Code-Schnipsel: Unterschied zwischen den Versionen
Zeile 40: | Zeile 40: | ||
if($2=="Topology")s=1}END{print "}"}' | if($2=="Topology")s=1}END{print "}"}' | ||
</pre> | </pre> | ||
+ | |||
+ | ===VPN-Traffic messen=== | ||
+ | <pre> | ||
+ | iptables -I INPUT -p tcp --dport 5000 -j ACCEPT | ||
+ | iptables -I OUTPUT -p tcp --sport 5000 -j ACCEPT | ||
+ | |||
+ | iptables -vnxL|awk '/pt:5000/{if($11=="dpt:5000")a=$2;if($11=="dpt:5000")b=$2}END{print a+b}' | ||
+ | |||
+ | while true;do iptables -vnxL|awk '/pt:5000/{if($11=="dpt:5000")a=$2;if($11=="dpt:5000")b=$2}END{print "IN: "a/(1024*1024)" OUT: "b/(1024*1024)" Megabyte"}';sleep 60;done | ||
+ | </pre> | ||
+ | |||
+ | ===Aus Registrierungsdatenbank dot-Datei fuer GraphViz generieren=== | ||
+ | <pre> | ||
+ | awk 'BEGIN{print "graph g {"}{gsub(/[^a-zA-Z0-9 ]/,"");if($4==1&&$6==1&&$8==1&&$10==1){print $3" -- "$5;print $3" -- "$7;print $3" -- "$9";"}}END{print "}"}' registrator-db1.txt | ||
+ | |||
+ | neato -Earrowtail=normal -Goverlap=scale -Gsplines=true-v -Tjpg -o /tmp/vertrauen_overlap=scale.jpg /tmp/vertrauen.dot | ||
+ | </pre> | ||
+ | |||
+ | ===auf dem Router eine Karte fuer GraphViz generieren=== | ||
+ | <pre> | ||
+ | awk '{if($2=="localhost")s=1;z++;if(z>5){if($0=="")exit;print $1,substr($2,1,length($2)-5)}}END{print "---"}' /etc/hosts|sed -e 's/[^a-zA-Z0-9. ]//g'|awk -F'[. ]' '{print $1"."$2"."$3"."$4,$5""$3}' >/tmp/dat | ||
+ | |||
+ | wget -O - http://127.0.0.1:2006|awk '{if(s==1){if($0=="")exit;if($5<10&&$5!="0.00"&&$5<11)print $1,$2,$5};if($2=="Topology")s=1}' >>/tmp/dat | ||
+ | |||
+ | awk 'BEGIN{print "graph g {"}{if(s==1){if($3<12){pre="edge[style=";typ="dotted,weight=0] "};if($3<6)typ="dashed,weight=3] ";if($3<4){typ="";pre="edge[weigth=6] "};if($3<2){pre="edge[style=";typ="bold,weight=9] "};print pre""typ""node[$1]" -- "node[$2]";"};if(s!=1){node[$1]=$2};if($1=="...")s=1}END{print "}"}' /tmp/dat >/tmp/g.dot | ||
+ | |||
+ | neato -Goverlap=scale -v -Tjpg -o /tmp/vpnkarte.jpg /tmp/g.dot | ||
+ | </pre> | ||
+ | |||
+ | |||
+ | ===IP-Bereich Traffic aufsummieren=== | ||
+ | <pre> | ||
+ | INTERN1="104.0.0.0/8" | ||
+ | INTERN2="10.0.0.0/8" | ||
+ | |||
+ | STOERER="104.63.71.0/28" | ||
+ | |||
+ | # gute ports definieren | ||
+ | PORT1="21,22,23" | ||
+ | PORT2="80,443,8080" | ||
+ | PORT3="1863,5190,5222,5223,6661:6666" | ||
+ | PORT4="25,110,143,993,995" | ||
+ | |||
+ | # restlicher Datenverkehr ganz nach unten | ||
+ | iptables -I FORWARD -p all -d $STOERER -j ACCEPT | ||
+ | iptables -I FORWARD -p all -s $STOERER -j ACCEPT | ||
+ | |||
+ | # aller traffic vom stoerer zum internet | ||
+ | iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT1 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT2 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT3 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT4 -j ACCEPT | ||
+ | |||
+ | # aller traffic vom internet zum stoerer | ||
+ | iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT1 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT2 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT3 -j ACCEPT | ||
+ | iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT4 -j ACCEPT | ||
+ | |||
+ | # netzinterner traffic interessiert uns nicht | ||
+ | iptables -I FORWARD -p all -s $STOERER -d $INTERN1 -j ACCEPT | ||
+ | iptables -I FORWARD -p all -s $STOERER -d $INTERN2 -j ACCEPT | ||
+ | iptables -I FORWARD -p all -d $STOERER -s $INTERN1 -j ACCEPT | ||
+ | iptables -I FORWARD -p all -d $STOERER -s $INTERN2 -j ACCEPT | ||
+ | |||
+ | # datenverkehr auf den boesen ports ausgeben | ||
+ | iptables -nvL FORWARD|tail -2 | ||
+ | </pre> | ||
+ | |||
+ | ===Nachbarn anzeigen - Methode0: - neues OLSR-PlugIn ab FFF v1.3=== | ||
+ | wget -O - http://127.0.0.1:2006/neighbours | ||
+ | |||
+ | ===Nachbarn anzeigen - Methode1:=== | ||
+ | wget -O - http://127.0.0.1:8080/nodes|awk -F"[< =>]" '{if(s==1&&$0=="</table>")exit;if(s==1)print $9,$17,$21,$25,$29,$33;if($3=="width")s=1}' | ||
+ | |||
+ | ===Nachbarn anzeigen - Methode2:=== | ||
+ | wget -O - http://127.0.0.1:8080/nodes|awk -F"[ =]" '{if(s==1&&$0=="</table>")exit;if(s==1)print;if($2=="width")s=1}' | ||
+ | |||
+ | ===Traffic (ausgehend) messen:=== | ||
+ | iptables -I OUTPUT -p tcp --dport 5000 -j ACCEPT | ||
+ | while true;do iptables -xvZ -L OUTPUT|awk '/dpt:5000/{print}';sleep 100;done | ||
+ | iptables -D OUTPUT -p tcp --dport 5000 -j ACCEPT | ||
+ | |||
+ | ===MAC-Adressenliste im ganzen Netz aktualisieren:=== | ||
+ | awk 'BEGIN{for(;c<249;){c++;system("wget -O - http://10.63."c".1/cgi-bin-info.html?b")}}' | ||
+ | |||
+ | ===von allen Routern im Netz den Hardwareindex-zeigen:=== | ||
+ | for I in $(ip route|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;wget -O - http://$I/cgi-bin-info.html?h|sed -n '/fix-index/{n;p;}';done | ||
+ | |||
+ | ===von allen Routern im Netz mit unbekanntem Hardwareindex diesen zeigen:=== | ||
+ | for I in $(ip route|sort|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;A=$(wget -O - http://$I/cgi-bin-info.html?h|sed -n '/fix-index/{n;p;}');if [ "$A" != "926db47246" ] && [ "$A" != "ee0048c876" ] && [ "$A" != "12cf47b37d" ] && [ "$A" != "aa2b1b94d7" ] && [ "$A" != "3dc768379f" ] && [ "$A" != "6720f2d909" ] ;then echo $A;fi;done | ||
+ | |||
+ | ===von allen routern im netz mac adressen einsammeln -klauschweine=== | ||
+ | for I in $(ip route|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;wget -O - http://$I/cgi-bin-info.html?h|grep perm_ether;done |
Version vom 8. Oktober 2006, 11:24 Uhr
Netzkarte als .dot-Datei ausgeben mit olsrd-plaintext-plugin
- speichern als /www/cgi-bin-map
- beim aufruf wird direkt die datei heruntergeladen, danach:
- neato -Goverlap=scale -Gsplines=true -Gstart=3 -v -Tpng -o karte.png karte.dot
- Handarbeit / Nacharbeit ist manchmal notwendig. (Nodes stehen noch in /etc/hosts, aber im OLSR nicht mehr etc.)
- ToDo:
- kumulieren der ETX-Werte ueber einen groesseren Zeitraum -> Durchschnittsbildung
- Bandbreite anstatt ETX-Wert visualisieren
- GPS-Daten miteinbeziehen
#!/bin/sh D=$(date|sed -e's/[:T-]/ /g'|while read t m t h mi r r r y;do echo $y$m$t-$h"uhr"$mi;done) F="netzkarte-("$(nvram get wl0_ssid)")-"$D".dot" echo "Content-type: application/octet-stream" echo "Content-Disposition: attachment; filename=\"$F\"" echo -e "\ngraph g {" awk '/10.63./ { IP=$1 gsub(/\./,"A",$1) gsub(/[^a-zA-Z0-9. ]/,"",$2) gsub(/.olsr/,"",$2) print "A"$1"[label=\""$2"\\n("IP")\"];"}' /etc/hosts wget -O - http://127.0.0.1:2006|awk '{ if(s==1){ if($0=="")exit if($5!="0.00"&&$5<11){ if($5<11)arg="dotted" if($5<7)arg="dashed" if($5<4)arg="normal" if($5<2)arg="bold" style="[style="arg"];" if(arg=="normal")style=";" gsub(/\./,"A",$1) gsub(/\./,"A",$2) print "A"$1" -- A"$2,style }} if($2=="Topology")s=1}END{print "}"}'
VPN-Traffic messen
iptables -I INPUT -p tcp --dport 5000 -j ACCEPT iptables -I OUTPUT -p tcp --sport 5000 -j ACCEPT iptables -vnxL|awk '/pt:5000/{if($11=="dpt:5000")a=$2;if($11=="dpt:5000")b=$2}END{print a+b}' while true;do iptables -vnxL|awk '/pt:5000/{if($11=="dpt:5000")a=$2;if($11=="dpt:5000")b=$2}END{print "IN: "a/(1024*1024)" OUT: "b/(1024*1024)" Megabyte"}';sleep 60;done
Aus Registrierungsdatenbank dot-Datei fuer GraphViz generieren
awk 'BEGIN{print "graph g {"}{gsub(/[^a-zA-Z0-9 ]/,"");if($4==1&&$6==1&&$8==1&&$10==1){print $3" -- "$5;print $3" -- "$7;print $3" -- "$9";"}}END{print "}"}' registrator-db1.txt neato -Earrowtail=normal -Goverlap=scale -Gsplines=true-v -Tjpg -o /tmp/vertrauen_overlap=scale.jpg /tmp/vertrauen.dot
auf dem Router eine Karte fuer GraphViz generieren
awk '{if($2=="localhost")s=1;z++;if(z>5){if($0=="")exit;print $1,substr($2,1,length($2)-5)}}END{print "---"}' /etc/hosts|sed -e 's/[^a-zA-Z0-9. ]//g'|awk -F'[. ]' '{print $1"."$2"."$3"."$4,$5""$3}' >/tmp/dat wget -O - http://127.0.0.1:2006|awk '{if(s==1){if($0=="")exit;if($5<10&&$5!="0.00"&&$5<11)print $1,$2,$5};if($2=="Topology")s=1}' >>/tmp/dat awk 'BEGIN{print "graph g {"}{if(s==1){if($3<12){pre="edge[style=";typ="dotted,weight=0] "};if($3<6)typ="dashed,weight=3] ";if($3<4){typ="";pre="edge[weigth=6] "};if($3<2){pre="edge[style=";typ="bold,weight=9] "};print pre""typ""node[$1]" -- "node[$2]";"};if(s!=1){node[$1]=$2};if($1=="...")s=1}END{print "}"}' /tmp/dat >/tmp/g.dot neato -Goverlap=scale -v -Tjpg -o /tmp/vpnkarte.jpg /tmp/g.dot
IP-Bereich Traffic aufsummieren
INTERN1="104.0.0.0/8" INTERN2="10.0.0.0/8" STOERER="104.63.71.0/28" # gute ports definieren PORT1="21,22,23" PORT2="80,443,8080" PORT3="1863,5190,5222,5223,6661:6666" PORT4="25,110,143,993,995" # restlicher Datenverkehr ganz nach unten iptables -I FORWARD -p all -d $STOERER -j ACCEPT iptables -I FORWARD -p all -s $STOERER -j ACCEPT # aller traffic vom stoerer zum internet iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT1 -j ACCEPT iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT2 -j ACCEPT iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT3 -j ACCEPT iptables -I FORWARD -p tcp -s $STOERER -m multiport --dport $PORT4 -j ACCEPT # aller traffic vom internet zum stoerer iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT1 -j ACCEPT iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT2 -j ACCEPT iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT3 -j ACCEPT iptables -I FORWARD -p tcp -d $STOERER -m multiport --sport $PORT4 -j ACCEPT # netzinterner traffic interessiert uns nicht iptables -I FORWARD -p all -s $STOERER -d $INTERN1 -j ACCEPT iptables -I FORWARD -p all -s $STOERER -d $INTERN2 -j ACCEPT iptables -I FORWARD -p all -d $STOERER -s $INTERN1 -j ACCEPT iptables -I FORWARD -p all -d $STOERER -s $INTERN2 -j ACCEPT # datenverkehr auf den boesen ports ausgeben iptables -nvL FORWARD|tail -2
Nachbarn anzeigen - Methode0: - neues OLSR-PlugIn ab FFF v1.3
wget -O - http://127.0.0.1:2006/neighbours
Nachbarn anzeigen - Methode1:
wget -O - http://127.0.0.1:8080/nodes%7Cawk -F"[< =>]" '{if(s==1&&$0=="")exit;if(s==1)print $9,$17,$21,$25,$29,$33;if($3=="width")s=1}'
Nachbarn anzeigen - Methode2:
wget -O - http://127.0.0.1:8080/nodes%7Cawk -F"[ =]" '{if(s==1&&$0=="")exit;if(s==1)print;if($2=="width")s=1}'
Traffic (ausgehend) messen:
iptables -I OUTPUT -p tcp --dport 5000 -j ACCEPT while true;do iptables -xvZ -L OUTPUT|awk '/dpt:5000/{print}';sleep 100;done iptables -D OUTPUT -p tcp --dport 5000 -j ACCEPT
MAC-Adressenliste im ganzen Netz aktualisieren:
awk 'BEGIN{for(;c<249;){c++;system("wget -O - http://10.63."c".1/cgi-bin-info.html?b")}}'
von allen Routern im Netz den Hardwareindex-zeigen:
for I in $(ip route|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;wget -O - http://$I/cgi-bin-info.html?h%7Csed -n '/fix-index/{n;p;}';done
von allen Routern im Netz mit unbekanntem Hardwareindex diesen zeigen:
for I in $(ip route|sort|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;A=$(wget -O - http://$I/cgi-bin-info.html?h%7Csed -n '/fix-index/{n;p;}');if [ "$A" != "926db47246" ] && [ "$A" != "ee0048c876" ] && [ "$A" != "12cf47b37d" ] && [ "$A" != "aa2b1b94d7" ] && [ "$A" != "3dc768379f" ] && [ "$A" != "6720f2d909" ] ;then echo $A;fi;done
von allen routern im netz mac adressen einsammeln -klauschweine
for I in $(ip route|awk '{if(substr($0,1,5)=="10.63")print $1}'|grep -v /);do echo $I;wget -O - http://$I/cgi-bin-info.html?h%7Cgrep perm_ether;done