登录远程服务器抓包

#!/bin/bash

# 远程服务器列表，以空格间隔，如IP1 IP2
SERVERS_IP="21.254.176.3 21.254.176.135 21.254.176.144 21.254.176.138 21.254.176.146 21.254.176.141 21.254.176.145 21.254.178.2 21.254.178.15 21.254.178.3 21.254.178.17 21.254.176.70 21.254.176.93 21.254.178.33 21.254.178.34 21.254.178.35 21.254.178.58 21.254.176.71 21.254.176.94 21.254.178.12 21.254.178.14 21.254.177.71 21.254.177.131 21.254.177.72 21.254.177.132 21.254.178.11 21.254.178.16 21.254.177.130 21.254.177.70"
USERNAME=root

if [ "$#" != "1" ];then
echo "USAGE:$0 [start|stop|download]"
exit 1
fi

# 登陆远程服务器，开启tcpdump命令
function start()
{
for ip in $SERVERS_IP
do
nohup ssh $USERNAME@$ip "tcpdump -i eth1 -s 0 -w $ip.cap" > /dev/null 2> error.log &
echo "$ip抓包开始............................"
done

echo "远程服务器抓包已全部开启"
}

# 登陆远程服务器，停止tcpdump命令
function stop()
{
for ip in $SERVERS_IP
do
nohup ssh $USERNAME@$ip 'PID=`ps -ef | grep tcpdump | grep -v grep | awk "{print $2}"`;kill -9 $PID' > /dev/null 2> error.log &
echo "$ip抓包停止............................"
done

echo "远程服务器抓包已全部停止"
}

# 下载远程服务器的CAP到本地
function download()
{
for ip in $SERVERS_IP
do
echo "$ip.cap开始下载............................"
scp $USERNAME@$ip:/root/$ip.cap .
done

echo "远程服务器抓包已全部下载"
}

function test()
{
echo "远程服务器tcpdump进程判断开始" >> tcpdump.log
for ip in $SERVERS_IP
do
echo "${ip}tcpdump进程是否杀掉............................" >> tcpdump.log
nohup ssh $USERNAME@$ip "ps -ef | grep tcpdump | grep -v grep" >> tcpdump.log 2> error.log &
sleep 1
done

echo "远程服务器tcpdump进程判断结束" >> tcpdump.log
}

case $1 in
start)
start
;;
stop)
stop
;;
download)
download
;;
test)
test
;;
*)
echo "参数错误"
;;
esac