WebSVN – ALCASAR – Path Comparison – / – /scripts/alcasar-iot_capture.sh Rev 2887 and /scripts/alcasar-iot

Compare Revisions

 /scripts/alcasar-iot_capture.sh
 ,7 → 8,8
 # This script performs a network flow capture based on source ip address ($1)
 CONF_FILE="/usr/local/etc/alcasar.conf"
-INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`                           # INTernal InterFace
+INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`
+PRIVATE_IP=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2 | cut -d'/' -f1)
 function info
 {
 ,7 → 30,8
 function launch
 {
-        tcpdump ether host $1 -i $INTIF -n -w /var/Save/iot_captures/$1.pcap
+# capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS
+        tcpdump "ether host $1 && (host $PRIVATE_IP && port 53) || host not $PRIVATE_IP" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
 }
 function flush