Subversion Repositories ALCASAR

Compare Revisions

Ignore whitespace Rev 2918 → Rev 2919

3,6 → 3,7
********** ALCASAR CHANGELOG **********
- add an other filter when importing the blacklist to remove line beginning with a dot
- improve tcpdump filter when IoT live captures
- Fix a display bug in ACC activity page
- When blacklisted, display the categories even if the domain name contains a private prefix (ie
94,8 → 94,7
# cleaning file and split it ("domains" in $FILE_tmp & "IP" in $FILE_ip_tmp)
function clean_split (){
$SED '/^#/d' $FILE_tmp # remove commented lines
$SED '/^\./d' $FILE_tmp # remove lines beginning with a dot
$SED '/^[.#]/d' $FILE_tmp # remove commented lines and lines beginning with a dot
$SED '/^\s*$/d' $FILE_tmp # remove empty lines
$SED '/[äâëêïîöôüû@,]/d' $FILE_tmp # remove line with "chelou" characters
# extract ip addresses and ip networks for iptables.
31,7 → 31,7
function launch
# capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS
tcpdump "ether host $1 && (host $PRIVATE_IP && port 53) || host not $PRIVATE_IP" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
sudo tcpdump "ether host $1 and (host not $PRIVATE_IP or port 53)" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
function flush