我正在编写一个python脚本来计算接口的总互联网流量(按从/到IP&端口的分组)。已使用IPTraf,因为它提供了详细的信息。但是,我正在努力了解生成的日志,如下所示。已经审查过Iptraf的人,这不是很有帮助。 Internet Ip已被屏蔽为X.X.X.X。在下面的日志中。
Sat Nov 3 02:30:23 2018; TCP; eth0; 52 bytes; from X.X.X.X:3000 to 192.168.20.241:46477; FIN sent; 25 packets, 1892 bytes, avg flow rate 1.67 kbits/s
Sat Nov 3 02:30:31 2018; TCP; eth0; 52 bytes; from 192.168.20.241:59759 to X.X.X.X:2003; FIN sent; 27 packets, 54970 bytes, avg flow rate 7.57 kbits/s
Sat Nov 3 02:30:32 2018; TCP; eth0; 52 bytes; from X.X.X.X:2003 to 192.168.20.241:59759; FIN sent; 44 packets, 2312 bytes, avg flow rate 0.31 kbits/s
Sat Nov 3 02:30:38 2018; TCP; eth0; 52 bytes; from 192.168.20.241:46477 to X.X.X.X:3000; FIN sent; 19 packets, 25994 bytes, avg flow rate 8.62 kbits/s
例如,在上面的数据中,所有行均显示52个字节-这是否已在FIN发送后显示的字节中说明?还是应该添加它以达到总数据使用量?
根据以下日志条目传输多少数据?是104个字节还是152个字节?
Sat Nov 3 02:28:34 2018; TCP; eth0; 46 bytes; from X.X.X.X:3001 to 192.168.20.241:50845; Connection reset; 1 packets, 46 bytes, avg flow rate 0.00 kbits/s; opposite direction 1 packets, 60 bytes; avg flow rate 0.00 kbits/s