftp.outbound.wincawk -f win.awk < $1.ftp.inbound.clnt.win > $1.ftp.inbound.wincdat2cdf -e 1024 -i 1024 -d 1024 -t $1.ftp.outbound.winsdat2cdf -e 1024 -i 1024 -d 1024 -t $1.ftp.outbound.wincdat2cdf -e 1024 -i 1024 -d 1024 -t $1.ftp.inbound.winsdat2cdf -e 1024 -i 1024 -d 1024 -t $1.ftp.inbound.wincdateecho "execution complete"⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -