Subversion Repositories ALCASAR

Rev

Rev 2887 | Go to most recent revision | Details | Last modification | View Log

Rev Author Line No. Line
2770 rexy 1
#!/bin/bash
2
 
3
# alcasar-iot_capture.sh
4
# by Guillaume Gellusseau, Dorian Lemoine & REXY
5
# This script is distributed under the Gnu General Public License (GPL)
6
 
7
# Ce script lance une capture de flux réseau en fonction d'une adresse IP source ($1) 
8
# This script performs a network flow capture based on source ip address ($1) 
9
 
10
CONF_FILE="/usr/local/etc/alcasar.conf"
11
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`				# INTernal InterFace
12
 
13
function info
14
{
15
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
16
	if [[ -n $_PID ]]
17
	then
18
		echo "CaptureON"
19
	else
20
		echo "CaptureOFF"
21
	fi 
22
}
23
 
24
function kill
25
{
26
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
27
	sudo kill -2 $_PID
28
}
29
 
30
function launch
31
{
32
	tcpdump ether host $1 -i $INTIF -n -w /tmp/capture_$1.pcap
33
}
34
 
35
function flush
36
{
37
	sudo rm /tmp/capture_$1.pcap -f
38
}
39
 
40
 
41
while getopts "l k i f" option; do
42
 
43
	case "${option}" in
44
 
45
		l)
46
			launch $2
47
			;;
48
		k)
49
			kill $2
50
			;;
51
		i)
52
			info $2
53
			;;
54
		f)
55
			flush $2
56
			;;
57
	esac
58
done
59
 
60
#End