awk: hping:打印icmp发起/接收之间的差异
我在OpenBSD上有以下来自hping的输出:
# hping --icmp-ts www.openbsd.org
HPING www.openbsd.org (re0 129.128.5.194): icmp mode set, 28 headers + 0 data bytes
len=46 ip=129.128.5.194 ttl=237 id=23807 icmp_seq=0 rtt=155.3 ms
ICMP timestamp: Originate=22085077 Receive=22085171 Transmit=22085171
ICMP timestamp RTT tsrtt=156
len=46 ip=129.128.5.194 ttl=237 id=4150 icmp_seq=1 rtt=154.8 ms
ICMP timestamp: Originate=22086078 Receive=22086171 Transmit=22086171
ICMP timestamp RTT tsrtt=155
^C
--- www.openbsd.org hping statistic ---
2 packets tramitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 154.8/155.0/155.3 ms我需要一些额外的算术to troubleshoot asymmetric routes,就像a patch in some bugreport中提供的那样,但我不想重新编译软件。
TL;DR,这两个新字段被计算为Receive − Originate和Originate + tsrtt − Transmit,结果如下所示(不必跨越4行)。
len=46 ip=129.128.5.194 ttl=237 id=23807 icmp_seq=0 rtt=155.3 ms
ICMP timestamp: Originate=22085077 Receive=22085171 Transmit=22085171
ICMP timestamp RTT tsrtt=156 src->dst=94 dst->src=62如何使用awk实现这一点?(我也可以使用任何其他*BSD工具。)
回答 2
Stack Overflow用户
发布于 2013-11-24 15:13:01
使用perl,您可以这样做:
#!/usr/bin/perl -n
#
if (/Originate=(\d+) Receive=(\d+) Transmit=(\d+)/) {
($o, $r, $t) = ($1, $2, $3);
} elsif (/tsrtt=(\d+)/) {
print $r - $o, " ", $o + $1 - $t, "\n";
}如果你调用这个icmpstats.pl,你可以使用as hping | perl icmpstats.pl。
Stack Overflow用户
发布于 2013-11-25 15:22:12
对janos的解决方案进行了修改,以提供可用的代码片段。
请注意,当重定向到管道时,hping的输出变得完全缓冲,这在解决方案的可移植性方面非常令人惊讶。参见https://unix.stackexchange.com/questions/25372/turn-off-buffering-in-pipe和https://unix.stackexchange.com/questions/102403/turn-off-buffering-for-hping-in-openbsd。
在安装expect软件包后,以下命令可在OpenBSD上运行:
unbuffer hping --icmp-ts ntp1.yycix.ca \
| perl -ne 'if (/icmp_seq=(\d+) rtt=(\d+\.\d)/) {($s, $p) = ($1, $2);} \
if (/ate=(\d+) Receive=(\d+) Transmit=(\d+)/) {($o, $r, $t) = ($1, $2, $3);} \
if (/tsrtt=(\d+)/) { \
print $s, "\t", $p, "\t", $1, " = ", $r - $o, " + ", $o + $1 - $t, "\n"; }'由于OS X的expect不附带unbuffer,因此在OS X上需要安装以下程序
script -q /dev/null hping3 --icmp-ts ntp1.yycix.ca \
| perl -ne 'if (/icmp_seq=(\d+) rtt=(\d+\.\d)/) {($s, $p) = ($1, $2);} \
if (/ate=(\d+) Receive=(\d+) Transmit=(\d+)/) {($o, $r, $t) = ($1, $2, $3);} \
if (/tsrtt=(\d+)/) { \
print $s, "\t", $p, "\t", $1, " = ", $r - $o, " + ", $o + $1 - $t, "\r\n"; }'这是脚本的示例输出,它显示前向路径拥塞,而返回路径很可能不拥塞:
0 145.5 146 = 75 + 71
1 142.7 142 = 72 + 70
2 140.7 140 = 70 + 70
3 146.7 146 = 76 + 70
4 148.3 148 = 77 + 71
5 157.5 157 = 87 + 70
6 167.1 167 = 96 + 71
7 166.3 166 = 95 + 71
8 167.7 167 = 97 + 70
9 159.0 159 = 88 + 71
10 156.7 156 = 86 + 70
11 154.9 155 = 84 + 71
12 151.9 152 = 81 + 71
13 157.3 157 = 86 + 71
14 155.0 155 = 84 + 71
15 157.7 158 = 87 + 71
16 156.6 156 = 86 + 70
17 157.8 158 = 87 + 71
18 161.9 162 = 91 + 71
19 160.1 160 = 89 + 71
20 166.3 166 = 95 + 71
21 163.9 164 = 93 + 71
22 172.0 172 = 101 + 71
23 177.9 178 = 107 + 71
24 177.0 177 = 106 + 71
25 172.1 172 = 101 + 71
26 167.4 167 = 97 + 70
27 167.1 167 = 96 + 71
28 161.0 161 = 90 + 71
29 150.5 150 = 80 + 70
30 155.6 155 = 85 + 70
31 162.0 162 = 91 + 71
32 154.3 154 = 84 + 70
请注意,如果时钟不同步,那么您将变为负值,尽管如此,这仍然可以很好地指示哪一端正在经历拥塞。
下面的示例是通过相同的路径;请注意一个值仍然随机上下移动,而另一个值单调变化。
0 165.9 166 = -142113 + 142279
1 160.2 160 = -142118 + 142278
2 155.2 155 = -142122 + 142277
3 156.5 156 = -142121 + 142277
4 164.7 165 = -142112 + 142277
5 164.4 164 = -142111 + 142275
6 160.9 161 = -142114 + 142275
7 158.1 158 = -142117 + 142275
8 155.6 156 = -142119 + 142275
9 143.0 143 = -142131 + 142274
10 153.2 153 = -142120 + 142273
11 157.1 157 = -142115 + 142272
12 158.3 158 = -142114 + 142272
13 148.6 149 = -142123 + 142272
14 144.3 144 = -142127 + 142271
15 145.3 145 = -142125 + 142270
16 141.9 142 = -142128 + 142270https://stackoverflow.com/questions/20172028
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号