这是一个bash脚本,我有5个PCAP文件,我想对它们运行这些命令,然后在通过每个PCAP文件后,将新文件命名为flow1 flow2 flow3 flow4 flow5,我无法正确命名文件
新文件显示为仅1个文件的1个长字符串flow1 flow2 flow3 flow4 flow5
flow=(flow1 flow2 flow3 flow4 flow5)
dns=(dns1 dns2 dns3 dns4 dns5 dns6)
ntp=(ntp1 ntp2 ntp3 ntp4 ntp5 ntp6)
#creates a new directory based on the PCAP folder name
for file in *.pcap
do
argus -r *.pcap -w packet.argus &&
#Run argus to get the flow volumn (totalbytes) and the flow duration (seconds)
#ra -r packet.argus -s bytes dur > flow_vol_dur.csv
ra -r packet.argus -s bytes dur -u > "${flow[*]}.csv"
ra -r packet.argus -n -s bytes dur rate runtime pkts load loss > features.csv &&
#Run argus to get the source and destination ports, merge both columns together and count how many occurrences
#racluster -r packet.argus -n -s sport dport > ports.csv &&
ra -r packet.argus -n -s stime ltime sport dport - dst port 53 > "${dns[*]}.csv"
ra -r packet.argus -n -s stime ltime sport dport - dst port 123 > "${ntp[*]}.csv" &&
rm packet.argus
done
答案 0 :(得分:1)
在不完全知道argus和ra命令的作用的情况下,我怀疑这更接近您的需求:
#!/bin/bash
count=0
for file in *.pcap; do
((count++))
argus -r ${file} -w packet.argus
ra -r packet.argus -s bytes dur -u > flow${count}.csv
ra -r packet.argus -n -s bytes dur rate runtime pkts load loss > features.csv
ra -r packet.argus -n -s stime ltime sport dport - dst port 53 > dns${count}.csv
ra -r packet.argus -n -s stime ltime sport dport - dst port 123 > ntp${count}.csv
rm packet.argus
done