Subversion Repositories ALCASAR

Rev

Rev 2888 | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2888 Rev 2919
1 
#!/bin/bash
 1 
#!/bin/bash
2 
 
 2 
 
3 
# alcasar-iot_capture.sh
 3 
# alcasar-iot_capture.sh
4 
# by Guillaume Gellusseau, Dorian Lemoine & REXY
 4 
# by Guillaume Gellusseau, Dorian Lemoine & REXY
5 
# This script is distributed under the Gnu General Public License (GPL)
 5 
# This script is distributed under the Gnu General Public License (GPL)
6 
 
 6 
 
7 
# Ce script lance une capture de flux réseau en fonction d'une adresse IP source ($1)
7 
# Ce script lance une capture de flux réseau en fonction d'une adresse IP source ($1)
8 
# This script performs a network flow capture based on source ip address ($1)
8 
# This script performs a network flow capture based on source ip address ($1)
9 
 
 9 
 
10 
CONF_FILE="/usr/local/etc/alcasar.conf"
 10 
CONF_FILE="/usr/local/etc/alcasar.conf"
11 
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`
 11 
INTIF=`grep ^INTIF= $CONF_FILE|cut -d"=" -f2`
12 
PRIVATE_IP=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2 | cut -d'/' -f1)
 12 
PRIVATE_IP=$(grep ^PRIVATE_IP= $CONF_FILE | cut -d'=' -f2 | cut -d'/' -f1)
13 
 
 13 
 
14 
function info
 14 
function info
15 
{
 15 
{
16 
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
 16 
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
17 
	if [[ -n $_PID ]]
 17 
	if [[ -n $_PID ]]
18 
	then
 18 
	then
19 
		echo "CaptureON"
 19 
		echo "CaptureON"
20 
	else
 20 
	else
21 
		echo "CaptureOFF"
 21 
		echo "CaptureOFF"
22 
	fi
22 
	fi
23 
}
 23 
}
24 
 
 24 
 
25 
function kill
 25 
function kill
26 
{
 26 
{
27 
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
 27 
	_PID=$(ps -ef | grep tcpdump | grep $1 | awk {'print $2'})
28 
	sudo kill -2 $_PID
 28 
	sudo kill -2 $_PID
29 
}
 29 
}
30 
 
 30 
 
31 
function launch
 31 
function launch
32 
{
 32 
{
33 
# capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS
 33 
# capture only one @MAC, on $INTIF, max filesize=10M, without flows to PRIVATE_IP except DNS
34 
	tcpdump "ether host $1 && (host $PRIVATE_IP && port 53) || host not $PRIVATE_IP" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
 34 
	sudo tcpdump "ether host $1 and (host not $PRIVATE_IP or port 53)" -i $INTIF -n -C 10 -W 1 -w /var/Save/iot_captures/$1.pcap
35 
}
 35 
}
36 
 
 36 
 
37 
function flush
 37 
function flush
38 
{
 38 
{
39 
	sudo rm /var/Save/iot_captures/$1.pcap -f
 39 
	sudo rm /var/Save/iot_captures/$1.pcap -f
40 
}
 40 
}
41 
 
 41 
 
42 
 
 42 
 
43 
while getopts "l k i f" option; do
 43 
while getopts "l k i f" option; do
44 
 
 44 
 
45 
	case "${option}" in
 45 
	case "${option}" in
46 
 
 46 
 
47 
		l)
 47 
		l)
48 
			launch $2
 48 
			launch $2
49 
			;;
 49 
			;;
50 
		k)
 50 
		k)
51 
			kill $2
 51 
			kill $2
52 
			;;
 52 
			;;
53 
		i)
 53 
		i)
54 
			info $2
 54 
			info $2
55 
			;;
 55 
			;;
56 
		f)
 56 
		f)
57 
			flush $2
 57 
			flush $2
58 
			;;
 58 
			;;
59 
	esac
 59 
	esac
60 
done
 60 
done
61 
 
 61 
 
62 
#End
 62 
#End
63 
 
 63 
 
64 
 
 64 
 
65 
Generated by GNU Enscript 1.6.6.
 65 
Generated by GNU Enscript 1.6.6.
66 
 
 66 
 
67 
 
 67 
 
68 
 
 68