php-cli下执行 windows下的运维工具,改成linux也很方便 用PHP获取IP与连接数,并获取IP所在地址,主要针对80端口,其他端口也能看到 开启反解ip可判断是否是蜘蛛。
<?php //获取连接数最高的ip的详细信息 $top = 10; //获取ip的详细信息 $get_location = true; //反解ip,用于获取蜘蛛,开启后速度较慢 $reverse = FALSE; //$reverse = TRUE; ini_set('extension_dir',dirname(__FILE__)); ini_set('enable_dl',TRUE); if(!dl("php_curl.dll")){ exit('Can\'t load curl.'); } $content = `netstat -an -p TCP`; $regex = "/\s+TCP\s+\d+\.\d+\.\d+\.\d+:(\d+)\s+(\d+\.\d+\.\d+\.\d+):\d+\s+/sm"; $table = array(); //1、连接数/2、本机ip/3、对方ip /** * 端口/ip是唯一的 */ if(preg_match_all($regex,$content,$result)){ foreach($result[1] as $i=>$port){ if(isset($table[$port.':'.$result[2][$i]])) $table[$port.':'.$result[2][$i]]++; else $table[$port.':'.$result[2][$i]] = 1; } $curl = curl_init(); curl_setopt($curl,CURLOPT_TIMEOUT,5); curl_setopt($curl, CURLOPT_HEADER, 0); curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE); $i = 0; $count = 0; if(asort($table)) foreach($table as $key=>$times){ $ip = substr(strstr($key,':'),1); $port = substr($key,0,strpos($key,':')); $i++; echo "\r\n连接数:",$times,' - ',$key; if(!$get_location || $i<count($table)-$top){ continue; } if($port=='80') $count += $times; if($ip!=='127.0.0.1' || $ip!=='0.0.0.0'){ $host = $reverse ? gethostbyaddr($ip) : $ip; if($host==$ip){ curl_setopt($curl,CURLOPT_URL, "http://int.dpool.sina.com.cn/iplookup/iplookup.php?format=txt&ip=".$ip); $location = curl_exec($curl); echo "(".preg_replace('/(\s|\d|\.)/','',$location).")"; } else { echo "(".$host.")"; } } } echo "\r\n",'All(80):',$count; }