python语言,不介绍了。我这里就是Python 2.7来模拟访问。主要是分析访问日志。看那个是想DDOS攻击的。还有就是看他们还的访问次数等。下面是python模拟访问的代码。
#coding:utf-8
import urllib2
import threading
def geturl():
url='http://192.168.1.103/'
rq=urllib2.Request(url)
rq.add_header("User-Agent","he he")
response=urllib2.urlopen(rq)
html=response.read()
print html
def doweb():
geturl()
for x in range(500):
t=threading.Thread(target=doweb)
t.start()
//额~直接访问的次数可以直接改500这个数字就是想多少次就多少次。
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
61.145.146.60 - - [15/Sep/2016:16:06:00 +0800] "GET / HTTP/1.1" 200 45
//访问日志表直接变成这个样子。
netstat -apt //这个命令显示tcp网络使用情况,
1、LISTENING状态 服务启动后首先处于侦听状态。
2、ESTABLISHED状态 ESTABLISHED的意思是建立连接。表示两台机器正在通信。
3、CLOSE_WAIT 对方主动关闭连接或者网络异常导致连接中(自己关了浏览器)
4、TIME_WAIT 我方主动调用close()断开连接,收到对方确认后状态变为TIME_WAIT
netstat -ant //显示tcp模式运行状况 配合 netstat -ant | greep 80
netstat -ant| grep ESTABLISHED netstat -antp //显示正在通讯IP
netstat -apt
tcp 0 0 121.40.76.153:80 61.145.146.60:6800 TIME_WAIT
tcp 0 0 121.40.76.153:43684 110.75.102.62:80 ESTABLISHED
tcp 0 0 121.40.76.153:80 61.145.146.60:6814 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6834 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6774 FIN_WAIT2
tcp 0 0 121.40.76.153:80 61.145.146.60:6796 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6808 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6804 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6752 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6786 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6750 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6818 TIME_WAIT
tcp 0 0 121.40.76.153:80 61.145.146.60:6762 TIME_WAIT
//由于都是静态页面直接TIME_WAIT
学习一个分析工具awk
//把文件逐行的读入,以空格为默认分隔符将每行切片,切开的部分再进行各种分析处理
//记住,是空格
cat access_log | awk '{print $1}' //会输出一堆ip,$1就是第一个,$2就是第二个自己试试吧
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
58.61.66.99
还有学习一个就是sort命令
//默认按ascii排序,常用来排序非数字
//-n 按数字形式排序
//-r 倒排序
sort -n xxx
sort -rn xxx
还有一个uniq命令
//去除排序过的文件中的重复行,因此uniq经常和sort合用,所有的重复行必须是相邻的。
//-c或--count 在每列旁边显示该行重复出现的次数
//-d或--repeated 仅显示重复出现的行列。
cat xxx | sort -n | uniq
cat xxx | sort -n | uniq -c
//这样结合基本知道了谁比较喜欢经常访问
cat access_log | awk '{print $1}' | sort -n | uniq -c
//下面是用python的分析方法。把访问日志下载下来。
python代码
file=open("access_log.txt",mode="r")
try:
#str_lines=file.readlines()
line=file.readline()
tj={}
while line:
line_sp=line.split(' ')
if len(line_sp)>3:
if(tj.has_key(line_sp[0])):
tj[line_sp[0]]=tj[line_sp[0]]+1
else:
tj[line_sp[0]]=1
line=file.readline()
print sorted(tj.iteritems(),key=lambda abc:abc[1],reverse=True)
except Exception,e:
print e
finally:
file.close()
[('61.145.146.60', 51), ('58.61.66.99', 11), ('61.145.144.91', 1), ('169.229.3.91', 1), ('60.253.201.24', 1), ('61.145.129.33', 1)]
结果出来了,访问最多的就是61.145.146.60,访问了51次