Subversion Repositories ALCASAR

Rev

Rev 2887 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2887 Rev 2888
Line 6... Line 6...
6
 
6
 
7
# Ce script lance une capture de flux réseau en fonction d'une adresse IP source ($1) 
7
# Ce script lance une capture de flux réseau en fonction d'une adresse IP source ($1) 
8
# This script performs a network flow capture based on source ip address ($1) 
8
# This script performs a network flow capture based on source ip address ($1) 
9
 
9
 
10
CONF_FILE="/usr/local/etc/alcasar.conf"
10
CONF_FILE="/usr/local/etc/alcasar.conf"
11
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`				# INTernal InterFace
11
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`
-
 
12
PRIVATE_IP=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2 | cut -d'/' -f1)
12
 
13
 
13
function info
14
function info
14
{
15
{
15
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
16
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
16
	if [[ -n $_PID ]]
17
	if [[ -n $_PID ]]
Line 27... Line 28...
27
	sudo kill -2 $_PID
28
	sudo kill -2 $_PID
28
}
29
}
29
 
30
 
30
function launch
31
function launch
31
{
32
{
-
 
33
# capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS
32
	tcpdump ether host $1 -i $INTIF -n -w /var/Save/iot_captures/$1.pcap
34
	tcpdump "ether host $1 && (host $PRIVATE_IP && port 53) || host not $PRIVATE_IP" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
33
}
35
}
34
 
36
 
35
function flush
37
function flush
36
{
38
{
37
	sudo rm /var/Save/iot_captures/$1.pcap -f
39
	sudo rm /var/Save/iot_captures/$1.pcap -f