Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to count HTTP requests in Ubuntu system". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Installation

The installation of tcpdump is quite annoying.

1. Download libpcap and tcpdump from the Internet

Http://www.tcpdump.org/

two。 Install the packages required for c compilation:

The code is as follows:

Apt-get install build-essential

3. The front of installing libpcap:

The code is as follows:

Apt-get install flex,apt-get install bison

4. Install libpcap.

You must have this library to use tcpdump.

The code is as follows:

Tar xvfz libpcap-1.2.1.tar.gz / / decompress

Run in the decompressed file directory

The code is as follows:

. / configure / / generate makefile file

Make / / to compile

Make install / / installation

The library files are installed in the directory / usr/lib by default, and the header files are installed in / usr/include by default

5. Install tcpdump

The code is as follows:

Tar xvfz tcpdump.4.2.1.tar.gz / / decompress

Run in the decompressed file directory

The code is as follows:

. / configure / / generate makefile file

Make / / to compile

The make install / / installation library files are installed in the directory / usr/lib by default, and the header files are installed in / usr/include by default

Test whether the installation is successful: enter tcpdump on the command line to display the network information!

6. Possible problems:

The code is as follows:

# tcpdump

# tcpdump: no suitable device found

Reason: root permission is required for network monitoring, so you can use it normally by switching to root user.

Count http requests with tcpdump

The statistical http requests mentioned here refer to the statistics of QPS (requests per second) and the url with the most visits in the top ten. Generally speaking, when doing such statistics, we often use the website visit log to make statistics. When we come to an unfamiliar server environment, we need to immediately count the top ten most visited url to initially determine whether there is an attack, but it is much easier to use tcpdump, because we do not need to care about where the site log is, do not need to consider whether the site log is open or not, directly use tcpdump to capture the current http package, and then further filter, we will get the statistics we want. This feature has been integrated into EZHTTP, and the following is the effect picture:

The statistical method is described below.

1. Capture a packet of 10 seconds.

The code is as follows:

Tcpdump-I eth0 tcp [20:2] = 0x4745 or tcp [20:2] = 0x504f-w / tmp/tcp.cap-s 5122 > & 1 &

Sleep 10

Kill `ps aux | grep tcpdump | grep-v grep | awk'{print $2}'`

This command indicates the monitoring network card eth0, captures tcp, and 21-22 bytes of characters are GE or PO, indicating packets that match GET or POST requests, and write to the / tmp/tcp.cap file.

2. At this point, we get the latest 10-second binary packet file, and our next step is to find out the url and Host of GET/POST through the strings command.

The code is as follows:

Strings / tmp/tcp.cap | grep-E "GET / | POST / | Host:" | grep-- no-group-separator-B1 "Host:" | grep-- no-group-separator-A1-E "GET / | POST /" | awk'{url=$2;getline;host=$2;printf ("% s\ n", host "" url)}'> url.txt "

This command is the key to this article, displaying all the printable characters of the binary file tcp.cap through strings, then filtering out the http request through grep and awk, and writing the spliced url (including the domain name + uri) into a file url.txt.

3. At this time, we got all the visits to the url in nearly 10 seconds, and the following statistics can be easily obtained, such as:

Statistics QPS:

The code is as follows:

((qps=$ (wc-l / tmp/url.txt | cut-d'- f 1) / 10))

Exclude the top 10 access to url for static file statistics:

The code is as follows:

Grep-v-I-E "\. (gif | png | jpg | jpeg | ico | js | swf | css)" / tmp/url.txt | sort | uniq-c | sort-nr | head-n 10

This is the end of the content of "how to count HTTP requests in the Ubuntu system". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.