csereno

Determine interface

tcpdump -D

Capture and Display Top Conversations

tcpdump -i eth1 -tnn -c 20000 | awk -F " " '{print $2" "$3" "$4}' | sort | uniq -c | sort -nr | more

Read a file

csereno

# Created by csereno
# 1. Copy the file into a folder on your PC
# 2. Add the capture files to the folder
# 3. Run the script
#
$capname = Read-Host -Prompt "What is the new file name?"
 $i=1
 dir *.*cap* | %{Rename-Item $_ -NewName ($capname + '_{0:D5}{1}' -f $i++,($_.Extension -replace '[^a-zA-Z.]',''))}
 dir *.*cap* | Rename-Item -NewName {$_.BaseName+'_'+$_.LastWriteTime.ToString('yyyyMMddHHmmss')+($_.Extension -replace '[^a-zA-Z.]','')}

csereno

# Created by csereno
# Requires Wireshark's editcap to be installed
# 1. CHANGE PATH TO CONVERT DIRECTORY (replace the $$$'s)
# 2. Add the capture files to the 'Convert' folder
# 3. Run the script
#
for %%f in (C:\$$$\Convert\*cap*) do ("C:\Program Files\Wireshark\editcap" -F libpcap %%f %%f.pcap)

csereno

# Created by csereno
# 3/28/2018
# PowerShell script to delete captures older than 14 days, archive current ones, and start a new one using WinDump.
# Works with PowerShell 2016 and requires WinDump.exe
# Note: Changes will be needed to work with different environments.

$ArchivePath = "C:\Temp\CaptureArchive"
$CapturePath = "C:\Temp\Captures"
$Daysback = "-14"
$CurrentDate = Get-Date

csereno

#FUNCTIONS
function ctime() {
curl -x proxy.address.com:80 -so /dev/null -w "\
    namelookup:  %{time_namelookup}s\n\
       connect:  %{time_connect}s\n\
    appconnect:  %{time_appconnect}s\n\
   pretransfer:  %{time_pretransfer}s\n\
      redirect:  %{time_redirect}s\n\
 starttransfer:  %{time_starttransfer}s\n\
 -------------------------\n\

csereno

<#
Script to move photos from Plex upload to folders organized by date
File modified for multiple folders by csereno as taken from: https://stackoverflow.com/questions/21103613/powershell-script-to-move-files-into-year-month-folders-based-on-creation-timest

Set Variables of Source folder(s) and Destination folder
Assign variable of files
For each file assign the Directory variable the information for file creation year and month
    if the year and month folder do not exist, then create them from file creation information
Move file to sub-folder of year and month from file creation information passed into Directory variable
#>

csereno

{
      "agent": {
        "metrics_collection_interval": 10,
        "logfile": "/opt/aws/amazon-cloudwatch-agent/logs/amazon-cloudwatch-agent.log"
      },
      "metrics": {
        "metrics_collected": {
          "cpu": {
            "resources": [
              "*"

csereno

@echo off
:loop
if "%~1" NEQ "" (
   NSLOOKUP %~1 | findstr /V "Server: 8.8.8.8"
   SHIFT
   goto :loop
)	

csereno

@ECHO OFF
CD C:\Temp\WireSharkCaptures\
DEL *.* /F /Q
"C:\Program Files\Wireshark\dumpcap.exe -i1 -n -t -b files:400 -b filesize:40000 -f "not port 3389" -w "C:\Temp\WireSharkCaptures\filename.pcap"

csereno

Reference: https://docs.aws.amazon.com/cli/latest/reference/cloudwatch/put-metric-alarm.html

===HIGH CPU===
aws cloudwatch put-metric-alarm --alarm-name "High CPU Util on INSTANCE" --alarm-description "Alarm when CPU exceeds 90 percent" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 90 --comparison-operator GreaterThanThreshold  --dimensions "Name=InstanceId,Value=INSTANCE" --evaluation-periods 2 --alarm-actions "arn:aws:sns:REGION:ACCOUNT:SNSTOPIC" --unit Percent

===HIGH MEM===
aws cloudwatch put-metric-alarm --alarm-name "High Memory Util on INSTANCE" --alarm-description "Alarm when Memory exceeds 90 percent" --metric-name mem_used_percent --namespace AWS/EC2 --statistic Average --period 300 --threshold 90 --comparison-operator GreaterThanThreshold  --dimensions "Name=InstanceId,Value=INSTANCEID" --evaluation-periods 2 --alarm-actions "arn:aws:sns:REGION:ACCOUNT:SNSTOPIC" --unit Percent

===StatusCheckFailed===
aws cloudwatch put-metric-alarm --alarm-name "EC