Last active
March 15, 2021 11:14
-
-
Save ccwoolf/864416e95af3aeec7e16d8e3f7f49f5a to your computer and use it in GitHub Desktop.
Captures all packets (except port 22) on all interfaces for a given timeout
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| if [ "$1" = "--help" ] || [ "$1" = "-h" ]; then | |
| echo "Capture packets across all network interfaces for the given duration (default 1m)." | |
| echo "" | |
| echo "USAGE:" | |
| echo " $0 [DURATION]" | |
| echo "" | |
| echo "Captured packets can be found in a tar.gz archive with a pcaps_ prefix, followed by the date and time of the capture." | |
| echo "Specify the optional duration in timeout(1)'s duration syntax." | |
| echo "In most systems this is a floating point number with an optional suffix: 's' for seconds (the default), 'm' for minutes, 'h' for hours or 'd' for days." | |
| exit 0 | |
| fi | |
| interfaces="$(ip link show | grep -Po '^\d+: [\w\d@-]+' | cut -d' ' -f2)" | |
| date="$(date +"%Y-%m-%d_%H-%M")" | |
| ARCHIVE_NAME="pcaps_$date" | |
| CAP_DIR="$PWD/$ARCHIVE_NAME" | |
| TIMEOUT="${1-1m}" | |
| TCPDUMP_BIN="tcpdump" | |
| FILTER="port not 22" | |
| mkdir -pv "$CAP_DIR" | |
| for interface in $interfaces; do | |
| echo "Starting dump for $interface" | |
| timeout "$TIMEOUT" "$TCPDUMP_BIN" -i "$interface" -nn -w "$CAP_DIR/${interface}.pcap" "$FILTER" >"$CAP_DIR/${interface}.log" 2>&1 & | |
| done | |
| echo "Waiting $TIMEOUT for dumps to complete" | |
| wait | |
| tar cvf "$ARCHIVE_NAME.tar" "$ARCHIVE_NAME" | |
| gzip -9v "$ARCHIVE_NAME.tar" | |
| rm -rf "$ARCHIVE_NAME" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment